Cybersecurity questions for today

Transcription

1

2 Cybersecurity questions for today

3

4

5

6 Microsoft and Cybersecurity?

7 In the news

8

9 OUR SECURITY POSTURE PROTECT - DETECT - RESPOND PROTECT Today s cloud-first, mobile-first world demands the highest level of identity and data security in order to keep your business protected OUR SECURITY POSTURE DETECT Don t wait 200 days to discover you ve been breached. Invest in the tools and services that enable you to detect attacks faster RESPOND Establish a holistic, multidimensional approach to response

10 Cyber growing threats demand a coordinated response Protecting our customers, our company, and our world Sharing broadly with the Microsoft Security Response Center (MSRC) and the Microsoft Malware Protection Center (MMPC)

11 Industry leading capabilities Visibility Context Experience Expertise VISIBILITY CONTEXT EXPERIENCE EXPERTISE Malware largest anti-virus and antimalware service Clients Windows Updates, Error Reports Outlook.com, Office 365 Web content Bing, Azure AD Cloud platform Azure IaaS and PaaS, Azure Security Center Trillions of URLs indexed Hundreds of Billions of authentications, monthly s analyzed Billions of daily web pages scans, Windows devices reporting Hundreds of Millions of reputation look ups Millions of daily suspicious files detonations 1M+ Corporate Machines protected by enterprise IT security Multi-platform cloud-first hybrid enterprise Decades of experience as a global enterprise Runs on multi-tenant Azure environment, same as you Development Security established Security Development Lifecycle (SDL) - ISO/IEC Operational Security for Hyper-scale cloud services Combatting Cybercrime in the cloud & partnering with law enforcement to disrupt malware Incident Investigation and recovery for customers

12 Data Machine Learning Human Analysis

13 Microsoft protecting you Industry Partners Antivirus Network INTELLIGENT SECURITY GRAPH CERTs Cyber Defense Operations Center Malware Protection Center Cyber Hunting Teams Security Response Center Digital Crimes Unit PaaS IaaS SaaS Identity Apps and Data Infrastructure Device

14 SECURE MODERN ENTERPRISE Identity Embraces identity as primary security perimeter and protects identity systems, admins, and credentials as top priorities Apps and Data Aligns security investments with business priorities including identifying and securing communications, data, and applications Identity Apps and Data Infrastructure Devices Infrastructure Operates on modern platform and uses cloud intelligence to detect and remediate both vulnerabilities and attacks Devices Secure Platform (secure by design) Accesses assets from trusted devices with hardware security assurances, great user experience, and advanced threat detection

15 Phase 1: Build the Foundation Start the journey by getting in front of current attacks Critical Mitigations Critical attack protections Attack Detection Hunt for hidden persistent adversaries and implement critical attack detection Roadmap and planning Share Microsoft insight on current attacks and strategies, build a tailored roadmap to defend your organization s business value and mission Identity SECURE MODERN ENTERPRISE Apps and Data Infrastructure Phase 2: Secure the Pillars Secure Platform (secure by design) Devices Phase 1: Build Security Foundation Critical Attack Defenses Phase 2: Secure the Pillars Continue building a secure modern enterprise by adopting leading edge technology and architectures: Privileged Access Security - Industrial Grade protections for critical identities and assets Shadow IT visibility Discover, protect, and monitor your critical data in the cloud Device and Datacenter Security - Hardware rooted protections for devices, servers, and credentials Threat Detection - Deep analyst expertise and unique technical and human insights into threats Cloud Security Risk Mitigation - Chart a secure path as a cloud-enabled enterprise

16 24-48 Hours 1. Beachhead (Phishing Attack, etc.) 2. Lateral Movement a. Steal Credentials b. Compromise more hosts & credentials 3. Privilege Escalation a. Get Domain Admin credentials 4. Execute Attacker Mission a. Steal data, destroy systems, etc. b. Persist Presence Tier 0 Domain & Enterprise Admins Tier 1 Server Admins Tier 2 Workstation & Device Admins

17 Organizational Preparation Education Strategy & Integration 1. Restrict Privilege Escalation a. Privileged Access Workstations b. Assess AD Security 2. Restrict Lateral Movement a. Random Local Password 3. Attack Detection a. Attack Detection b. Hunt for Adversaries 4. Organizational Preparation a. Strategic Roadmap b. Technical Education Tier 0 Domain & Enterprise Admins Tier 1 Server Admins Attack Detection Advanced Threat Analytics (ATA) Hunt for Adversaries Restrict Lateral Movement Tier 2 Workstation & Device Admins Restrict Privilege Escalation

18 Phase 1 Build the Foundation Aligned with Securing Privileged Access (SPA) roadmap

19

20 Phase 2 Secure the Pillars Foundation: Critical Attack Defenses

21 To Cloud or Not to Cloud?

22

23

24 What is driving change? Life before cloud Life with cloud Storage, corp data Users On-premises Only sanctioned apps are installed Resources accessed via managed devices/networks IT had layers of defense protecting internal apps IT has a known security perimeter User chooses apps (unsanctioned, shadow IT) User can access resources from anywhere Data is shared by user and cloud apps IT has limited visibility and protection

25 Virtual Machines Cloud Services App Services Windows 10 Mobile ios Android Nokia X Windows Store ios Android HTML5/JS GALLERY DEPLOY YOUR CODE Load Balancer Gallery Load Balancer VIRTUAL MACHINES Windows WEB ROLE INSTANCES Load Balancer Linux APP INSTANCES VIRTUAL NETWORK SQL QUEUE CACHE TYPE X TYPE Y APP TYPES API APP LOGIC APP WEB APP MOBILE APP STORAGE BLOBS / FILES (Virtual Disks) Database STORAGE SOLUTIONS Blobs/Files Tables/NoSQL API MARKETPLACE COMPUTE NETWORKING IDENTITY & ACCESS MEDIA & CDN Virtual Machines Get full control over a server in the cloud and maintain it as your business requires. Cloud Services Managed Virtual Machines with specific web and worker roles that are stateless Batch For running large scale parallel and high performance computing (HPC) applications Scheduler Create jobs that run reliably on simple or complex schedules to invoke any type of service. Remote App Access Windows apps that run within the Service on VM s from any device and any location. Virtual Network Provision and manage VPNs in Azure and securely link to your onpremises IT infrastructure. Express Route Connect on-premises and cloud data centers directly through dedicated, non-internet lines. Traffic Manager Load-balance incoming global traffic across multiple services running in multiple data centers. Active Directory Identity and access management for cloud applications and ability to link to on-premises Server AD. Multi-Factor Authentication Safeguard access to data and apps with additional physical layer of security control. Media Services Range of services that support video on-demand and live streaming workflows. Content Delivery Network (CDN) Cache content for your apps at 100 s of edge locations to improve user experiences. WEB & MOBILE ANALYTICS Web Apps Managed web platform, get started for free and scale as you go using many tools/ languages. Mobile Apps Add backend capabilities to mobile apps, with native client support on most device platforms. API Apps Create and surface your app logic as APIs for other services and apps to consume. Logic Apps Build/execute business processes by linking your own custom API s with an API Gallery/Marketplace API Management Publish and Manage APIs to developers, partners and employees securely and at scale. Notification Hubs Deliver millions of cross platform push notifications from any application backend, anywhere. HDInsight Big Data (based on Apache Hadoop) analytics that integrate easily with Microsoft Office. Machine Learning Mine historical data with compute power to predict future trends or behavior. Stream Analytics Process data streams in real-time to discover and react to trends. Data Factory Ingest data from multiple sources to combine into a cloud based Data Warehouse. Event Hubs Ingest, persist, process millions of events per second from millions of devices. Mobile Engagement Ingest, persist, process millions of events per second from millions of devices. STORAGE & BACKUP DATA DEVELOPER SERVICES Storage Blobs & Files Store binary application data and web content store for dedicated and shared virtual disks for VM s Backup Managed service that handles backup/restore of Windows Server machines/backup agent. Import/Export For massive data transfer ship encrypted disks to move data in/out of blob storage. Site Recovery Coordinate replication and recovery of System Center private clouds StorSimple Automated, policy driven solution to extend on-premises primary storage for backup / DR. SQL Database Managed relational database service with high availability and selectable performance levels. DocumentDB Store/retrieve millions of JSON objects from a highly scalable NoSQL document database. Redis Cache Make applications scale and be more responsive under load by keeping data closer to app logic. Search Managed, scalable search service for your apps, create tunable search results and ranking models. Tables Massive scale for semi-structured key/value type data in this schema-less NoSQL store. Visual Studio Online Store code, plan and track projects, build, deploy and test apps in the cloud collaboratively. Application Insights Analyze app usage, availability and performance to detect issues and solve problems proactively. HYBRID INTEGRATION Storage Queues Biztalk Services Hybrid Connections Service Bus MANAGEMENT Automation Portal Key Vault Operational Insights COMMERCE Store / Marketplace VM Depot Simple message queue for application de-coupling architecture for scale out. Build EDI and Enterprise App Integration (EAI) solutions in the cloud. Connect apps in Azure with onpremises resources without a VPN or dedicated line. Messaging capabilities (pub/sub, queues) and on-premises to cloud connectivity solution. Run durable PowerShell scripts to automate frequent, long running, complex Azure tasks. Web based experience to provision, control and monitor all Azure services. Safeguard and control keys and secrets in cloud scale hardware security modules. Analyze and troubleshoot onpremises IT infrastructure without using instrumented code. Find and manage other services provided by third parties. Find free open source VM images that you can download and run in Azure Virtual Machines.

26 500+ New releases in the last 12 months

27 >90,000 New Azure customer subscriptions/month >1.5Million SQL Databases running on Azure >500Million Users in Azure Active Directory Azure momentum 1.5Trillion Messages per month processed by Azure IoT 777Trillion Storage Transactions per day >40% Revenue from Start-ups and ISVs

28 Microsoft identity security at a glance >1.3 billion auths every day on Azure AD + 13 billion auths from the consumer space (MSA) Identify 30K potentially compromised users per day Every day the Identity ML system processes >10 TB of data Automatically deflect 1.5 million attacks per day in the consumer space

29 Azure Compliance The largest compliance portfolio in the industry

30 Holistic Cyber Defense how to build?

31 Holistic Cyber Defense is multi-dimensional User Device Data Protect by reducing threat of credential theft Protect across levels Hardware, Software, and Applications Protect data no matter where it is located Detect suspicious behavior and unusual activity Detect any deviations from baseline, policies, or behavior Detect any attempts for unauthorized data access Respond by elevating access requirements based on Risk Respond dynamically to any suspicious device or application Respond to any data leak by removing or monitoring access Secure Development Lifecycle On-premises Hybrid Cloud

32 Our Top Conversations on Cybersecurity Security Assessment Suite Top Scenarios Capabilities (MCS, Premier, ACE) Solution Maps (MCS, Premier, ACE) Cloud Planning on moving apps or DC infrastructure services to the cloud, or planning on moving to O365 Partner with Cloud Productivity Mobile Info Protect Need a strategy to mitigate the risk of users bringing unmanaged PCs, phones, tablets Partner with Devices and Mobility Need to protect data from theft, unauthorized disclosure, and accidental distribution Partner with Cloud Productivity Threats Concerned they have been compromised and wants to be able to detect threats Partner with Cyber Platform Sec Concerned with security risks and vulnerabilities and want to make sure we are doing basic hygiene Partner with Cyber

33 But Start with Basics: Software security does not follow the Lada car evolution model We need to follow changing threat landscape

34 Microsoft Security Technologies

35 Modern Desktops Security

36 Why Windows 10? C R E D E N T I A L G U A R D

37 US Department of Defense Windows 10 Migration - Rationale Microsoft Windows 10 is intended as a crossplatform release and will be a ubiquitous operating system for desktops, laptops, and tablets. Microsoft Windows 10 enterprise edition provides security features that are not available in older versions of Windows These new features, when employed, are critical to mitigating advanced network threats. Rapid implementation to Microsoft Windows 10 will improve our cybersecurity posture, lower the cost of IT, and streamline the IT operating environment

38 Windows 10 Plan by US Air Force

39 04/10/ Headquarters International Staf New HQ NATO Secret

40 04/10/

41 Partnering with Nations to achieve Connected Forces and NATO Forces 2020 goals more efficiently NCIA 5 Goals as defined by the 28 Nations (NC3B): 1. NATO Software for Nations Use 2. Multinational development of interoperability standards & advanced technology 3. Implementation of NATO solutions in multinational forces 4. Test and re-use of NATO solutions by Partners (Sweden and Finland) 5. Enabling Joint C4ISR

42 Available Common Funded Solutions In the NCIA Customer Services Catalogue (examples) NATO Information Portal NATO Tasker Tracker Enterprise NATO Common Operational Picture Land C2 Information System

43 Premier Support Services for NATO Organizational Continuity, IT Service Improvement and Security. 24x7 global support coverage. Support Account Management, Workshops, Problem Resolution Support, Support Assistance, Information Services, Security

44 Microsoft products licenses used for New NATO HQ NATO provides as PFE (Purchaser Furnished Infrastructure & Service): Office Professional Plus Enterprise Client Access Licenses (e-cal) for Windows Server, Exchange Server, SharePoint Server, Lync Server, System Centre, Forefront and SQL Server

45 SharePoint based NATO C2

46 NATO Information Portal Requirements

47

48 Cloud Powered Antimalware Protection

49 DESKTOPS ATTACKS HAPPEN FAST AND ARE HARD TO STOP If an attacker sends an to 100 people in your company 23 people will open it 11 people will open the attachment and six will do it in the first hour.

50 HOW DO THESE ATTACKS USUALLY START? How do they get in? How do they get privilege's? 0days Vulnerabilities Weak defenses Social engineering

51 ADDING A POST-BREACH MINDSET TO THE WINDOWS 10 DEFENSE STACK PRE-BREACH POST-BREACH Device Device protection protection Threat Identity resistance protection Information Identity protection Information Threat protection resistance Breach detection Breach detection investigation & investigation & response response Device Health Attestation attestation Device Guard Device Control Security policies SmartScreen Built-in 2FA Account AppLocker lockdown Credential Device Guard Microsoft Passport Windows Defender Windows Hello :) Network/Firewall Device Built-in protection 2FA / Drive encryption Account lockdown Windows Information Credential Guard Protection Microsoft Passport Conditional access Windows Hello ;) Device SmartScreen protection / Drive encryption AppLocker Enterprise Data Device Guard Protection Windows Defender Conditional access Network/Firewall Windows Defender ATP Advanced Threat Protection (ATP)

52 WINDOWS DEFENDER ADVANCED THRE AT PROTECTION D E T E C T, I N V E S T I G A T E A N D R E S P O N D T O T A R G E T E D A T T A C K S Built in to Windows 10, cloud powered Behavior-based, breach detection Rich timeline for investigation Unique threat intelligence knowledge base

53 Windows Defender ATP helps enterprise customers detect and remediate Advanced Attacks and data breaches Client side dynamic endpoint behavioral sensors and loggers, works side by side with any existing endpoint security technology Powered by cloud Machine Learning Analytics over the largest sensor array in the world Enhanced by the community of our Hunters, researchers and threat intelligence Built into

54

55 Threat Intelligence from partnerships Threat Intelligence by Microsoft hunters Always-on endpoint behavioral sensors Forensic collection SecOps console Exploration Alerts Security analytics Behavioral IOAs Dictionary Known adversaries unknown Files and URLs detonation Microsoft Detection Stack Customers' Windows Defender ATP tenant SIEM / central UX SIEM Windows APT Hunters, MCS Cyber

56 DATA AND COMPLIANCE Client threat data collection Telemetry, automatically collected from on-boarded endpoints, serves to proactively identify indications of attack and can be viewed by customer SecOps. Threat insights are shared among WDATP customers Sample Collection WDATP can be configured to collect samples upon identifying IoAs or suspicious activities, which enables deeper analysis to identify potential threats. Sample collection can be performed automatically for fast detection, or manually after SecOps explicit approval Geolocation Enterprise data will have geo-affinity to a single Data Center geo-location. Each enterprise can select their preferred data center location from available Azure data center locations Compliance and Privacy All customer data resides in compliant storage (Windows Azure), isolated from data of other customers, and secured by access control with full auditing and logging capabilities. PII data anonymized prior to aggregation and processing

57 ONE MICROSOF T VISION Windows Defender ATP Integration & exchange of signals Exchange Online ATP (Office365) Windows 10 Advanced Threat Analytics (ATA)

58 Information Protection

59 Mobile security landscape Comprehensive approach to mobile security and discover a foundation for both management and protection: microsoft.com/ems AZURE ACTIVE DIRECTORY IDENTITY PROTECTION MICROSOFT CLOUD APP SECURITY ATA INTUNE AZURE RIGHTS MANAGEMENT & SECURE ISLANDS

60 Information Protection Vision Classification and labeling Encryption Access control Policy enforcement Document tracking Document revocation Files LOB apps Share internally Share externally (B2B) Share externally (B2C) On any device In any part of the world US EU APAC China Germany

61 Information Protection The 5 Step Program Classify Label Protect Monitor Respond

62 Classification on use

63 Leverage Labels Everywhere Top DLP Vendors DLP, ediscovery, Compliance

64 Apply data-bound protection Cloud Drive

65 Use User/ITPro logs/portals Dan opened gov.doc Fred failed to use gov.doc Jane printed gov.doc *

66 Act on Use/Abuse/Overuse

67 Start small, now, and move quickly

68 Automatic Classification

69

70

71 Manual Classification

72

73

74

75

76

77

78

79 Classification Level Recommendation

80

81

82

83

84

85

86 Reclassification Justification

87

88 Do you trust your Admin?

89 1 requires adherence to secure configuration best practices, e.g. TPM-based attestation Step 1 how things look today and now with Shielded VMs in Windows Server 2016 Server administrator Storage administrator Network administrator Backup operator Hyper-V administrator PHYSICAL MACHINES Yes No No No n/a VIRTUAL MACHINES No Yes 1 No Yes No Yes No Yes No Yes

90 Step 2 Decryption keys controlled by external system Cloud/Datacenter Guest VM Guest VM Guest VM Host OS Hypervisor Hyper-V Host 1 Fabric Controller Host OS Guest VM Guest VM Hypervisor Hyper-V Host 2 Host OS Guest VM Guest VM Key Protection Host Guardian Service Hypervisor Hyper-V Host 3

91 Secure Server OS?

92 Our Server Journey Server Roles/Features GUI Shell Windows/ WindowsNT Full Server Minimal Server Interface Windows NT to Windows Server 2003 Server Core Windows Server 2008 and Windows Server 2008 R2 Server Core Windows Server 2012 and Windows Server 2012 R2

93 And one more little thing: Nano Server A new headless, 64-bit only, deployment option for Windows Server Deep refactoring focused on CloudOS infrastructure Born-in-the-cloud applications Server with a Desktop Exp Nano Server Server Core

94 Nano Server - Roles & Features Minimal footprint Server Roles and Optional Features live outside of Nano Server No binaries or metadata in image Standalone packages that install like applications Key Roles & Features Hyper-V, Clustering, Storage Core CLR, PaaS & ASP.NET V.Next, Containers Full driver support & Antimalware System Center and Apps Insight agents to follow

95 Windows Server 2016 offers a new installation option: Nano Server. Nano Server is a remotely administered server operating system optimized for private clouds and datacenters. It is similar to Windows Server in Server Core mode, but significantly smaller, has no local logon capability, and only supports 64-bit applications, tools, and agents. It takes up far less disk space, sets up significantly faster, and requires far fewer updates and restarts than Windows Server. When it does restart, it restarts much faster. The Nano Server installation option is available for Standard and Datacenter editions of Windows Server Nano Server is ideal for a number of scenarios: As a "compute" host for Hyper-V virtual machines, either in clusters or not As a storage host for Scale-Out File Server. As a DNS server As a web server running Internet Information Services (IIS) As a host for applications that are developed using cloud application patterns and run in a container or virtual machine guest operating system

96 From observations to operations

97

98 Alerts and advisories (three-day notification, public vulnerability announcements, out-of-cycle notifications) Internet safety reference material Microsoft Security Response Alliance portal access Digital Crimes Community portal access Cyber Threat Intelligence Program botnet feeds Malicious URL feeds Other emerging detection guidance

99 Big Data Analytics Sharing with Governments Cyber Threat Intelligence Program 70 million IP addresses 500 million pings/day Volume constantly changing

100

101 The Microsoft Cyber Defense Operations Center Protect Microsoft s cloud infrastructure, customerfacing cloud services, products and devices, and internal resources 24 x 7 x 365 Unite personnel, technology, and analytics in a central hub Provide world-class security protection, detection, and response More than 50 Security Experts and Data Scientists Connected to >3500 Security Professionals across Microsoft Tight partnerships with Microsoft Research and the Security Development Lifecycle (SDL) team

102 Protect Detect Respond Protect customers most valuable assets by helping to prevent cyber-attacks, compromise Monitor customer networks to expose attacks, vulnerabilities and persistent threats Investigate and disrupt suspicious events to provide diagnoses and recommended mitigations Active Directory Security Solutions* ADSA (through ACE); Secure and Resilient AD (through CSS) Credential Theft Mitigation (CTM) Solutions Privileged Account Workstation (PAW); Enhanced Security Administrative Environment (ESAE), etc. Cyber Security Architect (CSA) Security Development Lifecycle (SDL) Maturity Assessment Microsoft Security Risk Assessment (MSRA) Advanced Threat Analytics (ATA) Implementation Services (ATA IS) Persistent Adversary Detection Service (PADS) Microsoft Threat Detection Service (MTDS) Incident Response (IR) Recovery Tactical and Strategic (TR/SR)

103 Security Evaluation and Certification

104 FIPS Validation of Windows 10 The following Microsoft Windows 10 product editions are FIPS validated: Windows 10 Enterprise and LTSB Windows 10 Pro Windows 10 US Federal and Canadian governments have FIPS requirements for the use of cryptography to protect sensitive data. These validation certificates are currently for Windows 10 (TH1). Certificates have been updated at the end of June 2016 to include the Windows 10 November 2015 Update (TH2 / 1511), Windows 10 Mobile, Microsoft Surface Hub, and additional Microsoft hardware devices. For reference, the FIPS validation certificates are posted here:

105 New US DoD Policy - Updated Guidance Concerning the Acquisition of Information Assurance (IA) and la-enabled Products In order to achieve more consistent and efficient use of scarce resources, the NIAP has issued Reference (d) and other guidance that limits the circumstances under which products may be evaluated to: Products claiming compliance with a U.S. approved Protection Profile (with an EAL no higher than that specified in the profile), or When a U.S. approved Protection Profile docs not exist and a government agency requests a Common Criteria evaluation, NIAP will consider accepting a product into evaluation at EAL2 only. Validator resource availability and customer need (as specified in the LOI) will serve as the basis for acceptance

106 NATO Information Assurance Products Catalogue - updated

107 Product Bitlocker - Windows 7, Windows Server 2008 (R2) Hyper-V - Windows Server 2008 (R2) Server virtualization Hyper-V - Windows Server 2012 (R2) Server virtualization ListDlls version 2.25 Microsoft Baseline Security Analyzer (MBSA) versions and 2.0 SQL Server 2008 (R2) SQL Server 2012 SQL Server 2014 Strings, version 2.3. Surface Pro 3 with Windows 8.1 Windows 7 Windows 8(.1) Windows Phone 8(.1) Windows Server 2008 (R2) Windows Server 2012 (R2) Main Category Disk/File Encryption Operating System Security Management Operating System Security Management Computer Forensics Operating System Security Management Database Management System Database Management System Database Management System Computer Forensics Operating System Security Management Operating System Security Management Operating System Security Management Operating System Security Management Operating System Security Management Operating System Security Management

108

109 CC certificate for Windows 10 November 2015 Update with Surface Book against the Mobile Device protection profile Global list of CC-evaluated products Certification listing Security target (the claims we make about Windows 10) The report by the independent evaluation lab The validation report that confirms the lab s findings Windows 10/Windows 10 Mobile FIPS evaluation and Common Criteria Certifications (up to date) Certification Date Completed Evaluated for CC Mobile Device Fundamentals Protection Profile 2.0 January 29, 2016 Windows 10 CC General Purpose OS Protection Profile 4.1 April 6, 2016 Windows 10 CC Mobile Device Fundamentals Protection Profile 2.0 May 12, 2016 Windows 10 Mobile, Windows 10 CC Mobile Device Fundamentals Protection Profile 2.0 June 24, 2016 Windows 10 November 2015 Update FIPS Level 1 June 2, 2016 Windows 10

110

111 Example of Windows 10 Secure Configuration Guidance - Poland

112 What next? We can help

113 SUMMARY Cybersecurity standardization simplifies management and operations Exploiting user credentials in the vast majority of attacks Advanced Threat Analytics can help to detect and mitigate them Microsoft investment in Protect, Detect and Response model is now available for GOV/MIL customers responsible for interoperability and national Cyber Defense/Cybersecurity capabilities development Microsoft Services can be used for operational support and development on GOV/MIL cyber capabilities

114 These practices are still important Part of a complete long term security strategy Domain Controller Security Updates Target full deployment within 7 days Remove Users from Local Administrators Manage exceptions down to near-zero Ensure only admin of one workstation Baseline Security Policies Apply standard configurations Manage exceptions down to near-zero Anti-Malware Detect and clean known threats Log Auditing and Analysis Centralize logs to enable investigations and analysis Software Inventory and Deployment Ensure visibility and control of endpoints to enable security operations

115 CYBER SECURITY DEMYSTIFIED AND IN THE MEANTIME simple but important actions 6to improve your security today: Download your free digital copy of the Cyber Security Demystified ebook and share it with your business stakeholders today: Make sure to regularly check and install the latest security updates Don t run software as an Administrator to mitigate risks Use the most up to date versions of all software and use automatic updates where possible Use firewall and antivirus software to spot threats Develop your software securely. Visit: microsoft.com/sdl to find out more Educate yourself and your staff on the latest risks, common cyber crime methods and best practice

116 Additional Cyber Resources news.microsoft.com/press kits/dcu soft blogs.technet.com/security Azure Information Protection Resources Public preview announcement Support for federated identities Azure AD Identity Protection Documentation Demo playbook End user experience Channel 9 Video APIs Security reader role

117