modern desktop security -...
TRANSCRIPT
![Page 1: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/1.jpg)
![Page 2: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/2.jpg)
MODERN DESKTOP SECURITY
“I’M GOING TO BE HONEST.
WE’RE IN THE FIGHT OF OUR DIGITAL LIVES,
AND WE ARE NOT WINNING!”
M I C H A E L M C C A U L , C H A I R M A N , U S H O M E L A N D S E C U R I T Y C O M M I T T E E
![Page 3: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/3.jpg)
RANSOMWARE HAS BECOME THE BLACK PLAGUE
"We can not say it loud and often enough, ransomware has become the black plague of the internet, spread by highly sophisticated exploit kits and countless spam campaigns. ," says Cisco’s Talos. Attackers are going after bigger targets that can afford to pay more, with potentially catastrophic consequences”
A dangerous piece
of PC ransomware
is now impossible
to crackSTEVE DENT
Engadget
March 17, 2016
Source: A dangerous piece of PC ransomware is now impossible to crack, Steve Dent, Engadget, Macrh 17, 2016
![Page 4: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/4.jpg)
Evolution of Attacks
Mischief
Script Kiddies
Unsophisticated
Fraud and Theft
Organized Crime
Recently achieved apex attacker status, well resourced
Damage and Disruption
Nations, Terror Groups, Activists
Traditional apex attackers, well resourced
![Page 5: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/5.jpg)
Threat
Protection
Protect, detect, and
respond to the most
advanced threats using
advanced based hardware
security and the power of
the cloud
THE MODERN DESKTOP SECURITYPROTECT, DETECT & RESPOND
Identity
ProtectionKick passwords to the curb
with a convenient, easy to
use and enterprise-grade
alternative that is designed
for today’s mobile-first
world.
Information
ProtectionProtect data on lost and
stolen devices and prevent
accidental data leaks using
data separation,
containment, and
encryption.
Servicing and Centralized Security Management
![Page 6: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/6.jpg)
Threat
Protection
THE MODERN DESKTOP SECURITYPROTECT, DETECT & RESPOND
Identity
Protection
Information
Protection
Servicing and Centralized Security Management
BitLocker
Windows Information Protection
Device Encryption
Windows Hello
Azure Active Directory Premium
Credential GuardWindows Firewall
Windows Defender SmartScreen
Windows Defender ATP
Windows Defender Antivirus
Microsoft Edge
Device Guard
Office 365 ATP
Microsoft Cloud App Security
Azure Information ProtectionAdvanced Threat Analytics
![Page 7: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/7.jpg)
Threat
Protection
THE MODERN DESKTOP SECURITYPROTECT, DETECT & RESPOND
Identity
Protection
Information
Protection
Servicing and Centralized Security Management
BitLocker
Windows Information Protection
Device Encryption
Windows Hello
Azure Active Directory Premium
Credential GuardWindows Firewall
Windows Defender SmartScreen
Windows Defender ATP
Windows Defender Antivirus
Microsoft Edge
Device Guard
Office 365 ATP
Microsoft Cloud App Security
Azure Information ProtectionAdvanced Threat Analytics
![Page 8: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/8.jpg)
Office 365 ATP
Safe Links Provides time-of-click
malicious URL detection
Safe Attachments Helps protect against
malicious attachments
URL Detonation Scan files that are linked in
email via URLs to websites
Multiple features, maximum security
![Page 9: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/9.jpg)
Safe Links
Helps protect against phishing and sites with malicious content.
Provides visibility into compromised users for administrators.
Rewrites all URLs to proxy through an EOP server.
IP + envelope filter
Signature-based AV
Blocking known exploits
EOP user without Office 365 ATP
EOP user with Office 365 ATP
Anti-spam filter
http://www.
Web serversperform latest URL reputation check
User clicking URL is taken to EOP web servers for the latest check at the “time-of-click”
Rewriting URLs to redirect to a web server
![Page 10: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/10.jpg)
Safe LinksAdmin sets policy
Users notified if a
malicious link is
clicked in email
![Page 11: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/11.jpg)
Helps protect against zero-day exploits in email attachments.
Provides visibility into compromised users for administrators.
Leverages sandboxing technology.
IP + envelope filter
Signature-based AV
Blocking known exploits
EOP user without Office 365 ATP
EOP user with Office 365 ATP
Anti-spam filter
Safe Attachments
![Page 12: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/12.jpg)
Dynamic Delivery
![Page 13: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/13.jpg)
TRADITIONAL PLATFORM STACK
JUST ONE VULNERABIL ITY AWAY FROM FULL COMPROMISE
Device Hardware
Kernel
Windows Platform Services
Apps
![Page 14: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/14.jpg)
Kernel
Windows Platform Services
Apps
Kernel
Windows Defender System Guard
Tru
stle
t#
1
Tru
stle
t#
2
Tru
stle
t#
3
Hypervisor
Device Hardware
Windows Operating System
Hyper-VHyper-V
VIRTUALIZATION BASED SECURITY WITH
WINDOWS DEFENDER SYSTEM GUARD
![Page 15: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/15.jpg)
“PASS THE HASH” ATTACKS
Today’s security challenge
![Page 16: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/16.jpg)
1. Single IT Pro’s machine is
compromised
IT Pro manages kiosks/shared devices on
network
Attacker steals IT Pro’s access token
2. Using IT Pros access token
attacker looks for kiosk/shared devices and
mines them for tokens
3. Repeat
TODAY’S SECURITY CHALLENGE:PASS THE HASH ATTACKS
Access to one device can lead to access to many
![Page 17: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/17.jpg)
TODAY’S SOLUTION: CREDENTIAL GUARD
• Pass the Hash (PtH) attacks are the
#1 go-to tool for hackers. Used in
nearly every major breach and APT
type of attack
• Credential Guard uses Windows
Defender System Guard to isolate
Windows authentication from
Windows operating system
• Protects LSA Service (LSASS) and
derived credentials (NTLM Hash)
• Fundamentally breaks derived
credential theft using MimiKatz,
Kernel
Windows Platform Services
Apps
Kernel
Windows Defender System Guard
Cre
de
nti
al
Gu
ard
Tru
stle
t#
2
Tru
stle
t#
3
Hypervisor
Device Hardware
Windows Operating System
Hyper-VHyper-V
![Page 18: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/18.jpg)
![Page 19: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/19.jpg)
![Page 20: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/20.jpg)
SLIDE TITLE
APPS
TODAY’S CHALLENGE:
OUR ANSWER: APPS MUST EARN TRUST BEFORE USE
![Page 21: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/21.jpg)
![Page 22: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/22.jpg)
WINDOWS DEFENDER ANTI-VIRUS PROTECTION
Built into Windows and Always Up-To-DateNo additional deployment & Infrastructure. Continuously up-to-
date, lower costs
Tamper ResistantWindows Trusted Boot and platform isolation and protect
Windows Defender from attacks and enable it to self-repair
Behavior and cloud-powered malware detectionCan detect fast changing malware varietals using behavior monitoring
and cloud-powered protection that expedites signature delivery
Protection that competes to winScored 100% detection in Real World Testing against top
competitors (AVTest Feb 2017).
![Page 23: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/23.jpg)
![Page 24: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/24.jpg)
ATTACKS HAPPEN FAST AND ARE HARD TO STOP
If an attacker sends an email
to 100 people in your
company…
…23 people will open it… …11 people will open the
attachment…
…and six will do it in the
first hour.
![Page 25: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/25.jpg)
WINDOWS DEFENDER ADVANCED THREAT PROTECTION
DETECT ADVANCED ATTACKS AND REMEDIATE BREACHES
Unique threat intelligence knowledge base Unparalleled threat optics provide detailed actor profiles
1st and 3rd party threat intelligence data.
Rich timeline for investigationEasily understand scope of breach. Data pivoting
across endpoints. Deep file and URL analysis.
Behavior-based, cloud-powered breach detectionActionable, correlated alerts for known and unknown adversaries.
Real-time and historical data.
Built into WindowsNo additional deployment & Infrastructure. Continuously
up-to-date, lower costs.
![Page 26: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/26.jpg)
CUSTOMER
![Page 27: MODERN DESKTOP SECURITY - download.microsoft.comdownload.microsoft.com/documents/uk/partner/days/...Azure Active Directory Premium Windows Firewall Credential Guard Windows Defender](https://reader034.vdocuments.mx/reader034/viewer/2022042621/5f537a1aa651431c9a7c4ab1/html5/thumbnails/27.jpg)