MODERN DESKTOP SECURITY

“I’M GOING TO BE HONEST.

WE’RE IN THE FIGHT OF OUR DIGITAL LIVES,

AND WE ARE NOT WINNING!”

M I C H A E L M C C A U L , C H A I R M A N , U S H O M E L A N D S E C U R I T Y C O M M I T T E E

RANSOMWARE HAS BECOME THE BLACK PLAGUE

"We can not say it loud and often enough, ransomware has become the black plague of the internet, spread by highly sophisticated exploit kits and countless spam campaigns. ," says Cisco’s Talos. Attackers are going after bigger targets that can afford to pay more, with potentially catastrophic consequences”

A dangerous piece

of PC ransomware

is now impossible

to crackSTEVE DENT

Engadget

March 17, 2016

Source: A dangerous piece of PC ransomware is now impossible to crack, Steve Dent, Engadget, Macrh 17, 2016

Evolution of Attacks

Mischief

Script Kiddies

Unsophisticated

Fraud and Theft

Organized Crime

Recently achieved apex attacker status, well resourced

Damage and Disruption

Nations, Terror Groups, Activists

Traditional apex attackers, well resourced

Threat

Protection

Protect, detect, and

respond to the most

advanced threats using

advanced based hardware

security and the power of

the cloud

THE MODERN DESKTOP SECURITYPROTECT, DETECT & RESPOND

Identity

ProtectionKick passwords to the curb

with a convenient, easy to

use and enterprise-grade

alternative that is designed

for today’s mobile-first

world.

Information

ProtectionProtect data on lost and

stolen devices and prevent

accidental data leaks using

data separation,

containment, and

encryption.

Servicing and Centralized Security Management

Threat

Protection

THE MODERN DESKTOP SECURITYPROTECT, DETECT & RESPOND

Identity

Protection

Information

Protection

Servicing and Centralized Security Management

BitLocker

Windows Information Protection

Device Encryption

Windows Hello

Azure Active Directory Premium

Credential GuardWindows Firewall

Windows Defender SmartScreen

Windows Defender ATP

Windows Defender Antivirus

Microsoft Edge

Device Guard

Office 365 ATP

Microsoft Cloud App Security

Azure Information ProtectionAdvanced Threat Analytics

Threat

Protection

THE MODERN DESKTOP SECURITYPROTECT, DETECT & RESPOND

Identity

Protection

Information

Protection

Servicing and Centralized Security Management

BitLocker

Windows Information Protection

Device Encryption

Windows Hello

Azure Active Directory Premium

Credential GuardWindows Firewall

Windows Defender SmartScreen

Windows Defender ATP

Windows Defender Antivirus

Microsoft Edge

Device Guard

Office 365 ATP

Microsoft Cloud App Security

Azure Information ProtectionAdvanced Threat Analytics

Office 365 ATP

Safe Links Provides time-of-click

malicious URL detection

Safe Attachments Helps protect against

malicious attachments

URL Detonation Scan files that are linked in

email via URLs to websites

Multiple features, maximum security

Safe Links

Helps protect against phishing and sites with malicious content.

Provides visibility into compromised users for administrators.

Rewrites all URLs to proxy through an EOP server.

IP + envelope filter

Signature-based AV

Blocking known exploits

EOP user without Office 365 ATP

EOP user with Office 365 ATP

Anti-spam filter

http://www.

Web serversperform latest URL reputation check

User clicking URL is taken to EOP web servers for the latest check at the “time-of-click”

Rewriting URLs to redirect to a web server

Safe LinksAdmin sets policy

Users notified if a

malicious link is

clicked in email

Helps protect against zero-day exploits in email attachments.

Provides visibility into compromised users for administrators.

Leverages sandboxing technology.

IP + envelope filter

Signature-based AV

Blocking known exploits

EOP user without Office 365 ATP

EOP user with Office 365 ATP

Anti-spam filter

Safe Attachments

Dynamic Delivery

TRADITIONAL PLATFORM STACK

JUST ONE VULNERABIL ITY AWAY FROM FULL COMPROMISE

Device Hardware

Kernel

Windows Platform Services

Apps

Kernel

Windows Platform Services

Apps

Kernel

Windows Defender System Guard

Tru

stle

t#

1

Tru

stle

t#

2

Tru

stle

t#

3

Hypervisor

Device Hardware

Windows Operating System

Hyper-VHyper-V

VIRTUALIZATION BASED SECURITY WITH

WINDOWS DEFENDER SYSTEM GUARD

“PASS THE HASH” ATTACKS

Today’s security challenge

1. Single IT Pro’s machine is

compromised

IT Pro manages kiosks/shared devices on

network

Attacker steals IT Pro’s access token

2. Using IT Pros access token

attacker looks for kiosk/shared devices and

mines them for tokens

3. Repeat

TODAY’S SECURITY CHALLENGE:PASS THE HASH ATTACKS

Access to one device can lead to access to many

TODAY’S SOLUTION: CREDENTIAL GUARD

• Pass the Hash (PtH) attacks are the

#1 go-to tool for hackers. Used in

nearly every major breach and APT

type of attack

• Credential Guard uses Windows

Defender System Guard to isolate

Windows authentication from

Windows operating system

• Protects LSA Service (LSASS) and

derived credentials (NTLM Hash)

• Fundamentally breaks derived

credential theft using MimiKatz,

Kernel

Windows Platform Services

Apps

Kernel

Windows Defender System Guard

Cre

de

nti

al

Gu

ard

Tru

stle

t#

2

Tru

stle

t#

3

Hypervisor

Device Hardware

Windows Operating System

Hyper-VHyper-V

SLIDE TITLE

APPS

TODAY’S CHALLENGE:

OUR ANSWER: APPS MUST EARN TRUST BEFORE USE

WINDOWS DEFENDER ANTI-VIRUS PROTECTION

Built into Windows and Always Up-To-DateNo additional deployment & Infrastructure. Continuously up-to-

date, lower costs

Tamper ResistantWindows Trusted Boot and platform isolation and protect

Windows Defender from attacks and enable it to self-repair

Behavior and cloud-powered malware detectionCan detect fast changing malware varietals using behavior monitoring

and cloud-powered protection that expedites signature delivery

Protection that competes to winScored 100% detection in Real World Testing against top

competitors (AVTest Feb 2017).

ATTACKS HAPPEN FAST AND ARE HARD TO STOP

If an attacker sends an email

to 100 people in your

company…

…23 people will open it… …11 people will open the

attachment…

…and six will do it in the

first hour.

WINDOWS DEFENDER ADVANCED THREAT PROTECTION

DETECT ADVANCED ATTACKS AND REMEDIATE BREACHES

Unique threat intelligence knowledge base Unparalleled threat optics provide detailed actor profiles

1st and 3rd party threat intelligence data.

Rich timeline for investigationEasily understand scope of breach. Data pivoting

across endpoints. Deep file and URL analysis.

Behavior-based, cloud-powered breach detectionActionable, correlated alerts for known and unknown adversaries.

Real-time and historical data.

Built into WindowsNo additional deployment & Infrastructure. Continuously

up-to-date, lower costs.

CUSTOMER