Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Similar documents
Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Enterprise Mobility + Security

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

PLANNING AZURE INFRASTRUCTURE SECURITY - AZURE ADMIN ACCOUNTS PROTECTION & AZURE NETWORK SECURITY

Hybrid Identity de paraplu in de cloud

Go mobile. Stay in control.

News and Updates June 1, 2017

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Windows Server Security Guide

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Jay Ferron. CEHi, CISSP, CHFIi, C)PTEi, CISM, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM blog.mir.

Pass-the-Hash Attacks

CloudSOC and Security.cloud for Microsoft Office 365

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

CyberArk Privileged Threat Analytics

Microsoft Security Management

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

PrecisionAccess Trusted Access Control

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

10 FOCUS AREAS FOR BREACH PREVENTION

Symantec Endpoint Protection Family Feature Comparison

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Copyright 2011 Trend Micro Inc.

Use EMS to protect your mobile data and mobile app

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Best Practices in Securing a Multicloud World

Securing Windows Server 2016

MEETING ISO STANDARDS

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Incident Scale

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

Managing Microsoft 365 Identity and Access

Security+ SY0-501 Study Guide Table of Contents

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

ForeScout ControlFabric TM Architecture

Intro to Niara. no compromise behavioral analytics. Tomas Muliuolis HPE Aruba Baltics Lead

IBM Future of Work Forum

Microsoft: What s new and cool FY16

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Critical Hygiene for Preventing Major Breaches

Office 365: Modern Workplace

CAN MICROSOFT HELP MEET THE GDPR

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Microsoft 365 Security & Compliance For Small- and Mid-Sized Businesses

MODERN DESKTOP SECURITY

Qualys Indication of Compromise

Stopping Advanced Persistent Threats In Cloud and DataCenters

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

How Breaches Really Happen

Maximum Security with Minimum Impact : Going Beyond Next Gen

Identity as the core of enterprise mobility

Unlocking the Power of the Cloud

Teradata and Protegrity High-Value Protection for High-Value Data

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

AUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response

Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Behavioral Analytics A Closer Look

Data Lakes & Leaks Erno Doorenspleet. IBM Security

"Charting the Course... MOC C: Securing Windows Server Course Summary

Google Identity Services for work

WORKPLACE Data Leak Prevention: Keeping your sensitive out of the public domain. Frans Oudendorp Ronny de Jong

Five Essential Capabilities for Airtight Cloud Security

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

the SWIFT Customer Security

Microsoft Advance Threat Analytics (ATA) at LLNL NLIT Summit 2018

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Censornet. CensorNet Unified Security Service (USS) FREEDOM. VISIBILITY. PROTECTION. Lars Gotlieb Regional Manager DACH

Crash course in Azure Active Directory

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Secure Access for Microsoft Office 365 & SaaS Applications

Cyber security tips and self-assessment for business

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

68 Insider Threat Red Flags

Embracing a Secure Cloud. Cloud & Network Virtualisation India 2017

Microsoft 365 Business FAQs

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

GUIDE. Navigating the General Data Protection Regulation Mini Guide

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Identity & Access Management

GSX 365 Usage Reports & Security Audit

Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

RSA INCIDENT RESPONSE SERVICES

Transforming Security Part 2: From the Device to the Data Center

Transcription:

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office 365, CISSP B.S. Biola University. Microsoft Virtual Technology Sales Professional b-joes@microsoft.com Twitter: @ITGuySoCal Blog: www.thecloudtechnologist.com LinkedIN: https://www.linkedin.com/in/jstocker101 My Company: www.patriotconsultingtech.com 2

Top 10 Security Threats and how Azure Security Solutions can help. Live demonstration of the newest Microsoft Security technologies: - Azure AD Identity Protection - Azure AD Privileged Identity Management - Azure Information Protection - Cloud App Discovery - Azure Security Center - Advanced Security Management - Advanced Threat Protection - OMS Security Suite

Sophistication 2003 2004 2005 present 2012 beyond Targeting

Access control How do I ensure appropriate access to my cloud apps? Shadow IT How do I know what apps are used in my environment? Threat prevention How do I know if my users have been breached? Data protection How do I prevent data leakage? Visibility/reporting How do I gain visibility into cloud apps and usage? Compliance How do I address regulatory mandates?

Security Issue #1 63% Data breaches involve weak, default, or stolen passwords.

CLOUD-POWERED PROTECTION Gain insights from a consolidated view of machine learning based threat detection Remediation recommendations Infected devices Brute force attacks Configuration vulnerabilities Leaked credentials Suspicious signin activities Risk-based policies MFA Challenge Risky Logins Risk severity calculation Risk-based conditional access automatically protects against suspicious logins and compromised credentials Machine-Learning Engine Change bad credentials Block attacks

Security Issue #2 Privileged Accounts Attackers target global admins

CLOUD-POWERED PROTECTION Discover, restrict, and monitor privileged identities Enforce on-demand, just-in-time administrative access when needed Provides more visibility through alerts, audit reports and access reviews Global Administrator Billing Administrator Exchange Administrator User Administrator Password Administrator

Security Issue #3 Sensitive files being leaked

CLASSIFICATION LABELING ENCRYPTION ACCESS CONTROL POLICY ENFORCEMENT DOCUMENT TRACKING DOCUMENT REVOCATION Classification & labeling Protect Monitor & respond

Azure Information Full Data Protection LABELING CLASSIFICATION ENCRYPTION ACCESS CONTROL Lifecycle POLICY ENFORCEMENT DOCUMENT TRACKING DOCUMENT REVOCATION Classification & labeling Protect Monitor & respond

Security Issue #4 Shadow IT

CLOUD-POWERED PROTECTION as many Cloud apps are in use than IT estimates Discover all SaaS apps in use within your organization Microsoft Azure Active Directory Cloud app discovery Comprehensive reporting SaaS app category Number of users Utilization volume Source: Help Net Security 2014

Security Issue #5 Spear Phishing 91% of successful data breaches started with a spear-phishing attack [Source: Trend Micro]

From: Real CEO s Full Name [mailto:realceo@contoso.com] Sent: Monday, March 21, 2016 9:53 AM To: (Unsuspecting End-User Probably in Accounting Department) <AccountingClerk@contoso.com> Subject: RE: Invoice Payment Jane, I need you to process an urgent payment, which needs to go out today as a same value day payment. Let me know when you are set to proceed, so i can have the account information forwarded to you once received. Awaiting your response. Regards Thanks.

Security Issue #6 Detecting Intrusions 200 days. That s the average time an attacker goes undetected.

Identify high-risk and abnormal usage, security incidents, and threats Shape your Office 365 environment with granular security controls and policies Gain enhanced visibility and context into your Office 365 usage and shadow IT no agents required.

Security Issue #7 Employee Exits How do I wipe business data from a personally owned mobile phone or tablet?

Managed apps Multi-identity policy Corporate data User Personal data IT Maximize mobile productivity and protect corporate resources with Office mobile apps including multi-identity support Personal apps Extend these capabilities to your existing line-of-business apps using the Intune App Wrapping Tool Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps

Security Issue #8 Conventional Antivirus is insufficient 10% of viruses get by antivirus blacklists

Windows Defender ATP

Security Issue #9 Assume Breach There are companies who have been hacked And companies who don t know they have been hacked

Advanced Threat Analytics

DETECT ATTACKS BEFORE THEY CAUSE DAMAGE An on-premises platform to identify advanced security attacks and insider threats before they cause damage Behavioral Analytics Detection of advanced attacks and security risks Advanced Threat Detection Microsoft Advanced Threat Analytics brings the behavioral analytics concept to IT and the organization s users.

DETECT ATTACKS BEFORE THEY CAUSE DAMAGE 1 Analyze Learn 2 Detect 3 ATA Analyzes all Active Directory-related traffic and collects relevant events from SIEM ATA automatically learns all entities behaviors ATA Builds the organizational security graph, detects abnormal behavior, protocol attacks and weaknesses and constructs an attack timeline

Abnormal resource access Account enumeration Net Session enumeration DNS enumeration SAM-R Enumeration Abnormal authentication requests Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash Skeleton key malware Golden ticket Remote execution Malicious replication requests Compromised Credential Privilege Escalation Reconnaissance Lateral Movement Domain Dominance Abnormal working hours Brute force using NTLM, Kerberos, or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request MS14-068 exploit (Forged PAC) MS11-013 exploit (Silver PAC)

Security Issue #10 Privilege Escalation Mimikatz nuff said.

http://www.winbeta.org/news/us-department-defense-move-windows-10- february-2017-upgrading-4-million-seats

Azure Security Center vs OMS

So what s the difference? VM's patched, running antivirus, using Network Security Groups, any endpoints without access control lists. OMS Security is a cloud-based service that enables customers to quickly and easily assess the security posture and detect security threats across hybrid cloud environments

Summary

Secure the Enterprise Security Solution Overview Protect application access from identity attacks AZURE ACTIVE DIRECTORY IDENTITY PROTECTION MICROSOFT CLOUD APP SECURITY Extend enterprise-grade security to your cloud and SaaS apps ATA Detect problems early with visibility and threat analytics Protect your data, everywhere Privileged Identity and Access Mgmt Azure Information Protection Protect your users, devices, and apps INTUNE Time Limited Access and Just in Time Activation Administrators Users

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback