Upload
cloudidsummit
View
72
Download
3
Tags:
Embed Size (px)
Citation preview
Without great security, Digital Identity is not worth the electrons it’s written on
Alex Simons Director of Program Management Microsoft Corporation
90%
organizations using Microsoft Active Directory WW
500M
10B daily Microsoft Account logons
active Microsoft Account users 5.5M
organizations using Microsoft Azure Active Directory
>1,000
Microsoft engineers working on Identity
and Security
The frequency and sophistication of cybersecurity attacks are escalating
$500B
total potential cost of cybercrime to the
global economy
$3.5M
average cost of a data breach to a
company
200+
median # days attackers reside within a victim’s
network before detection
network intrusions due to compromised
user credentials
75%+
rule-based detection static analysis
machine learning anomaly detection
real-time risk scoring device profiling
adaptive authentication conditional access
smart cards security tokens
OTPs & OATH codes authenticator apps
biometrics
dedicated teams threat intelligence
dark web shared intelligence
bounties
Credential Hardening
Dynamic Mitigation
Attack Intelligence
Advanced Detection
Brute force
cameron cameron1 cameron2 cameron3 cameron4 cameron5 cameron6 cameron7 cameron8 cameron9 cameron10 cameron11 cameron12 cameron13 cameron14 cameron15 cameron16 cameron17 cameron18 cameron19 cameron25 cameron26 cameron27 cameron28 cameron29 cameron30 cameron31 cameron32 cameron33 cameron34 cameron35 cameron36 cameron37 cameron38 cameron39 cameron40 cameron41 cameron42 cameron43 cameron44 cameron45 cameron46 cameron47 cameron48 cameron49 cameron50 ÛÛÛÛÛÛÛÛÛÛÛÛ
Monitoring abuse across tenants
Bad username
IP address: 199.34.28.10
Probable Penetration
IP address: 199.34.28.10
Bad username
Bad password
Bad password
Bad username Bad password
Bad username
Bad username
Logon Successful
N
Botnets
192.168.1.10 10.18.91.42 172.16.4.19 192.168.1.12 172.16.11.14 199.34.28.10 192.168.9.5 172.16.21.98 10.129.6.21 172.16.5.2
172.16.42.2 192.168.14.11 172.16.82.14 10.111.4.53 192.168.21.1 10.34.71.5 172.16.87.9 192.168.28.10 172.16.25.6 10.4.221.34
199.34.28.10
199.34.28.10 199.34.28.10
Malicious attacks
Pass-the-Ticket (PtT) Pass-the-Hash (PtH) Overpass-the-Hash Forged PAC (MS14-068)
Golden Ticket Skeleton key malware Reconnaissance BruteForce
Abnormal behavior
Anomalous logins Remote execution Suspicious activity
Unknown threats Password sharing Lateral movement