Evolution of Cyber Security Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa Nasser.Kettani@microsoft.com @nkettani
MODERN SECURITY THREATS THERE ARE TWO KINDS OF BIG COMPANIES: THOSE WHO VE BEEN HACKED, AND THOSE WHO DON T KNOW THEY VE BEEN HACKED. JA M E S C O M E Y, D I R E C TO R F B I
Cybersecurity is a Boardroom-level Issue 71% of companies admit they fell victim to a successful cyber attack the prior year 556M victims of cybercrime $3 Trillion estimated cost in economic value from cybercrime industry by 2020 $400B cost of cyberattacks to companies each year per year 160M Data records compromised from top 8 breaches in 2015 $500 Million Corporate liability coverage. +200 DAYS Between attack and detection
EVOLUTION OF ATTACKS FROM FUN TO CASH Mischief Fraud and Theft Damage and Disruption Script Kiddies Unsophisticated Organized Crime More sophisticated Nations, Terror Groups, Activists Very sophisticated and well-resourced
Encouter rate in Tunisia
MODERN SECURITY POSTURE Protect Today s cloud-first, mobile-first world demands the highest level of identity & data security Detect Comprehensive monitoring tools to help you spot abnormalities and respond to attacks faster Respond Leading response and recovery technologies plus deep consulting expertise
Industry leading capabilities Visibility Context Experience Expertise VISIBILITY CONTEXT EXPERIENCE EXPERTISE Malware largest anti-virus and antimalware service Clients Windows Updates, Error Reports Email Outlook.com, Office 365 Web content Bing, Azure AD Cloud platform Azure IaaS and PaaS, Azure Security Center Trillions of URLs indexed Hundreds of Billions of authentications, monthly emails analyzed Billions of daily web pages scans, Windows devices reporting Hundreds of Millions of reputation look ups Millions of daily suspicious files detonations 1M+ Corporate Machines protected by enterprise IT security Multi-platform cloud-first hybrid enterprise Decades of experience as a global enterprise Runs on multi-tenant Azure environment, same as you Development Security established Security Development Lifecycle (SDL) - ISO/IEC 27034-1 Operational Security for Hyper-scale cloud services Combatting Cybercrime in the cloud & partnering with law enforcement to disrupt malware Incident Investigation and recovery for customers
10s of PBs of logs 1+ billion Azure Active Directory logons 300+ million active Microsoft Account users Detected/ reflected attacks > 10,000 location-detected attacks 1.5 million compromise attempts deflected
Data Machine Learning Human Analysis
Microsoft protecting you Industry Partners Antivirus Network INTELLIGENT SECURITY GRAPH CERTs Cyber Defense Operations Center Malware Protection Center Cyber Hunting Teams Security Response Center Digital Crimes Unit PaaS IaaS SaaS Identity Apps and Data Infrastructure Device
SECURE MODERN ENTERPRISE Identity Embraces identity as primary security perimeter and protects identity systems, admins, and credentials as top priorities Apps and Data Aligns security investments with business priorities including identifying and securing communications, data, and applications Identity Apps and Data Infrastructure Devices Infrastructure Operates on modern platform and uses cloud intelligence to detect and remediate both vulnerabilities and attacks Devices Secure Platform (secure by design) Accesses assets from trusted devices with hardware security assurances, great user experience, and advanced threat detection
Security posture To security in depth From perimeter security
Hyper Scale Cloud is more Secure Hyperscale Cloud Private Cloud
Does Sovereignity mean Secure?
2012 Microsoft Corporation. All rights reserved. This presentation is for information purposes only. Microsoft makes no warranties, express or implied, in this summary. Microsoft, Active Directory, Bing, BizTalk, Excel, Forefront, InfoPath, Kinect, Lync, Microsoft Dynamics, SharePoint, Silverlight, SQL Azure, SQL Server, Surface, Visual Studio, Windows, Windows Azure, Windows Mobile, Windows Server, and Xbox are trademarks of the Microsoft group of companies. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
THE WINDOWS 10 DEFENSE STACK PROTECT, DETECT & RESPOND PRE-BREACH POST-BREACH Device protection Threat resistance Identity protection Information protection Breach detection investigation & response Device integrity Health attestation Device control Device Guard Device Control Security policies SmartScreen Windows AppLocker Firewall Microsoft Device Guard Edge Windows Device Defender Guard Windows Network/Firewall Defender Windows Built-in Hello 2FA ;) Windows Account lockdown Hello for Business Credential Guard Microsoft Credential Passport Guard Windows Hello ;) Device BitLocker protection and / Drive BitLocker encryption to Go Enterprise Windows Data Information Protection Protection Conditional access Windows Conditional Defender Access ATP Windows Defender ATP
MICROSOFT S COMPREHENSIVE VISION FOR SECURIT Y Protect Detect Respond Devices Protect across levels Hardware, Software, and Applications Detect any deviations from baseline, policies, or behavior Respond dynamically to any suspicious device or application Apps Protect apps using secure development practices to reduce attack surface area Detect use of unsanctioned apps or threats against apps Respond dynamically to any suspicious application Users Protect by reducing threat of credential theft Detect suspicious behavior and unusual activity Respond by elevating access requirements based on Risk Data Protect data no matter where it is located Detect any attempts for unauthorized data access Respond to any data leak by monitoring or removing access