Embed Size (px)
Citation preview
Secure Modern Enterprise
Daniel Grabski
Executive Security Advisor, Microsoft CEEEnterprise Cybersecurity Group (ECG)
Systems of
Intelligence
DIGITAL TRANSFORMATION
Engage your customers
Empower your employees
Optimize your operations
Transform your products
The world we live in is
increasingly complex
EXPERIENCE
• 1M+ Corporate Machines protected by enterprise IT security
• Multi-platform cloud-first hybrid enterprise
• Decades of experience as a global enterprise
• Runs on multi-tenant Azure environment, same as you
VISIBILITY
• Malware largest anti-virus and
antimalware service
• Clients Windows Updates, Error
Reports
• Email Outlook.com, Office 365
• Web content Bing, Azure AD
• Cloud platform Azure IaaS
and PaaS, Azure Security Center
EXPERTISE
• Development Security established Security Development Lifecycle (SDL) - ISO/IEC 27034-1
• Operational Security for Hyper-scale cloud services
• Combatting Cybercrime in the cloud & partnering with law enforcement to disrupt malware
• Incident Investigation and recovery for customers
Visibility
ExpertiseExperience
Context
Industry leading capabilities
CONTEXT
• Trillions of URLs indexed
• Hundreds of Billions of
authentications, monthly emails
analyzed
• Billions of daily web pages
scans, Windows devices reporting
• Hundreds of Millions of
reputation look ups
• Millions of daily suspicious files
detonations
Apps and Data
SaaS
Microsoft protecting you
Malware Protection Center Cyber Hunting Teams Security Response Center
DeviceInfrastructure
CERTs
PaaS IaaS
Identity
INTELLIGENT SECURITY GRAPH
Cyber Defense
Operations Center
Digital Crimes Unit
Antivirus NetworkIndustry Partners
SECURE MODERN ENTERPRISE
Identity Apps
and Data
Infrastructure Devices
Identity Embraces identity as primary security perimeter and protects
identity systems, admins, and credentials as top priorities
Apps and Data Aligns security investments with business priorities including
identifying and securing communications, data, and applications
InfrastructureOperates on modern platform and uses cloud intelligence to
detect and remediate both vulnerabilities and attacks
Devices
Accesses assets from trusted devices with hardware security
assurances, great user experience, and advanced threat detectionSecure Platform (secure by design)
Secure Platform (secure by design)
SECURE MODERN ENTERPRISE
Identity Apps
and Data
Infrastructure Devices
Phase 1: Build Security Foundation – Critical Attack Defenses
Phase 2: Secure the Pillars
Phase 2: Secure the Pillars
Continue building a secure modern enterprise by adopting leading edge technology and architectures:
• Privileged Access Security -
Industrial Grade protections
for critical identities and
assets
• Shadow IT visibility –
Discover, protect, and monitor
your critical data in the cloud
• Device and Datacenter
Security - Hardware rooted
protections for devices,
servers, and credentials
• Threat Detection - Deep
analyst expertise and unique
technical and human insights
into threats
• Cloud Security Risk
Mitigation - Chart a secure
path as a cloud-enabled
enterprise
Phase 1: Build the FoundationStart the journey by getting in
front of current attacks
• Critical Mitigations – Critical
attack protections
• Attack Detection – Hunt for
hidden persistent adversaries
and implement critical attack
detection
• Roadmap and planning –
Share Microsoft insight on
current attacks and strategies,
build a tailored roadmap to
defend your organization’s
business value and mission
Phase 1 – Build the Foundation
Aligned with Securing Privileged
Access (SPA) roadmap
http://aka.ms/SPAroadmap
Phase 2 – Secure the Pillars
Foundation: Critical Attack Defenses
PLAN ENTER TRAVERSE EXECUTE MISSION
4Threat Actors exfiltrate PII and
other sensitive business dataThreat Actor targets employee(s)
via phishing campaign1
Workstation compromised, threat
actor gathers credentials2aThreat Actors use stolen credentials to move laterally
3a
Employee B opens infected
email (Mobile or PC).
Attacker disables antivirus
2b Compromised credentials/
device used to access
cloud service / enterprise
environment
3bc
Credentials harvested
when employee logs into
fake website2c
A. Enter and Navigate
Any employee opens attack email Access to most/all corporate data
B. Device Compromise
Targeted employee opens attack email Access to same data as employee
C. Remote CredentialHarvesting
Targeted employee(s) enter credentials in website Access to same data as employee(s)
Common Attacks
Office 365 Technology
• Advanced Threat Protection
(requires E5)
EMS Technology
• Cloud App Security (CASB)
(requires E5)
Office 365 Technology
• Advanced Security Management
(basic CASB) (requires E5)
Azure Technology
• Multi-Factor Authentication
• Azure Identity Protection
Microsoft Incident Response Teams
can be engaged to investigate any
incident type as well as to assess your
organization for existing compromises
Windows 10 Technology
• SmartScreen URL and App reputation
• Application Guard
EMS Technology
• Azure Information Protection
(requires E5)
Office 365 Technology
• Data Loss Prevention
Windows 10 Technology
• Windows Information Protection
Azure Technology
• Disk, Storage, SQL Encryption
• Key Vault
• …
AnyWindows 10 Technology
• Device Guard
• Credential Guard
• Defender Advanced Threat Protection (requires E5)
Managed Detection and Response (MDR)
• Enterprise Threat Detection
Published Guidance
• Securing Privileged Access Roadmap
Professional Services
• Security Foundation
• Enhanced Security Admin Environment (ESAE)
Technology
• Advanced Threat Analytics (in EMS E3)
• Azure Security Center & Operations Management Suite (OMS)
• …and more
EMS Technology
• Intune conditional access
Managed Detection and Response (MDR)
• Enterprise Threat Detection (PCs only)
Industry Leading Technology On-premises
Secure Modern Enterprise
RECOMMENDED FOR EVERY ENTERPRISE ORGANIZATION
Microsoft is committed to mitigating
security threats
Integrated Intelligence
Microsoft is bringing the power of
cloud to securing your assets
In the cloud
