Microsoft to expand security research teams

Over the next six months, the software maker plans to establish security research and response teams in Europe and Asia.

Joris Evers
Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
2 min read
SAN FRANCISCO--Microsoft is working to expand its security response and research operations beyond their current base in Redmond, Wash.

Over the next six months, the software giant plans to establish teams in Europe and Asia for round-the-clock coverage of security incidents and to support customers of its security products, Vincent Gullotto, general manager of security research and response at Microsoft, said in an interview at the RSA Conference here Wednesday.

"Clearly, we have to build a global organization," Gullotto said. "We will develop sites to cover the Americas, EMEA (Europe, the Middle East and Africa) and Asia, for us to be protecting customers and providing support globally for all the people that use the various security products that we develop."

The expansion is meant to make Microsoft, a security industry newcomer, more competitive. The company started selling its Windows Live OneCare consumer antivirus product last year, and its Forefront Client Security software for businesses is set to ship in the second quarter of this year.

Gullotto has already started expanding his team outside the U.S. He recently hired Katrin Tocheva, a noted antivirus researcher who previously worked at F-Secure, to head up European operations. Gullotto himself is an antivirus industry veteran, with previous stints at Symantec and McAfee. Microsoft also hired McAfee veteran Jimmy Kuo.

At the same time that Microsoft beefs up its malicious software research team, it will expand the team that deals with vulnerabilities in Microsoft software, said Mark Griesi, a security program manager at the company. The goal is to be able to provide better response by operating from multiple time zones, he said.

Microsoft has not disclosed the size of its current research and response team, nor how many jobs it is adding. "From the team that we have established today, you will see a significant uptick," Gullotto said. There is plenty of interest in joining Microsoft, and the increase will depend on factors such as the number of threats people face, he said.

The security research and response team at Microsoft, as at traditional antivirus providers, investigates and responds to threats. A primary response is developing signatures--the "fingerprints" of known threats--that are then sent to customers so their machines can be protected against the latest risks. Microsoft first gained antivirus expertise in 2003 when it bought GeCad Software.

In a sign that Microsoft could use more antivirus expertise, the company's Windows Live OneCare recently failed an independent test. In the test, Virus Bulletin, backed by a team of U.K.-based researchers, pitted 15 antivirus software packages against a series of viruses. OneCare didn't catch them all.

"This is a great opportunity for us to improve the processes we have internally," Gullotto said. "We missed one virus in their collection. While missing one virus isn't huge, it is not a good thing either. It can put the thinking into the mind of folks that we can't keep them protected."