Data-driven security insights Machine Learning Intelligent Automation … · 2019-06-20 ·...

Preview:

Citation preview

Data-driven security insights

Machine Learning

Intelligent Automation

Cloud Scale

Extensive machine learning to:• Reduce manual effort• Reduce wasted effort

on false positives• Speed up detection

Defense-in-depth

This Photo by Unknown Author is licensed under CC BY-SA-NC

Resilience: Designed to recover quickly

THEN NOWReliability:Designed not to fail

!

!

!

!

Prevent:Every possible attackProtect, Detect, & Respond along the kill chain

!

!

!

!!

!

Assume

Compromise:

Securing Privileged Access

Office 365 Security

Rapid Cyberattacks (Wannacrypt/Petya)

https://aka.ms/MCRA Video Recording StrategiesOffice 365

Dynamics 365

+Monitor

Azure Sentinel – Cloud Native SIEM and SOAR (Preview)

SQL Encryption &

Data Masking

Data Loss Protection

Data Governance

eDiscovery

Data-driven security insights

Machine Learning

Intelligent Automation

Cloud Scale

Data-driven security insights

Microsoft Threat Protection

Threat & Business Prioritization Helping customers focus on the right things at the right time

Threat Context

Business Context

Automated Compensation Bridging between the IT and Security admins

Game changing IT/Security bridge scenarios

DEMO:Threat Vulnerability Management

Data-driven security insights

Help you continuously improve your security posture by

decreasing attack surface in a very targeted way

Machine learning

Early adopters are finding that Azure Sentinel reduces

threat hunting from hours to seconds.

AZURE AD PASSWORD PROTECTION

https://www.microsoft.com/en-

us/research/publication/password-

guidance/

https://pages.nist.gov/800-63-

3/sp800-63b.html

Passwordless

CRITICAL BEST PRACTICES

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview

• Azure AD reporting - Risk events are part of Azure AD's security reports.

For more information, see the users at risk security report and the risky sign-

ins security report.

• Azure AD Identity Protection - Risk events are also part of the reporting

capabilities of Azure Active Directory Identity Protection.

• Use the Identity Protection risk events API to gain programmatic access to

security detections using Microsoft Graph.

0. Do Nothing (Not Recommended)

DEMO:Azure Sentinel

Machine learning

Helps protect you by looking for what you cannot see

Intelligent automation

DEMO:Workflow automation

Intelligent automation

Helps you come to the right conclusion, fast, and helps

you respond & recover quickly

Leveraging cloud scale

Security Dashboards

Deliver Rapid Insights into

Security State Across All

Workloads

API

Microsoft Intelligent Security Graph

Knowledge of detections

shared

Knowledge of detections

shared

Knowledge of detections

shared

Azure ATP, Azure AD Identity Protection

Behavioral-based detection of

advanced credential theft attacks &

lateral movement, on premises &

cloud identities. Build automated

response policies based on

anomalous behavior.

Office 365 TI & AIR, Microsoft Secure Score, Threat Experts, Threat

AnalyticsInvestigate and respond to attacks

by seeing activity, correlating signals

and taking remediation actions –

manually or using automation.

Improve security posture and

educate users. Allow Microsoft

Threat Hunters to have your back,

Microsoft Defender ATP Exploit Guard & Antivirus

Protect against malicious files on

disk and in memory with advanced

local & cloud Machine Learning.

Hardening through Dynamic

Application Whitelisting,

Ransomware Protection and

outbound connection blocking.

Office 365 Advanced Threat Protection

Protect from dangerous links, phishing

attempts & malicious attachments.

Detect potential malicious

collaboration behavior

Microsoft Defender ATP Detection & Response, Auto Investigation & Remediation

Behavioral based detection of advanced

attacks on the endpoint using deeply

integrated sensors. AI-based investigation

and remediation

Graph Security API

Email attachment

Email message

1st and 3rd

party Threat Intelligence

added

Malicious File

Leverage SIEM connector options

to consume alerts

MO

NIT

OR

Microsoft Cloud App Security

Discover and assess risks, control

access in real time, protect your

information and detect and

protect against threats. Integrate

to uncover data exfiltration,

block unsanctioned cloud apps.

Conditional AccessProtect your data from

malicious hackers with a risk-

based conditional access policy

that can be applied to all apps

and all users, whether on-

premises or in the cloud

Microsoft Defender ATP SmartScreen, Firewall, Threat & Vulnerability

ManagementHelps protect against

phishing and malware

websites and malicious

downloads. Risk-driven

approach to the discovery,

prioritization, and

remediation of endpoint

vulnerabilities and

misconfigurations

SIEMSecurity Incident Event

Management

MONITOR?

Microsoft Intelligent Security Graph

SOAR!

Azure SentinelSecurity Orchestration, Automation

& Response

Analytics

Correlation

Categorization

Normalizing

Cloud born SIEM

Better Integration

Graph API based

Fast Analytics

Security Data Lake

No Data on prem

Workflow automation

Leveraging cloud scale

Ensures reduced complexity, lower TCO and always

enough capacity so you can absorb the blows

Data-driven security insightshelp you continuously improve your security posture by decreasing attack surface in a very targeted way

Machine Learninghelps protect you by looking for what you cannot see

Intelligent Automationhelps you come to the right conclusion, fast, and helps you respond & recover quickly

Cloud Scaleensures reduced complexity, lower TCO and always enough capacity so you can absorb the blows

Recommended