Microsoft Networking Academy

Transcription

1 Microsoft Networking Academy with the C+E Global Black Belts Olivier Martin Networking TSP GBB Kevin Lopez ER Partner Sales Executive GBB Jaime Schmidtke ER Partner Sales Executive GBB Eddie Villalba Networking and Open Source TSP GBB Bryan Woodworth Networking TSP GBB

2 Before we get started Welcome customers and partners!!! Material is public information No NDA info here. Use the IM window for questions. Sessions are recorded and posted here :

3 Microsoft Networking Academy Introductory Sessions (200 level) Quick overview or what s new this week (5-10 minutes) Partner Spotlight of the week (35-45 minutes) Q&A (10 minutes) Deep Dive Sessions ( level) Short introduction (5 minutes) Deeper dive topic of the week (35-45 minutes) Q&A (10 minutes) GBB-ANF@microsoft.com to receive detailed schedules for upcoming sessions! Available on Channel 9!

4 Agenda for April 28 th, 2017 Episode #7 Intro Networking from 0-60 Partner Spotlight Full Stack Security for Azure with Alert Logic Ask the Experts Q&A

5

6 Seattle Silicon Valley Los Angeles Dublin Toronto Montreal Chicago Quebec City Chicago New York Newport, Wales New York City Washington DC London Las Vegas Washington DC Dallas Dallas US Atlanta Government Germany Berlin Amsterdam Paris Frankfurt Chennai Beijing China ShanghaiOsaka Hong Kong Tokyo Mumbai Singapore Sao Paulo Sydney Melbourne

7

8 Internet Internet Internet Internet Azure load balancer Azure load balancer Azure load balancer Azure load balancer FW FW FW FW FW FW IIS IIS SQL Azure load balancer Azure load balancer Azure load balancer IIS IIS IIS IIS IIS IIS ExpressRoute SQL SQL ExpressRoute SQL Virtual Network Virtual Network Virtual Network Virtual Network Azure subscription Access Control Azure subscription Access Control Azure Active Directory Azure subscription Access Control

9

10

11 Partner Spotlight Alert Logic

12 ALERT LOGIC SOLUTIONS FOR AZURE Vince Bryant, MS Partner Development Manager Peter Baumbach, Solutions Engineer Jason Giddens, Manager, Solutions Engineering

13 We protect cloud workloads & web applications FULLY-MANAGED SECURITY, DELIVERED AS A SERVICE ASSESS DETECT Full-stack security Integrated analytics & experts Built for cloud Cost-effective outcomes BLOCK COMPLY Hosting Data Center

14 CLOUD DRIVERS TRADITIONAL SECURITY Cloud has disrupted traditional security DEPLOYMENT & MANAGEMENT PERFORMANCE & OPERATIONS CUSTOMER APPLICATION REQUIREMENTS AGILITY & AUTOMATION HYPER-SCALABILITY PRIORITY: WEB APPLICATIONS vs vs vs SLOW, COMPLEX CONFIGURATIONS SCALING CHOKEPOINTS POOR DETECTION OF WEB APP ATTACKS

15 Security risk is shifting to unprotected web applications Web app attacks are now the #1 source of data breaches But less than 5% of data center security budgets are spent on app security Attacks Web App Attacks POS Intrusions UP 500% SINCE Miscellaneous Errors Privilege Misuse Cyber-espionage Everything Else 125 Payment Card Skimmers 86 Physical Theft / Loss 56 $23 to $1 Crimeware Denial of Service 1 49 Source: Gartner 10% 20% 30% 40% Source: Verizon Percentage of Breaches

16 Application protection is the customer s responsibility The first step to securing cloud workloads is understanding the shared responsibility model Microsoft will secure most of the underlying infrastructure, including the physical access to the datacenters, the servers and hypervisors, and parts of the networking infrastructure but the customer is responsible for the rest. Taken from the Shared Responsibility for Cloud Computing whitepaper, published by Microsoft in March 2016

17 Alert Logic helps protect across the entire stack Web Application Firewall Vulnerability Scanning Secure Coding and Best Practices Software and Virtual Patching Configuration Management Access Management (inc. Multi-factor Authentication) Application level attack monitoring Hypervisor Management System Image Library Root Access for Customers Managed Patching (PaaS, not IaaS) Security Monitoring Log Analysis Vulnerability Scanning Access Management Configuration Hardening Patch Management Logical Network Segmentation Perimeter Security Services External DDOS, spoofing, and scanning monitored Network Threat Detection Security Monitoring TLS/SSL Encryption Network Security Configuration MICROSOFT CUSTOMER ALERT LOGIC

18 Cloud Defender delivers full stack security, experts included Cloud Defender Active Watch Web Apps Security Analytics Experts Analysis Server-side Apps App Frameworks Web App Attacks OWASP Top 10 Web Security Manager Signatures & Rules Threat Intelligence Security Research Dev Platforms Databases Server OS Hypervisor Hardware Platform / Library Attacks System / Network Attacks Log Manager Threat Manager Anomaly Detection Machine Learning Data Science Security Content Security Operations Center Your App Stack SaaS Technology Managed Security

19 Continuous delivery of high value cost-effective outcomes Examples of outcomes we deliver EXPERTS PROCESS ANALYTICS TECHNOLOGY Assess Detect Block Continuous reporting on vulnerabilities and configuration flaws Incident escalation and remediation guidance within 15 minutes Attack filtering logic tuned specifically for each web app Comply Log security monitoring, daily review and archival

20 HOW IT WORKS: Alert Logic Threat Manager for 3 Tier Application Stack + Azure SQL VNET Alert Logic VM Threat Manager Appliance Azure Storage Table SQL Logs Application Gateway Web Tier VM ScaleSets Application Tier VM ScaleSets Database Tier Web Traffic AutoScale AutoScale Azure SQL RESOURCE GROUP

21 3-Tier applications using VMs only VNET Alert Logic Web Traffic Customer A Web Tier VM ScaleSets AutoScale Application Tier VM ScaleSets AutoScale Database Tier SQL VM AvailabilitySets RESOURCE GROUP VM Web Traffic Customer B Web Tier VM ScaleSets AutoScale Application Tier VM ScaleSets AutoScale Database Tier SQL VM AvailabilitySets Threat Manager Appliance RESOURCE GROUP VNET

22 ARM Template automate appliance deployments

23 Agents can be baked into VM images, or automatically installed using DevOps toolsets

24 Azure Activity Logs identify IOCs at the subscription level These logs can show changes to NSG configurations or privilege escalation

25 DEMOS

26 How can I find out more? Check out our website, and request a demo Attend our webinar on June 7 th - Sign up for our weekly threat report -

27 Thank you.

28 We scan the entire stack for vulnerabilities and config errors Web Apps Server-side Apps App Frameworks Dev Platforms Databases Server OS Our coverage is prioritized by applications and workloads running in the cloud Hypervisor

29 Alert Logic is security built for the cloud Prevent, detect and stop threats across your full app & infra stack Add expert protection without adding staff or building SOC Eliminate chokepoints in app production with security built for cloud Expand capabilities quickly with modular services Focus on actionable detail with expert verification and prioritization Affordable advanced protection from 13 cents / hour / host

30 Incident identification and notification Azure ATTACK CONSOLE Alert Logic SOC Incident notification AWS ALERT LOGIC CLOUD CONSOLE Customer / Partner SecOps Team On-prem We can either work with your customer directly, or your teams if you are managing the environment on behalf of the customer

31 Alert Logic a Leader in Forrester s 2016 NA MSSP WAVE TM Alert Logic has a head start in the cloud, and it shows. Alert Logic is an excellent fit for clients looking to secure their current or planned cloud migrations, clients requiring a provider than can span seamlessly between hybrid architectures, and those that demand strong API capabilities for integrations. - Forrester WAVE TM Report

32 Addressing Customers with Compliance Requirements Alert Logic Solution PCI DSS SOX HIPAA & HITECH Alert Logic Web Security Manager 6.5.d Have processes in place to protect applications from common vulnerabilities such as injection flaws, buffer overflows and others 6.6 Address new threats and vulnerabilities on an ongoing basis by installing a web application firewall in front of public-facing web applications. DS 5.10 Network Security AI 3.2 Infrastructure resource protection and availability (a)(1) Security Management Process (a)(6) Security Incident Procedures Alert Logic Log Manager 10.2 Automated audit trails 10.3 Capture audit trails 10.5 Secure logs 10.6 Review logs at least daily 10.7 Maintain logs online for three months 10.7 Retain audit trail for at least one year DS 5.5 Security Testing, Surveillance and Monitoring (a)(1)(ii)(d) Information System Activity Review (a)(6)(i) Login Monitoring (b) Audit Controls Alert Logic Threat Manager Monitor zero day attacks not covered by anti-virus 6.2 Identify newly discovered security vulnerabilities 11.2 Perform network vulnerability scans quarterly by an ASV or after any significant network change 11.4 Maintain IDS/IPS to monitor and alert personnel; keep engines up to date DS5.9 Malicious Software Prevention, Detection and Correction DS 5.6 Security Incident Definition DS 5.10 Network Security (a)(1)(ii)(a) Risk Analysis (a)(1)(ii)(b) Risk Management (a)(5)(ii)(b) Protection from Malicious Software (a)(6)(iii) Response & Reporting Alert Logic Security Operations Center providing Monitoring, Protection, and Reporting

33 Open Q&A

34 Thank you! Session recording will be posted shortly here