Wednesday, December 16, 2009

Microsoft Security Intelligence Report (SIRv7

Microsoft Security Intelligence Report (SIRv7) was released on November 2. It’s the largest security report that Microsoft has ever published -- with 232 pages on the latest trends and data points you need to better understand what is happening in the threat landscape today.

For those of you who aren’t familiar with the SIR, the report provides insights into the threat landscape from multiple vantage points so that you receive a well-rounded view of how attackers are behaving on the Internet. For example, on page 41 you’ll find a malware infection rate “heat map” that illustrates infection rates around the world followed by deep dives into malware trends in 19 countries -- very helpful information if your organization does business in different parts of the world. Later in the report there is a graph that shows infection-rate trends for the different operating systems and service packs over the past two years. If you are an IT pro looking for data to help make the case to move to a newer, more secure OS or simply the newest service pack, the data in SIRv7 may be able to help.

The section in the SIR on industry-wide vulnerability disclosure trends to be very interesting.

On page 149 you’ll see that the vast majority of vulnerability disclosures since 2004 have been related to applications. This is a good reminder for all IT departments to maintain a strategy to keep all software up to date, not just the OS or the browser.

You can get the full report or the 19-page Key Findings Summary in ten languages at, as well as video overviews if you aren’t in the mood to read.