Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office 365, CISSP B.S. Biola University. Microsoft Virtual Technology Sales Professional b-joes@microsoft.com Twitter: @ITGuySoCal Blog: www.thecloudtechnologist.com LinkedIN: https://www.linkedin.com/in/jstocker101 My Company: www.patriotconsultingtech.com 2
Top 10 Security Threats and how Azure Security Solutions can help. Live demonstration of the newest Microsoft Security technologies: - Azure AD Identity Protection - Azure AD Privileged Identity Management - Azure Information Protection - Cloud App Discovery - Azure Security Center - Advanced Security Management - Advanced Threat Protection - OMS Security Suite
Sophistication 2003 2004 2005 present 2012 beyond Targeting
Access control How do I ensure appropriate access to my cloud apps? Shadow IT How do I know what apps are used in my environment? Threat prevention How do I know if my users have been breached? Data protection How do I prevent data leakage? Visibility/reporting How do I gain visibility into cloud apps and usage? Compliance How do I address regulatory mandates?
Security Issue #1 63% Data breaches involve weak, default, or stolen passwords.
CLOUD-POWERED PROTECTION Gain insights from a consolidated view of machine learning based threat detection Remediation recommendations Infected devices Brute force attacks Configuration vulnerabilities Leaked credentials Suspicious signin activities Risk-based policies MFA Challenge Risky Logins Risk severity calculation Risk-based conditional access automatically protects against suspicious logins and compromised credentials Machine-Learning Engine Change bad credentials Block attacks
Security Issue #2 Privileged Accounts Attackers target global admins
CLOUD-POWERED PROTECTION Discover, restrict, and monitor privileged identities Enforce on-demand, just-in-time administrative access when needed Provides more visibility through alerts, audit reports and access reviews Global Administrator Billing Administrator Exchange Administrator User Administrator Password Administrator
Security Issue #3 Sensitive files being leaked
CLASSIFICATION LABELING ENCRYPTION ACCESS CONTROL POLICY ENFORCEMENT DOCUMENT TRACKING DOCUMENT REVOCATION Classification & labeling Protect Monitor & respond
Azure Information Full Data Protection LABELING CLASSIFICATION ENCRYPTION ACCESS CONTROL Lifecycle POLICY ENFORCEMENT DOCUMENT TRACKING DOCUMENT REVOCATION Classification & labeling Protect Monitor & respond
Security Issue #4 Shadow IT
CLOUD-POWERED PROTECTION as many Cloud apps are in use than IT estimates Discover all SaaS apps in use within your organization Microsoft Azure Active Directory Cloud app discovery Comprehensive reporting SaaS app category Number of users Utilization volume Source: Help Net Security 2014
Security Issue #5 Spear Phishing 91% of successful data breaches started with a spear-phishing attack [Source: Trend Micro]
From: Real CEO s Full Name [mailto:realceo@contoso.com] Sent: Monday, March 21, 2016 9:53 AM To: (Unsuspecting End-User Probably in Accounting Department) <AccountingClerk@contoso.com> Subject: RE: Invoice Payment Jane, I need you to process an urgent payment, which needs to go out today as a same value day payment. Let me know when you are set to proceed, so i can have the account information forwarded to you once received. Awaiting your response. Regards Thanks.
Security Issue #6 Detecting Intrusions 200 days. That s the average time an attacker goes undetected.
Identify high-risk and abnormal usage, security incidents, and threats Shape your Office 365 environment with granular security controls and policies Gain enhanced visibility and context into your Office 365 usage and shadow IT no agents required.
Security Issue #7 Employee Exits How do I wipe business data from a personally owned mobile phone or tablet?
Managed apps Multi-identity policy Corporate data User Personal data IT Maximize mobile productivity and protect corporate resources with Office mobile apps including multi-identity support Personal apps Extend these capabilities to your existing line-of-business apps using the Intune App Wrapping Tool Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps
Security Issue #8 Conventional Antivirus is insufficient 10% of viruses get by antivirus blacklists
Windows Defender ATP
Security Issue #9 Assume Breach There are companies who have been hacked And companies who don t know they have been hacked
Advanced Threat Analytics
DETECT ATTACKS BEFORE THEY CAUSE DAMAGE An on-premises platform to identify advanced security attacks and insider threats before they cause damage Behavioral Analytics Detection of advanced attacks and security risks Advanced Threat Detection Microsoft Advanced Threat Analytics brings the behavioral analytics concept to IT and the organization s users.
DETECT ATTACKS BEFORE THEY CAUSE DAMAGE 1 Analyze Learn 2 Detect 3 ATA Analyzes all Active Directory-related traffic and collects relevant events from SIEM ATA automatically learns all entities behaviors ATA Builds the organizational security graph, detects abnormal behavior, protocol attacks and weaknesses and constructs an attack timeline
Abnormal resource access Account enumeration Net Session enumeration DNS enumeration SAM-R Enumeration Abnormal authentication requests Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash Skeleton key malware Golden ticket Remote execution Malicious replication requests Compromised Credential Privilege Escalation Reconnaissance Lateral Movement Domain Dominance Abnormal working hours Brute force using NTLM, Kerberos, or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request MS14-068 exploit (Forged PAC) MS11-013 exploit (Silver PAC)
Security Issue #10 Privilege Escalation Mimikatz nuff said.
http://www.winbeta.org/news/us-department-defense-move-windows-10- february-2017-upgrading-4-million-seats
Azure Security Center vs OMS
So what s the difference? VM's patched, running antivirus, using Network Security Groups, any endpoints without access control lists. OMS Security is a cloud-based service that enables customers to quickly and easily assess the security posture and detect security threats across hybrid cloud environments
Summary
Secure the Enterprise Security Solution Overview Protect application access from identity attacks AZURE ACTIVE DIRECTORY IDENTITY PROTECTION MICROSOFT CLOUD APP SECURITY Extend enterprise-grade security to your cloud and SaaS apps ATA Detect problems early with visibility and threat analytics Protect your data, everywhere Privileged Identity and Access Mgmt Azure Information Protection Protect your users, devices, and apps INTUNE Time Limited Access and Just in Time Activation Administrators Users