Speaking at the RSA Conference 2003 this week, Mike Nash, Microsoft corporate vice president of the Secure Business Unit, announced tools and technologies the company plans to release during the next 12 months. Microsoft designed the tools and technologies to address four key areas of concern expressed by customers: simpler and centralized patch management, information protection, secure development tools and Web services, and secure network access.
Nash said Microsoft plans to release Software Update Services (SUS) 2.0, which will include support for a broader set of products. The company will also release Systems Management Server (SMS) 2003 this year, which will automatically install patches during scheduled downtime. The company will also establish an automatic update service for security patches and other critical updates similar to Microsoft's Windows Update and Automatic Update. Nash said Microsoft will reduce the number of patch installer technologies, introduce new configuration wizards, and release Microsoft Baseline Security Analyzer (MBSA) 1.2 later this year.
The company's new Rights Management Services (RMS) will help protect information. For example, RMS lets you assign persistent rights to a document or email message to help control how it's forwarded, printed, or edited. Microsoft said companies are now beginning beta deployments of RMS with Microsoft Office 2003. In addition, the company is enhancing Microsoft Exchange Server 2003 to provide APIs so that antivirus software vendors can better integrate protection systems, and there are also newly enhanced virus-scanning capabilities slated for Word 2003, which will be released later this year. Microsoft also said they are working with antivirus software vendors to provide a new Windows File System Filter Manager that will let vendors plug-in mini file system filter drivers to enhance performance and provide greater resistance to attacks.
Nash said the company is working to drive adoption of Windows Server 2003's Internet Authentication Service (IAS), which works with Storage Area Networks (SAN).
During the week of April 20, Microsoft will release Visual Studio .NET 2003 and .NET Framework 1.1. The technologies will allow a more granular control over Web security and enable more secure deployment of client applications over the Internet. Nash said the company will release a guide in the third quarter of this year that will provide help with best practices that range from development of applications and service through deployment phases.