Security Watch | Matt Hines » Microsoft ships security assessment tool

December 18, 2007 | Comments: (0)

Microsoft ships security assessment tool

TAGS: Security

Microsoft delivered a new version of its Microsoft Security Assessment Tool (MSAT) on Tuesday, launching version 3.5 of the free diagnostic program that is aimed at helping customers find potential IT security risks.

Available for download at no charge here, the application is specifically aimed at helping SMB users discover the types of problems that larger companies can find via the work of their dedicated IT staffers and external consultants.

"Localized" (is that a real word?) in 15 languages, the latest iteration of MSAT promises expanded tests for assessing security threats, updated best practices, and an all new Infrastructure Optimization Security Assessment feature.

Other additions to the program include improved graphics and reporting capabilities, as well as advice for programmers seeking to improve the security of their applications development methodology (hello SDLC!).

The release marks the first update to the program since Microsoft introduced version 2.0 in 2006. The initial iteration of the application debuted in 2004 under the name Microsoft Security Risk Self-Assessment Tool (MSRSAT).

According to Redmond, "security issues have evolved since 2004 so additional questions and answers were needed to ensure you had a comprehensive toolset to become more aware of the evolving security threat landscape that could impact your organization."

The tool promises to employ "a holistic approach to measuring your security posture" by addressing issues related to people, process, and technology. Far out.

Findings, we are told, are "coupled with prescriptive guidance and recommended mitigation efforts," which include links to additional Microsoft security resources (and product spec sheets?).

There are three assessments that the company said the MSAT is particularly geared for:

-Business risk profile
-Defense-in-depth
-Mid-market security core infrastructure operations

Microsoft promises that the questions and answers included in the survey were derived from widely-accepted industry practices, and based on standards such as ISO 17799 and NIST-800.x.

After completing the questionnaire, participants are presented with their results and their perceived security standing, and then offered the chance to compare their answers to other people who have used the tool.

Microsoft is asking people who use MSAT to share their results for the purpose of giving others a comparative basis on which to judge their own performances.

The company promises total anonymity for those who choose to do so.
Some security cynics will always question Microsoft's mores -- and of course, I'm sure that the powers that be in Redmond hope that those people who decide to fill out the survey also decide to buy some of their shiny new security products -- but I say, good on ye Microsoft, regardless.

Who said that nothing in life is free?

People tend to prattle on about all the security problems Microsoft has created with the vulnerabilities in its products, but at least they're giving away something useful for nothing to help people understand where they're at -- a position that many small businesses can't afford to hire outsiders to help them determine.

Of course, they must do something else with all that data…

Posted by Matt Hines on December 18, 2007 01:38 PM

RATE THIS ARTICLE: