OMS Security

Asaf NakashCTO & P-TSP AzureMicrosoft MVPAsaf@cloudvalley.io054-9700780

Any cloud

Any platform

Cybersecurity Meetup

Security challenges

Threats are on the rise

Environments are more complex

Security talent is scarce

Why Security within IT Operations?Issue: ‘IT Operations is responsible for managing datacenter infrastructure, applications, and data, including the stability and security of these systems. However, gaining security insights across increasing complex IT environments often requires organizations to cobble together data from multiple security and management systems - I need a solution that provides me with actionable security insights for all my datacenter resources.’

With OMS, • You can enable both IT ops and security professionals to effectively

monitor your entire environment for security vulnerabilities and active threats – all within the context of operations management.

Holistic Security

IntelligentDetection

Rapid Investigation

Detect Security Risks and Threats Across Your

Environment

bHolistic Security

IntelligentDetection

Rapid Investigation

Holistic Security Posture

Issue: ‘Understanding the security posture of my hybrid-cloud environments is time- consuming, especially as these environments are changing rapidly.’

With OMS, • Quickly and easily understand the overall security posture of any

environment, all within the context of IT Operations, including: software update assessment, antimalware assessment, and configuration baselines. Furthermore, security log data is readily accessible to streamline security and compliance audit processes.

AuditOngoing AssessmentCross-Platform

• Actionable security insights – network, identity, servers, …

• Prioritized notable issues

• Central collection of all security data

• Export to Excel and PowerBI or via API for reporting

• Data retention

• Windows and Linux• On premises, Azure, AWS• Microsoft and 3rd party

security solutions

Holistic Security Posture

Antimalware and Update Assessments• Missing updates

• Antimalware Assessments• Malware reports

Identity and Access• Failed Logons• Password changes• Current activity

Baseline Assessment

• Over 180 recommended security configurations

• Correlation with Microsoft best- practices

Notable Issues• Included common issues• Customizable• Severity and priority

Security Audit• Easily accessible security event

logs• Searchable, actionable• Exportable via API

bHolistic Security

IntelligentDetection

Rapid Investigation

Threat Detection

Issue: ‘Cyber attacks are increasingly common and complex. Timely detection of attacks and breaches is critical to defending your environment’

With OMS, • You can leverage the power of Microsoft’s continuously updated

security intelligence to detect threats sooner and more accurately – across your entire environment.

Continuous Innovation

Security AnalyticsThreat Intelligence

• Rule-based detections• Server and network

behavioral analytics• Anomaly detections

• Ongoing threat monitoring• Validation and tuning• Automatic updates to detection

algorithms

• Intelligent security graph• Global threat database• Specialized security teams

Intelligent Detection

Threat Intelligence• Microsoft security intelligence and

leading intelligence vendors• Detects communication to known

malicious IP addresses

Security Analytics• Behavioral analytics• Event correlation• Continuously updated

bHolistic Security

IntelligentDetection

Rapid Investigation

Threat Investigation

Issue: ‘Determining the nature and source of a security threat or breach is critical to mitigating damage to the business, but is very difficult without leveraging intelligence from security experts or the tools to cross reference data across security domains, and time is critical’

With OMS, • You can leverage the power of Microsoft’s security intelligence, as

well as the tools to search across your environment, to accelerate a comprehensive investigation.

AutomationThreat IntelligenceSearch

• Geo tagging and interactive maps

• Threat intelligence reports

• OMS automation capabilities• Easy search of all security and operational data

Rapid Investigation

Search• Rapid search across all

operations and security data

Threat Intelligence• Interactive map• Built-in reports with insight into

attacker’s know techniques and objectives

• Repeatable plans• Order sequencing• Customizable checkpoints

• Multi-platform support• Community gallery• Partner ecosystem

• Ready-made runbooks • Anywhere triggers• Native webhooks

Integratedsolutions

Orchestrated recovery

OMS Automation

Automated remediation

Microsoft Security AssetsDATA CLOUD &

DATACENTERAPPLICATIONS ENDPOINTS IDENTITY DATA ENDPOINTS

(Devices)IDENTITY CLOUD &

DATACENTERAPPLICATIONS(SaaS)

Rights Management ServicesInformation Protection

Device GuardCredential GuardIntune Windows HelloWindows Defender & ATP

Azure AD Identity Protection Advanced Threat Analytics

OMS SecurityAzure Security Center

Cloud App SecurityAdvanced Threat Protection

© 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.