Pieter Wigleven Windows Technical Specialist

Similar documents
Enterprise Ransomware Mitigations

MODERN DESKTOP SECURITY

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

WINDOWS 10 ENTERPRISE New Security Features

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

9 Years in Consulting. Broad experience in Microsoft Infrastructure solutions. Specialised in Windows 10 & Surface familly

Defending Microsoft environments at scale. Vineet Bhatia 15 Mar 2018

Windows 10 Identity and Security

Windows 10 Consumer Storybook v1.0_november update_partner-ready

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

RSA NetWitness Suite Respond in Minutes, Not Months

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Windows 10 Webinar. Onsight

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Windows IoT Security. Jackie Chang Sr. Program Manager

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Securing Windows Server 2016

Consultant since many years. Mainly working with defense and public sector. MCSE on Windows Server 2000 security ;-)

Critical Hygiene for Preventing Major Breaches

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

Building Resilience in a Digital Enterprise

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Reducing the Cost of Incident Response

"Charting the Course... MOC C: Securing Windows Server Course Summary

Course Outline 20744B

RSA INCIDENT RESPONSE SERVICES

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

CloudSOC and Security.cloud for Microsoft Office 365

RSA INCIDENT RESPONSE SERVICES

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Compare Security Analytics Solutions

BUILDING AND MAINTAINING SOC

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

Fidelis Overview. ISC 2 DoD and Industry Forum. Rapid Detection and Automated Incident Response DoD & Commercial Active Defense Use Cases

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

Building a Threat-Based Cyber Team

Cybersecurity questions for today

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

THE EVOLUTION OF SIEM

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

The Cognito automated threat detection and response platform

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

MCAFEE INTEGRATED THREAT DEFENSE SOLUTION

10 FOCUS AREAS FOR BREACH PREVENTION

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview

Agile Security Solutions

NEXT GENERATION SECURITY OPERATIONS CENTER

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

USE CASE IN ACTION Splunk + Komand

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Trend Micro and IBM Security QRadar SIEM

Behavioral Analytics A Closer Look

Course Outline. Course Outline :: 20744A::

Microsoft Advance Threat Analytics (ATA) at LLNL NLIT Summit 2018

Microsoft Security Management

SIEMLESS THREAT MANAGEMENT

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

How Breaches Really Happen

[MS20744]: Securing Windows Server 2016

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

ICS Security Monitoring

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Seceon s Open Threat Management software

Securing Windows Server 2016

Managed Endpoint Defense

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

The Rise of the Purple Team

Microsoft Securing Windows Server 2016

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

20744: Securing Windows Server Sobre o curso. Microsoft. Nível: Avançado Duração: 35h

SentinelOne Technical Brief

Incident Response Agility: Leverage the Past and Present into the Future

Automated Threat Management - in Real Time. Vectra Networks

Live Adversary Simulation: Red and Blue Team Tactics

Part 2: How to Detect Insider Threats

Keeping Current with Windows 10. Jon Anderson Senior Systems Consultant, Now Micro December 5 th, 2018

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Transcription:

Pieter Wigleven Windows Technical Specialist

HOW DO BREACHES OCCUR? Malware and vulnerabilities are not the only thing to worry about 46% of compromised systems had no malware on them 99.9% of exploited Vulnerabilities were used more than a year after the CVE was published Fast and effective phishing attacks leave you little time to react 23% of recipients opened phishing messages (11% clicked on attachments) 50% of those who open and click attachments do so within the first hour

THE WINDOWS 10 DEFENSE STACK PRE-BREACH Device Device protection protection Threat Identity resistance protection Information Identity protection Information Threat protection resistance Device Health Attestation attestation Device Guard Device Control Security policies SmartScreen Built-in 2FA Account AppLocker lockdown Credential Device Guard Microsoft Passport Windows Defender Windows Hello :) Network/Firewall Device Built-in protection 2FA / Drive encryption Account lockdown Windows Information Credential Guard Protection Microsoft Passport Conditional access Windows Hello ;) SmartScreen Device protection / Drive AppLocker encryption Enterprise Device Guard Data Windows Protection Defender Windows Conditional Defender access Application Guard

ADDING A POST-BREACH MINDSET PRE-BREACH POST-BREACH Device Device protection protection Threat Identity resistance protection Information Identity protection Information Threat protection resistance Breach detection Breach detection investigation & investigation & response response Device Health Attestation attestation Device Guard Device Control Security policies SmartScreen Built-in 2FA Account AppLocker lockdown Credential Device Guard Microsoft Passport Windows Defender Windows Hello :) Network/Firewall Device Built-in protection 2FA / Drive encryption Account lockdown Windows Information Credential Guard Protection Microsoft Passport Conditional access Windows Hello ;) SmartScreen Device protection / Drive AppLocker encryption Enterprise Device Guard Data Windows Protection Defender Windows Conditional Defender access Application Guard Windows Defender ATP Advanced Threat Protection (ATP)

Built in to Windows 10 No additional deployment & infrastructure. Continuously up-to-date, lower costs. Rich timeline for investigation Easily understand scope of breach. Data pivoting across endpoints. Deep file and URL analysis. Windows Defender Advanced Threat Protection Detect advanced attacks and remediate breaches Behavior-based, cloud-powered breach detection Actionable, correlated alerts for known and unknown adversaries. Real-time and historical data. Unique threat intelligence knowledge base Unparalleled threat optics provide detailed actor profiles 1st and 3rd party threat intelligence data. Response based on the Windows stack* Rich SOC toolset ranging from machine-specific intervention or forensic actions to cross-machine blacklisting

Windows 10 Security is Built in - not Bolted on

Windows Defender Advanced Threat Protection Demo Liz Bean

THE ATTACK

Windows Defender Advanced Threat Protection Demo Jonathan Wolcott

INTEGRATION WITH WINDOWS DEFENDER / SCEP

SIEM INTEGRATION REST APIs Alert display ArcSight and Splunk Adding more Info on TechNet

Windows Defender Advanced Threat Protection How to get started?

CUSTOMER JOURNEY 1 2 3 4

LICENSING

PROVISIONING AAD Provisioning Asking for existing/new company AAD Get Started Sign-in to Windows Security Center

PROVISIONING

ONBOARDING

ONBOARDING

INTEGRATION WITH OFFICE ATP T H E F U T U R E

INTEGRATION WITH ADVANCED THREAT ANALYTICS T H E F U T U R E

Combined Microsoft Stack: Maximize detection coverage throughout the attack stages Pivot wide - across Microsoft ATP services User receives an email Opens an attachment Clicks on a URL Exploitation Installation C&C channel Persistence Privilege escalation Reconnaissance Lateral movement Access to shared resources Office 365 ATP Email protection Windows ATP End Point protection ATA User protection http:// User browses to a website User runs a program

TechNet resources @ https://aka.ms/technet-wdatp https://aka.ms/wdatp

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback