Enterprise Mobility + Security

Similar documents
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

U susret GDPR regulativi Dočekajmo spremni Maj 2018

Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway

Hyper scale Infrastructure is the enabler

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1

COMPLIANCE IN THE CLOUD

Morgan Independent Software Vendor Lead

Microsoft 365 Das modern Büro der Zukunft

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

PostgreSQL & The Cloud

Die intelligente Cloud als Kernelement der IT Transformation. Dr. Bernd Kiupel Business Group Lead Cloud & Enterprise, Microsoft Schweiz

Microsoft Advance Threat Analytics (ATA) at LLNL NLIT Summit 2018

What is Blockchain? Cryptographically Authentic Shared Distributed Ledger. Cryptographically Authentic Each transaction recorded in the database is

Closing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies. Ronit Reger, Senior Program Manager at Microsoft

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Go mobile. Stay in control.

Introductie Intercept

Hybrid Identity de paraplu in de cloud

Today s top THREAT ACTORS pose unique challenges

Accelerate GDPR compliance with the Microsoft Cloud

Amit Panchal Enterprise Technology Strategist

PLANNING AZURE INFRASTRUCTURE SECURITY - AZURE ADMIN ACCOUNTS PROTECTION & AZURE NETWORK SECURITY

What is Dell EMC Cloud for Microsoft Azure Stack?

QBS Talks. June GDPR a Microsoft perspective Ole Kjeldsen, CTO Microsoft DK

News and Updates June 1, 2017

Our Mission. Empower every person and every organization on the planet to achieve more.

Klaus Schwab, Founder & Executive Chairman

Use EMS to protect your mobile data and mobile app

Avanade Zerouno : Cloud Experience. Version 1.0 May 16, 2017 Author(s): Ivan Loreti

Microsoft: What s new and cool FY16

Compliance & Security in Azure. April 21, 2018

Kimberly Nelson Executive Director Government Solutions US SLG. March 2017

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

CloudSOC and Security.cloud for Microsoft Office 365

Security & Compliance in the AWS Cloud. Amazon Web Services

Microsoft Security Management

Identity as the core of enterprise mobility

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Use Microsoft EMS. to Protect your Mobile Data and Mobile Apps. Chris Nackers Nackers Consulting

Microsoft Azure. The cloud platform for digital transformation

CONDITIONAL ACCESS FROM A TO Z

Jay Ferron. CEHi, CISSP, CHFIi, C)PTEi, CISM, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM blog.mir.

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Cloud Transformation and Significance of Security

RSA NetWitness Suite Respond in Minutes, Not Months

Office 365: Modern Workplace

BDPA Conference Windows 10

Datasheet. Only Workspaces delivers the features users want and the control that IT needs.

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Identity & Access Management

Protecting and empowering your connected organization

Best Practices in Securing a Multicloud World

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

The Need For A New IT Security Architecture: Global Study On The Risk Of Outdated Technologies

CyberArk Privileged Threat Analytics

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

Cyber Defense Operations Center

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

CipherCloud CASB+ Connector for ServiceNow

Pritam Pabla Technology Solutions Specialist Hybrid Cloud

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Google Identity Services for work

Unlocking the Power of the Cloud

Secure access to your enterprise. Enforce risk-based conditional access in real time

Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

Securing the New Perimeter:

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Pass-the-Hash Attacks

Symantec Endpoint Protection Family Feature Comparison

Verasys Enterprise Security and IT Guide

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Windows Server Security Guide

AKAMAI CLOUD SECURITY SOLUTIONS

Microsoft Azure Security, Privacy, & Compliance

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

Azure Introduction & Data Center Transformation. Ken Ho Product Marketing Manager C+E

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

The Oracle Trust Fabric Securing the Cloud Journey

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

TRUE SECURITY-AS-A-SERVICE

Crash course in Azure Active Directory

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

White Paper. How Organizations. Can Use The Cloud In Confidence. In business for people.

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

ModernBiz Day. Safeguard Your Business. Sonia Blouin APAC Cloud Lead Microsoft Asia Pacific

McAfee Skyhigh Security Cloud for Amazon Web Services

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Your Guide to EMS. Applied Tech: Your Guide to EMS. Contents

Transcription:

Enterprise Mobility + Security

Assume Breach

Identity Data Flexible Workforce

250 million Millions Billions 700 million 40 billion 18+ billion 420 million Millions 35 billion messages/month

United Kingdom

Microsoft s Security Approach Industry Partners Antivirus Network INTELLIGENT SECURITY GRAPH CERTs Cyber Defense Operations Center Malware Protection Center Cyber Hunting Teams Security Response Center Digital Crimes Unit PaaS IaaS SaaS Identity Apps and Data Infrastructure Device

Azure Compliance The largest compliance portfolio in the industry ISO 27001 SOC 1 Type 2 SOC 2 Type 2 PCI DSS Level 1 Cloud Controls ISO 27018 Matrix Content Delivery and Security Association Shared Assessments FedRAMP JAB P-ATO HIPAA / HITECH FIPS 140-2 21 CFR FERPA DISA Level 2 CJIS IRS 1075 ITAR-ready Section 508 Part 11 VPAT European Union Model Clauses EU Safe Harbor United Kingdom G-Cloud China Multi Layer Protection Scheme China GB 18030 China CCCPPF Singapore MTCS Level 3 Australian Signals Directorate New Zealand GCIO Japan Financial Services ENISA IAF

Azure AD Authentications? 15,000 authentications Per Day? Per Hour? Per Minute? 34 data centres inc. UK South and UK West

Global opportunity with Azure infrastructure 34 Azure regions worldwide North Central US United Kingdom South Central US US Gov US DoD West West Central US South Central US Canada Central US Gov Canada East US DoD East United Kingdom West East US East US 2 North Europe West Europe Germany Central** Germany Northeast** West India Central India Korea Central Korea South China West* Japan East Japan West China East* East Asia South India 100 + datacenters One of 3 largest networks in the world *Operated by 21 Vianet **German data trustee services provided by T-systems Brazil South Southeast Asia Australia Southeast Australia East

People-centric approach Devices Apps Data Enable your users Unify your environment Protect your data

A HOLISTIC SOLUTION Enterprise Mobility +Security Extend enterprise-grade security to your cloud and SaaS apps Microsoft Cloud App Security Microsoft Intune Azure Active Directory Premium Manage identity with hybrid integration to protect application access from identity attacks Protect your data, everywhere Azure Information Protection Protect your users, devices, and apps Detect threats early with visibility and threat analytics Microsoft Advanced Threat Analytics

EMS E5 EMS E3 Enterprise Mobility + Security Identity and access management Managed Mobile Productivity Information Protection Identity Driven Security Azure Active Directory Premium P1 Microsoft Intune Azure Information Protection Premium P1 Microsoft Advanced Threat Analytics Secure Single-Sign on to cloud and On-premises apps. MFA, Conditional Access and advanced security reporting Mobile device and app management to protect corporate apps and data on any device. Encryption for all files and storage locations. Cloud based file tracking Protection from advanced targeted attacks leveraging user and entity behavioral analytics Azure Active Directory Premium P2 Azure Information Protection Premium P2 Microsoft Cloud App Security Identity and Access Management with advanced protection for users and privileged identities (includes all capabilities in P1) Intelligent classification, & encryption for files shared inside & outside your organization (includes all capabilities in P1) Enterprise-grade visibility, control, and protection for your cloud applications

Integrated Identity as the control plane One common identity Simple connection Self-service Single sign on Windows Server Active Directory Other Directories Username Azure Public cloud SaaS Office 365 On-premises Microsoft Azure Active Directory Cloud

Sensitivity: Internal

Mini Exercise Sensitivity: Internal

Traditional Systems and Applications, MS Cloud Services, Other Cloud Services Identity HR Syste m Office 365 Azure File Shares Print Servic e Identity Devices Authentication Intune CRM Citrix Service Now Finance System Twitter Condec o

Conditional Access Control User attributes User identity Group memberships Auth strength (MFA) Devices Known to organization MDM Managed (Intune) Compliant with policies Not lost/stolen Application Business sensitivity Conditional access control in Active Directory Other Inside corp. network Outside corp. network Risk profile

MDM beyond email

Supported Platforms ios macos Windows

User-centric approach Conditional Access Device Management Selective Wipe LoB app Built-In Built-In Microsoft Intune

Before mobile devices can access Office 365 data, they must be enrolled and healthy. 1. A user downloads the public OneDrive app on a personal ipad 2. The user is shown a page that directs them to enroll the ipad 3. The user steps through the enrollment process 4. The OneDrive app is now MDM enabled 5. The user is able to access their OneDrive data

Device Polices Control what mobile devices can connect to Office 365 Data Set device configuration policies such as pin lock Enforce data encryption on devices Admin Controls Built-In management in Office 365 Admin Center, and PowerShell Configure device policies by groups Product level granular control Device Reporting Device compliance reports Mobile usage and trends in our organization API support

1. An employee uses Office 365 apps and data on a mobile device. The employee leaves the company. 2. The IT admin logins into Office 365 Admin Center to perform a selective wipe 3. The Office 365 data is removed from the Office applications leaving personal information intact

Personal Corporate Managed Browser & Viewer Apps Manage all of your corporate apps and data with Intune s mobile device and application management solution Complete mobile application management Securely access corporate information using Office mobile apps, while preventing company data loss by restricting actions such as copy/cut/paste/save in your managed app ecosystem Extend these capabilities to existing line of business apps using the Intune app wrapper Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps

Managed apps Multi-identity policy Corporate data User Personal data IT Maximize mobile productivity and protect corporate resources with Office mobile apps including multi-identity support Personal apps Extend these capabilities to your existing line-of-business apps using the Intune App Wrapping Tool Enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps

http://blocked.com

brian@contoso.com

brian@contoso.com

Brian Shiers

Contoso Corporation Brain Shiers Device Successfully Enrolled Return to e-mail (xxx) xxx-xx12 Enroll your device For added security, we need to verify your account. We have sent a text message with the verification code. Allan Brian Myers Shiers Contoso Corporation Please enter the code to continue Other security verification options Sign in with another account Sign in Cancel

Contoso Corporation Brain Shiers Device Successfully Enrolled Return to e-mail (xxx) xxx-xx12 Enroll your device For added security, we need to verify your account. We have sent a text message with the verification code. Allan Brian Myers Shiers Contoso Corporation Please enter the code to continue XYZZY Other security verification options Sign in with another account Sign in Cancel

brian@contoso.com

brian@contoso.com

Brian Shiers

Contoso Corporation Brain Shiers Device Successfully Enrolled Return to e-mail (xxx) xxx-xx12 Enroll your device For added security, we need to verify your account. We have sent a text message with the verification code. Allan Brian Myers Shiers Contoso Corporation Please enter the code to continue Other security verification options Sign in with another account Sign in Cancel

Contoso Corporation Brain Shiers Device Successfully Enrolled Return to e-mail (xxx) xxx-xx12 Enroll your device For added security, we need to verify your account. We have sent a text message with the verification code. Allan Brian Myers Shiers Contoso Corporation Please enter the code to continue XYZZY Other security verification options Sign in with another account Sign in Cancel

Microsoft Advanced Threat Analytics

DETECT ATTACKS BEFORE THEY CAUSE DAMAGE Identifies advanced persistent threats (APTs) on-premises using User and Entity Behavioral Analytics Detects suspicious user and entity behavior with machine learning Detects malicious attacks (i.e. Pass the Hash, Pass the Ticket) Provides a simple attack timeline with clear and relevant attack information

DETECT ATTACKS BEFORE THEY CAUSE DAMAGE Detect threats fast with Behavioral Analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives No need to create rules or policies, deploy agents, or monitor a flood of security reports. The intelligence needed is ready to analyze and continuously learning. ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly evolving enterprise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the who-whatwhen-and how of your enterprise. It also provides recommendations for next steps Alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity s behavior to its own behavior, but also to the profiles of other entities in its interaction path.

Microsoft Advanced Threat Analytics 1 Analyze After installation: Simple non-intrusive port mirroring, or deployed directly onto domain controllers Remains invisible to the attackers Analyzes all Active Directory network traffic Collects relevant events from SIEM and information from Active Directory (titles, groups membership, and more)

Microsoft Advanced Threat Analytics 2 Learn ATA: Automatically starts learning and profiling entity behavior Identifies normal behavior for entities Learns continuously to update the activities of the users, devices, and resources What is entity? Entity represents users, devices, or resources

Microsoft Advanced Threat Analytics 3 Detect Microsoft Advanced Threat Analytics: Looks for abnormal behavior and identifies suspicious activities Only raises red flags if abnormal activities are contextually aggregated Leverages world-class security research to detect security risks and attacks in near real-time based on attackers Tactics, Techniques, and Procedures (TTPs) ATA not only compares the entity s behavior to its own, but also to the behavior of entities in its interaction path.

Microsoft Advanced Threat Analytics 4 Alert ATA reports all suspicious activities on a simple, functional, actionable attack timeline ATA identifies Who? What? When? How? For each suspicious activity, ATA provides recommendations for the investigation and remediation

Microsoft Advanced Threat Analytics Abnormal resource access Account enumeration Net Session enumeration DNS enumeration Abnormal authentication requests Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash Skeleton key malware Golden ticket Remote execution Malicious replication requests Compromised credential Privilege escalation Reconnaissance Lateral movement Domain dominance Abnormal working hours Brute force using NTLM, Kerberos or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request MS14-068 exploit (Forged PAC) MS11-013 exploit (Silver PAC)

Classify, Label, Protect Automated classification

Classify, Label, Protect Recommended classification

Classify, Label, Protect Manual classification

Classify, Label, Protect Business justification required to re-classify

Classify, Label, Protect Prevent edit, copy, print and save with Azure Rights Management integration

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback