secure the modern enterprise
TRANSCRIPT
“Security is like oxygen. When you have it, you don't notice it. But when it’s gone, you don’t survive long.”
Jessi HempelFormer Senior Writer, WIRED
WIRED, “DOD Head Ashton Carter Enlists Silicon Valley to Transform
the Military,” November 18, 2015
“Cybersecurity is like going to the gym. You can’t get better by watching others, you’ve got to get there every day.”
Satya NadellaCEO, Microsoft
@satyanadella #FIF2017
“People will only use technology they trust.”
Brad Smith
President & Chief Legal OfficerMicrosoft Corporation
HOW DO BREACHES OCCUR?
Malware and vulnerabilities are not the only thing
to worry about
99.9%of exploited Vulnerabilities were used more than a year after the CVE was published
46%of compromised systems had no malware on them
50%of those who open and click attachments do so within the first hour
23%of recipients opened phishing messages (11% clicked on attachments)
Fast and effective phishing attacks leave you little time to react
Microsoft is meeting customer security needs with the industry's largest compliance
portfolio
ISO
27001PCI DSS Level 1 * SOC 2 Type 2
ISO
27018
Cloud Controls
Matrix
Content Delivery and
Security Association *
Shared
AssessmentsSOC 1 Type 2W
orld
wid
e
INDUSTRY’S LARGEST COMPLIANCE PORTFOLIOG
ove
rnm
ent
FIPS 140-2 DISA Level 2FERPAFedRAMP
JAB P-ATO
FISMACJIS21 CFR
Part 11
IRS 1075Section 508
VPAT
United Kingdom
G-Cloud
NIST 800-
171
Natio
nal
European Union
Model Clauses
Singapore
MTCS Level 3
New Zealand
GCIO
Australian Signals
Directorate
Japan
Financial
Services
Spain ENSENISA
IAFHIPAA /
HITECH
EU-U.S.
Privacy Shield
China MLPS*,
TRUCS*, GB
18030*
https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings
Apps and Data
SaaS
Analysis & Action
Digital Crimes Unit Hunting Teams Security Response Center Malware Protection Center
Device
Antivirus
Network
Infrastructure
Cyber Defense
Operations Center
CERTs and
other partners
PaaS IaaS
Identity
The Microsoft Cyber Defense Operations Center
• Protect Microsoft’s cloud infrastructure, customer-facing cloud services, products and devices, and internal resources 24 x 7 x 365
• Unite personnel, technology, and analytics in a central hub
• Provide world-class security protection, detection, and response
• More than 50 Security Experts and Data Scientists
• Connected to >3500 Security Professionals across Microsoft
• Tight partnerships with Microsoft Research and the Security Development Lifecycle (SDL) team
MICROSOFT CONFIDENTIAL
Access to a Transparency Center to work directly with source code for certain
high-volume products
Remote access to online source code for certain high-volume products
Technical data about products and services, including about Microsoft’s cloud
services
Information sharing about threats and vulnerabilities from Microsoft
Microsoft Confidential
A safer digital experience for
every person and organization
on the planet
The Microsoft Digital Crimes Unit
Public and private partnerships to fight
technology facilitated crimes
.
Combining novel legal strategies, cutting-
edge forensics, cloud and big data
analytics
SECURE MODERN ENTERPRISE
Identity Apps
and Data
Infrastructure Devices
Identity Embraces identity as primary security perimeter and protects
identity systems, admins, and credentials as top priorities
Apps and Data Aligns security investments with business priorities including
identifying and securing communications, data, and applications
InfrastructureOperates on modern platform and uses cloud intelligence to
detect and remediate both vulnerabilities and attacks
Devices
Accesses assets from trusted devices with hardware security
assurances, great user experience, and advanced threat detectionSecure Platform (secure by design)
Secure Platform (secure by design)
SECURE MODERN ENTERPRISE
Identity Apps
and Data
Infrastructure Devices
Phase 2: Secure the Pillars
Phase 1: Build the Security FoundationStart the journey by getting in
front of current attacks
• Critical Mitigations – Critical
attack protections
• Attack Detection – Hunt for
hidden persistent adversaries
and implement critical attack
detection
• Roadmap and planning –
Share Microsoft insight on
current attacks and strategies,
build a tailored roadmap to
defend your organization’s
business value and mission
Phase 1: Build Security Foundation – Critical Attack Defenses
Phase 2: Secure the Pillars
Continue building a secure modern enterprise by adopting leading edge technology and approaches:
• Threat Detection – Integrate
leading edge intelligence and
Managed detection and
response (MDR) capabilities
• Privileged Access – continue
reducing risk to business
critical identities and assets
• Cloud Security Risk – Chart a
secure path into a cloud-enabled enterprise
• SaaS / Shadow IT Risk –
Discover, protect, and monitor
your critical data in the cloud
• Device & Datacenter
Security – Hardware
protections for Devices,
Credentials, Servers, and
Applications
• App/Dev Security – Secure
your development practices
and digital transformation
components
Enterprise identity, security and cybersecurity
• Dynamic Identity Framework Assessment (DIF)
• Azure Active Directory Implementation Services
• Azure Active Directory B2C Architecture Services
• Microsoft Identity Management Foundation
• Design and Implementation for Active Directory (DIAD)
• Enterprise Federated Identity using AD Federation Services (EFI)
• Public Key Infrastructure using AD Certificate Services (PKI)
• Enterprise Modernization – Active Directory Upgrade
• Active Directory Migration Service (ADMS)
• Offline Assessment for Active Directory Security (OAADS)
• Privileged Access Workstation (PAW)
• Persistent Adversary Detection Services (PADS)
• ATA Implementation Services (ATA-IS)
• Enterprise Threat Detection (ETD)
• Enhanced Secure Administrative Environment (ESAE)
• Securing Lateral Account Movement (POP-SLAM)
• Incident Response and Tactical Recovery (I/R & T/R)
• Microsoft Security Risk Assessment
• Windows 10 Enterprise Security Integration Briefing
• Windows 10 security implementation services
• Information Protection using Azure Rights Management Service
• Shielded Virtual Machines (VM) Proof of Concept (PoC)
• Security Development Lifecycle Maturity Assessment
Enterprise services and cybersecurity offersMicrosoft products and capabilities
• Azure AD Identity Protection
• Advanced Threat Analytics
• Enterprise Mobility + Security
• Advanced Threat Protection
• Azure AD B2C
• Microsoft Identity Manager
• Azure Information Protection
• Windows Information Protection
• Enterprise Mobility + Security
• Customer Lockbox
• Cloud App Security
• Azure SQL Security
• Windows 10
• Device Guard
• Credential Guard
• Windows Defender
• Windows Defender ATP
• Windows Server 2016
• Azure Security Center
• OMS Security Suite
• Shielded VMs
Contact: [email protected]
PLAN ENTER TRAVERSE EXECUTE MISSION
4Threat Actors exfiltrate PII and
other sensitive business dataThreat Actor targets employee(s)
via phishing campaign1
Workstation compromised, threat
actor gathers credentials2aThreat Actors use stolen credentials to move laterally
3a
Employee B opens infected
email (Mobile or PC).
Attacker disables antivirus
2b Compromised credentials/
device used to access
cloud service / enterprise
environment
3bc
Credentials harvested
when employee logs into
fake website2c
A. Enter and Navigate
Any employee opens attack email Access to most/all corporate data
B. Device Compromise
Targeted employee opens attack email Access to same data as employee
C. Remote CredentialHarvesting
Targeted employee(s) enter credentials in website Access to same data as employee(s)
Common Attacks
Office 365 Technology
• Advanced Threat Protection
(requires E5)
EMS Technology
• Cloud App Security (CASB)
(requires E5)
Office 365 Technology
• Advanced Security Management
(basic CASB) (requires E5)
Azure Technology
• Multi-Factor Authentication
• Azure Identity Protection
Microsoft Incident Response Teams
can be engaged to investigate any
incident type as well as to assess your
organization for existing compromises
Windows 10 Technology
• SmartScreen URL and App reputation
• Application Guard
EMS Technology
• Azure Information Protection
(requires E5)
Office 365 Technology
• Data Loss Prevention
Windows 10 Technology
• Windows Information Protection
Azure Technology
• Disk, Storage, SQL Encryption
• Key Vault
• …
AnyWindows 10 Technology
• Device Guard
• Credential Guard
• Defender Advanced Threat Protection (requires E5)
Managed Detection and Response (MDR)
• Enterprise Threat Detection
Published Guidance
• Securing Privileged Access Roadmap
Professional Services
• Security Foundation
• Enhanced Security Admin Environment (ESAE)
Technology
• Advanced Threat Analytics (in EMS E3)
• Azure Security Center & Operations Management Suite (OMS)
• …and more
EMS Technology
• Intune conditional access
Managed Detection and Response (MDR)
• Enterprise Threat Detection (PCs only)
Why do you want to protect information?
Reduce leakage of data shared with others
Partitioning of sensitive data from unauthorized users
Prevent employees from leaking secrets
Meet compliance requirements (GDPR, …)
96%
94%
89%
87%
Protect devices with industry-leading
encryption, anti-malware technologies, and
identity and access solutions
Safeguard customer data in the cloud,
including personal data, with industry-leading
security measures and privacy policies
Secure your IT environment and achieve
compliance with enterprise-grade user and
administrative controls
Protect customer data both in the cloud, and
on-premises, with industry-leading security
capabilities