Microsoft to expand security research teams

SAN FRANCISCO--Microsoft is working to expand its security response and research operations beyond their current base in Redmond, Wash.

Over the next six months, the software giant plans to establish teams in Europe and Asia for round-the-clock coverage of security incidents and to support customers of its security products, Vincent Gullotto, general manager of security research and response at Microsoft, said in an interview at the RSA Conference here Wednesday.

"Clearly, we have to build a global organization," Gullotto said. "We will develop sites to cover the Americas, EMEA (Europe, the Middle East and Africa) and Asia, for us to be protecting customers and providing support globally for all the people that use the various security products that we develop."

special coverage
Unlocking security at RSA 2007

All the latest from the security confab.

The expansion is meant to make Microsoft, a security industry newcomer, more competitive. The company started selling its Windows Live OneCare consumer antivirus product last year, and its Forefront Client Security software for businesses is set to ship in the second quarter of this year.

Gullotto has already started expanding his team outside the U.S. He recently hired Katrin Tocheva, a noted antivirus researcher who previously worked at F-Secure, to head up European operations. Gullotto himself is an antivirus industry veteran, with previous stints at Symantec and McAfee. Microsoft also hired McAfee veteran Jimmy Kuo.

At the same time that Microsoft beefs up its malicious software research team, it will expand the team that deals with vulnerabilities in Microsoft software, said Mark Griesi, a security program manager at the company. The goal is to be able to provide better response by operating from multiple time zones, he said.

Microsoft has not disclosed the size of its current research and response team, nor how many jobs it is adding. "From the team that we have established today, you will see a significant uptick," Gullotto said. There is plenty of interest in joining Microsoft, and the increase will depend on factors such as the number of threats people face, he said.

The security research and response team at Microsoft, as at traditional antivirus providers, investigates and responds to threats. A primary response is developing signatures--the "fingerprints" of known threats--that are then sent to customers so their machines can be protected against the latest risks. Microsoft first gained antivirus expertise in 2003 when it bought GeCad Software.

In a sign that Microsoft could use more antivirus expertise, the company's Windows Live OneCare recently failed an independent test. In the test, Virus Bulletin, backed by a team of U.K.-based researchers, pitted 15 antivirus software packages against a series of viruses. OneCare didn't catch them all.

"This is a great opportunity for us to improve the processes we have internally," Gullotto said. "We missed one virus in their collection. While missing one virus isn't huge, it is not a good thing either. It can put the thinking into the mind of folks that we can't keep them protected."

[wbenton]

Microsoft doesn't think missing one is big?

Microsoft doesn't think missing 1 out of 15 is big?

There are currently 270,877 DOS/Windows related known viruses out there. At a 1:15 miss rate, that would mean that Microsoft could possibly miss up to 18,058 viruses.

Nah... I guess that's not big at all... I mean who knows better than Microsoft anyway?

Walt

[Schratboy]

Microsoft..."We are insecurity!"

It's even worse than that.

30,000+ critical vulnerabilities and exposures
100,000 spyware variants
10,000,000+ Web sites of questionable content
100,000+ ports

Microsoft's effort to create a product for every known issue is like bumming a smoke from the devil. "You need a light, too? Step right this way. I've all fire you'll ever need...."