SlideShare una empresa de Scribd logo

cyber-security-reference-architecture

Descargar como PPTX, PDF
B
Birendra Negi ☁️

cyber-security-reference-architecture

Deportes
1 de 20
Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Extranet Azure Key Vault Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ Mac OS Multi-Factor Authentication MIM PAM Network Security Groups Azure AD PIM Windows Info Protection Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Security Operations Center (SOC) WEF SIEM Integration IoT Identity & Access Windows 10Managed Clients Software as a Service ATA Azure Information Protection (AIP) • Classify • Label • Protect • Report Endpoint DLP ClassificationLabels Office 365 Information Protection Legacy Windows Hold Your Own Key (HYOK) 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Azure AD Identity Protection Security Appliances Last updated July 2017 – latest at http://aka.ms/MCRA EPP - Windows Defender AV EDR - Windows ATP Azure SQL Threat Detection Windows Server 2016 Security Shielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V Containers, Nano server, Defender AV, Defender ATP (Roadmap), and more… Azure App Gateway Azure Antimalware SQL Encryption & Data Masking SQL Firewall Disk & Storage Encryption Conditional Access Office 365 ATP • Email Gateway • Anti-malware • Threat Protection • Threat Detection Azure Security Center (ASC) Analytics / UEBA MSSP Windows Security Center Azure Security Center Vulnerability Management SIEM Office 365 • Security & Compliance • Threat Intelligence Hello for Business Windows 10 Security • Secure Boot • Device Guard • Exploit Guard • Application Guard • Credential Guard • Windows Hello • Remote Credential Guard • Device Health Attestation Security Development Lifecycle (SDL) Cybersecurity Operations Service (COS) Incident Response and Recovery Services Office 365 DLP Cloud App Security Lockbox ASM Intune MDM/MAM DDoS attack mitigation Backup & Site RecoverySystem Center Configuration Manager + Intune Privileged Access Workstations (PAWs) Shielded VMs ESAE Admin Forest Domain Controllers
Cybersecurity Reference Architecture Mark Simos Sachin Gupta Enterprise Cybersecurity Group
Active Threat Detection Software as a Service Office 365 Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Intranet Extranet On Premises Datacenter(s) IPS DLP SSL Proxy $ Windows 10 NGFW Mac OS Enterprise Servers Domain Controllers VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Analytics Managed Security Provider SIEM Security Operations Center (SOC) Logs & Analytics Hunting Teams IoT Identity & AccessUEBA Managed Clients Legacy Windows Information Protection Endpoint DLP Components • Network Edge Defenses • Operations, Identity, & Info Protection Functions • Enterprise Servers & VMs • SaaS adoption (sanctioned or Shadow IT) • Identity Systems including Active Directory • Mix of managed & unmanaged devices • Endpoint and Edge DLP • Highly Sensitive Assets • SIEM & Analytics • Advanced Detection & Response
SECURE MODERN ENTERPRISE Identity Apps and Data Infrastructure Devices Identity Embraces identity as primary security perimeter and protects identity systems, admins, and credentials as top priorities Apps and Data Aligns security investments with business priorities including identifying and securing communications, data, and applications Infrastructure Operates on modern platform and uses cloud intelligence to detect and remediate both vulnerabilities and attacks Devices Accesses assets from trusted devices with hardware security assurances, great user experience, and advanced threat detectionSecure Platform (secure by design)
Secure Platform (secure by design) SECURE MODERN ENTERPRISE Identity Apps and Data Infrastructure Devices Secure the Pillars Build the Security Foundation Start the journey by getting in front of current attacks • Critical Mitigations – Critical attack protections • Attack Detection – Hunt for hidden persistent adversaries and implement critical attack detection • Roadmap and planning – Share Microsoft insight on current attacks and strategies, build a tailored roadmap to defend your organization’s business value and mission Build Security Foundation – Critical Attack Defenses Secure the Pillars Continue building a secure modern enterprise by adopting leading edge technology and approaches: • Threat Detection – Integrate leading edge intelligence and Managed detection and response (MDR) capabilities • Identity and Access Management – continue reducing risk to business critical identities and assets • Information Protection– Discover, protect, and monitor your critical data • Cloud Adoption – Chart a secure path into a cloud- enabled enterprise • Device & Datacenter Security – Hardware protections for Devices, Credentials, Servers, and Applications • App/Dev Security – Secure your development practices and digital transformation components http://aka.ms/SPARoadmap
Active Threat Detection Software as a Service Office 365 Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Intranet Extranet On Premises Datacenter(s) IPS DLP SSL Proxy $ Windows 10 NGFW Mac OS Enterprise Servers Domain Controllers VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Analytics Managed Security Provider SIEM Security Operations Center (SOC) Logs & Analytics Hunting Teams IoT Identity & AccessUEBA Managed Clients Legacy Windows Information Protection Endpoint DLP Major Incident Credential Theft Mitigations Prevention • Privileged Access Workstations • Administrative Forest (ESAE) • Privileged Access Management Detection • Advanced Threat Analytics • ETD Managed Detection and Response (MDR) Response • Incident Response MIM PAM Enterprise Threat Detection Investigation and Recovery ATA ATA Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Privileged Access Workstations Admin Forest
Approved Cloud Services Office 365 Network Perimeter Unmanaged Devices Threats Persistent • Network perimeter repels and detects classic attacks …but is reliably defeated by • Phishing • Credential theft • Data has moved out of the network and its protections • You must establish an Identity security perimeter • Strong Authentication • Monitoring and enforcement of access policies • Threat monitoring using telemetry & intelligence Resources $ $ $ $$ $ $ $ $ $ $ Identity Perimeter Shadow IT
Devices Apps Infrastructure Data Identity Unprotected Sensitive Data Unmanaged Devices Risky Use of Approved SaaS Apps Shadow IT SaaS Applications Phishing Credential Theft & Abuse
MIM PAM Enterprise Threat Detection Investigation and Recovery ATA Privileged Access Workstations Admin Forest Challenges • Phishing reliably gains foothold in environment • Credential Theft allows traversal within environment Microsoft Approach • Time of click (vs. time of send) protection and attachment detonation • Integrated Intelligence, Reporting, Policy enforcement • Securing Privileged Access (SPA) roadmap to protect Active Directory and existing infrastructure Identity Phishing Credential Theft & Abuse Office 365 ATP • Email Gateway • Anti-malware Azure AD Identity Protection Conditional Access Advanced Threat Analytics
Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ Mac OS Multi-Factor Authentication MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Enterprise Threat Detection Analytics Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WEF SIEM Integration IoT Identity & AccessUEBA Windows 10Managed Clients Software as a Service ATA Privileged Access Workstations (PAWs) Endpoint DLP DDoS attack mitigation Office 365 Information Protection Legacy Windows Backup and Site Recovery Domain Controllers Office 365 ATP • Email Gateway • Anti-malware ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances
Apps Phishing Theft se Shadow IT SaaS Applications Challenges • Shadow IT - Unsanctioned cloud services storing and processing your sensitive data • SaaS Management – Challenging to consistently manage many Software as a Service (SaaS) Microsoft Approach Enable Full Security Lifecycle 1. Discover SaaS Usage 2. Investigate current risk posture 3. Take Control to enforce policy on SaaS tenants and data 4. Alert and take automatic action on policy violations (e.g. remove public access to sensitive document) Cloud App Security Risky Use of Approved SaaS Apps
Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ Mac OS Multi-Factor Authentication MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Enterprise Threat Detection Analytics Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WEF SIEM Integration IoT Identity & AccessUEBA Windows 10Managed Clients Software as a Service ATA Privileged Access Workstations (PAWs) Endpoint DLP DDoS attack mitigation Office 365 Information Protection Legacy Windows Backup and Site Recovery Domain Controllers Office 365 ATP • Email Gateway • Anti-malware ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances Cloud App Security
Data Unprotected Sensitive Data Credential Theft & Abuse Challenges • Limited visibility and control of sensitive data • Data classification is large and challenging project Microsoft Approach • Protect data anywhere it goes • Bring or Hold your own Key • Support most popular formats • Integration with Existing DLP Azure Information Protection (AIP) • Classify • Label • Protect • Report ClassificationLabels Hold Your Own Key (HYOK) Endpoint DLP Edge DLP
Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ Mac OS Multi-Factor Authentication MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Enterprise Threat Detection Analytics Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WEF SIEM Integration IoT Identity & AccessUEBA Windows 10Managed Clients Software as a Service ATA Privileged Access Workstations (PAWs) Conditional Access Cloud App Security Azure Information Protection (AIP) • Classify • Label • Protect • Report Office 365 DLP Endpoint DLP Structured Data & 3rd party Apps DDoS attack mitigation ClassificationLabels ASM Lockbox Office 365 Information Protection Legacy Windows Backup and Site Recovery Domain Controllers Office 365 ATP • Email Gateway • Anti-malware Hold Your Own Key (HYOK) ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances
Microsoft Approach • Provide a great user experience, strong Hardware- based security, and advanced detection + response capabilities • Mobile Device Management and Mobile App Management of popular devices via Intune • Policy enforcement via Conditional Access Devices Unmanaged Devices Challenges • Provide secure PCs and devices for sensitive data • Manage & protect data on non-corporate devices Intune MDM/MAM Conditional Access Windows 10
Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ Mac OS Multi-Factor Authentication MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Enterprise Threat Detection Analytics Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WEF SIEM Integration IoT Identity & AccessUEBA Windows 10Managed Clients Software as a Service ATA Privileged Access Workstations (PAWs) Intune MDM/MAM Conditional Access Cloud App Security Azure Information Protection (AIP) • Classify • Label • Protect • Report Office 365 DLP Endpoint DLP Structured Data & 3rd party Apps DDoS attack mitigation ClassificationLabels ASM Lockbox Office 365 Information Protection Legacy Windows Backup and Site Recovery Domain Controllers Office 365 ATP • Email Gateway • Anti-malware Hold Your Own Key (HYOK) ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances
Powered by the Intelligent Security Graph Professional Services Information Identity Cloud Infrastructure Private Cloud & On- Premises Infrastructure Microsoft Threat Detection Deep insight across your environment Azure Security Center • Threat Protection • Threat Detection EDR - Windows Defender ATP Enterprise Threat Detection OMS ATA Investigation and Recovery Cloud App Security Office 365 ATP • Email Gateway • Anti-malware PADS Detect Threats with managed detection and response (MDR) service Hunt for threats and persistent adversaries in your environment Respond to Threats with seasoned professionals and deep expertise Operations Management Suite Azure AD Identity Protection Advanced Threat Analytics SIEM Security Appliances
Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection System Center Configuration Manager + Intune Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ EPP - Windows Defender EDR - Windows Defender ATPMac OS Multi-Factor Authentication MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Windows Info Protection Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Enterprise Threat Detection Analytics Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WEF SIEM Integration IoT Identity & AccessUEBA Windows 10 Windows 10 Security • Secure Boot • Device Guard • Application Guard • Credential Guard • Windows Hello Managed Clients Windows Server 2016 Security Shielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V Containers, Nano server, … Software as a Service ATA Privileged Access Workstations (PAWs) • Device Health Attestation • Remote Credential Guard Intune MDM/MAM Conditional Access Cloud App Security Azure Information Protection (AIP) • Classify • Label • Protect • Report Office 365 DLP Endpoint DLP Structured Data & 3rd party Apps DDoS attack mitigation ClassificationLabels ASM Lockbox Office 365 Information Protection Legacy Windows Backup and Site Recovery Shielded VMs Domain Controllers Office 365 ATP • Email Gateway • Anti-malware Hold Your Own Key (HYOK) ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances • Hover over each item in presentation mode to see description • Click to go to a webpage
Business Critical Workloads Cybersecurity Reference Architecture Extranet Microsoft Azure On Premises Datacenter(s) Nearly all customer breaches involve credential theft (Microsoft Incident Response team) Colocation $ Enterprise Servers Security Operations Center (SOC) Identity & Access Managed Clients Legacy Windows Privileged Access Workstations (PAWs) Data Protection Full Lifecycle Protections (Classify, Protect, Report, Revoke) Critical Formats DLP integration Office 365 Information Protection Advanced Email Protection Partnerships • Firewall, Proxy • Data Loss Prevention (DLP) • Intrusion Prevention (IPS) Advanced Threat Protection and Detection Analytics & Reporting Conditional Access Multi-factor Authentication Privileged Access Management …and more Windows 10 Security • Hardware based protections • Powerful detection and investigation capabilities Mac OS Built-in Security Protection from DDoS, Disasters, & Ransomware Compliance Internet Facing Workloads Security Appliances Threat Protection and Monitoring • Incident Response and Recovery Services • Visibility across your enterprise assets • Integration with your existing SIEM Datacenter and Virtualization Security Critical Protections for Privileged Identities | Private Cloud Fabric | Workloads Internet of Things Unmanaged & Mobile Clients Mobile Device & App Management (MDM/MAM) Discover & Secure SaaS usage Last updated March 2017 – latest at http://aka.ms/MCRA
cyber-security-reference-architecture

Recomendados

Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Soc
SocSoc
SocMukesh Chaudhari
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 

Recomendados

Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Soc
SocSoc
SocMukesh Chaudhari
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 

Más contenido relacionado

La actualidad más candente

The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 

La actualidad más candente (20)

The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Hunting
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 

Similar a cyber-security-reference-architecture

Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceDean Iacovelli
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 
Security: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionSecurity: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionAmazon Web Services
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...David J Rosenthal
 
MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?Olav Tvedt
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsAmazon Web Services
 
Secure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat ProtectionSecure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat ProtectionAmmar Hasayen
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsEvident.io
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Shahar Geiger Maor
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Community
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 

Similar a cyber-security-reference-architecture (20)

Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conference
 
Secure the modern Enterprise
Secure the modern EnterpriseSecure the modern Enterprise
Secure the modern Enterprise
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 
Security: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud AdoptionSecurity: A Driving Force Behind Cloud Adoption
Security: A Driving Force Behind Cloud Adoption
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
 
MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Secure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat ProtectionSecure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat Protection
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Information Security
Information SecurityInformation Security
Information Security
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD
 

Último

Instruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics Trade
Instruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics TradeInstruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics Trade
Instruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics TradeOptics-Trade
 
Expert Pool Table Refelting in Lee & Collier County, FL
Expert Pool Table Refelting in Lee & Collier County, FLExpert Pool Table Refelting in Lee & Collier County, FL
Expert Pool Table Refelting in Lee & Collier County, FLAll American Billiards
 
8377087607 ☎, Cash On Delivery Call Girls Service In Hauz Khas Delhi Enjoy 24/7
8377087607 ☎, Cash On Delivery Call Girls Service In Hauz Khas Delhi Enjoy 24/78377087607 ☎, Cash On Delivery Call Girls Service In Hauz Khas Delhi Enjoy 24/7
8377087607 ☎, Cash On Delivery Call Girls Service In Hauz Khas Delhi Enjoy 24/7dollysharma2066
 
Technical Data | ThermTec Wild 335 | Optics Trade
Technical Data | ThermTec Wild 335 | Optics TradeTechnical Data | ThermTec Wild 335 | Optics Trade
Technical Data | ThermTec Wild 335 | Optics TradeOptics-Trade
 
Mysore Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Mysore Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMysore Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Mysore Call Girls 7001305949 WhatsApp Number 24x7 Best Servicesnajka9823
 
Instruction Manual | ThermTec Wild Thermal Monoculars | Optics Trade
Instruction Manual | ThermTec Wild Thermal Monoculars | Optics TradeInstruction Manual | ThermTec Wild Thermal Monoculars | Optics Trade
Instruction Manual | ThermTec Wild Thermal Monoculars | Optics TradeOptics-Trade
 
Real Moto 2 MOD APK v1.1.721 All Bikes, Unlimited Money
Real Moto 2 MOD APK v1.1.721 All Bikes, Unlimited MoneyReal Moto 2 MOD APK v1.1.721 All Bikes, Unlimited Money
Real Moto 2 MOD APK v1.1.721 All Bikes, Unlimited MoneyApk Toly
 
Austria vs France David Alaba Switches Position to Defender in Austria's Euro...
Austria vs France David Alaba Switches Position to Defender in Austria's Euro...Austria vs France David Alaba Switches Position to Defender in Austria's Euro...
Austria vs France David Alaba Switches Position to Defender in Austria's Euro...Eticketing.co
 
France's UEFA Euro 2024 Ambitions Amid Coman's Injury.docx
France's UEFA Euro 2024 Ambitions Amid Coman's Injury.docxFrance's UEFA Euro 2024 Ambitions Amid Coman's Injury.docx
France's UEFA Euro 2024 Ambitions Amid Coman's Injury.docxEuro Cup 2024 Tickets
 
办理学位证(KCL文凭证书)伦敦国王学院毕业证成绩单原版一模一样
办理学位证(KCL文凭证书)伦敦国王学院毕业证成绩单原版一模一样办理学位证(KCL文凭证书)伦敦国王学院毕业证成绩单原版一模一样
办理学位证(KCL文凭证书)伦敦国王学院毕业证成绩单原版一模一样7pn7zv3i
 
Call Girls in Dhaula Kuan 💯Call Us 🔝8264348440🔝
Call Girls in Dhaula Kuan 💯Call Us 🔝8264348440🔝Call Girls in Dhaula Kuan 💯Call Us 🔝8264348440🔝
Call Girls in Dhaula Kuan 💯Call Us 🔝8264348440🔝soniya singh
 
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdfJORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdfArturo Pacheco Alvarez
 
IPL Quiz ( weekly quiz) by SJU quizzers.
IPL Quiz ( weekly quiz) by SJU quizzers.IPL Quiz ( weekly quiz) by SJU quizzers.
IPL Quiz ( weekly quiz) by SJU quizzers.SJU Quizzers
 
Technical Data | ThermTec Wild 650L | Optics Trade
Technical Data | ThermTec Wild 650L | Optics TradeTechnical Data | ThermTec Wild 650L | Optics Trade
Technical Data | ThermTec Wild 650L | Optics TradeOptics-Trade
 
Croatia vs Italy UEFA Euro 2024 Croatia's Checkered Legacy on Display in New ...
Croatia vs Italy UEFA Euro 2024 Croatia's Checkered Legacy on Display in New ...Croatia vs Italy UEFA Euro 2024 Croatia's Checkered Legacy on Display in New ...
Croatia vs Italy UEFA Euro 2024 Croatia's Checkered Legacy on Display in New ...Eticketing.co
 
Resultados del Campeonato mundial de Marcha por equipos Antalya 2024
Resultados del Campeonato mundial de Marcha por equipos Antalya 2024Resultados del Campeonato mundial de Marcha por equipos Antalya 2024
Resultados del Campeonato mundial de Marcha por equipos Antalya 2024Judith Chuquipul
 

Último (18)

Instruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics Trade
Instruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics TradeInstruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics Trade
Instruction Manual | ThermTec Hunt Thermal Clip-On Series | Optics Trade
 
Expert Pool Table Refelting in Lee & Collier County, FL
Expert Pool Table Refelting in Lee & Collier County, FLExpert Pool Table Refelting in Lee & Collier County, FL
Expert Pool Table Refelting in Lee & Collier County, FL
 
8377087607 ☎, Cash On Delivery Call Girls Service In Hauz Khas Delhi Enjoy 24/7
8377087607 ☎, Cash On Delivery Call Girls Service In Hauz Khas Delhi Enjoy 24/78377087607 ☎, Cash On Delivery Call Girls Service In Hauz Khas Delhi Enjoy 24/7
8377087607 ☎, Cash On Delivery Call Girls Service In Hauz Khas Delhi Enjoy 24/7
 
Technical Data | ThermTec Wild 335 | Optics Trade
Technical Data | ThermTec Wild 335 | Optics TradeTechnical Data | ThermTec Wild 335 | Optics Trade
Technical Data | ThermTec Wild 335 | Optics Trade
 
Mysore Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Mysore Call Girls 7001305949 WhatsApp Number 24x7 Best ServicesMysore Call Girls 7001305949 WhatsApp Number 24x7 Best Services
Mysore Call Girls 7001305949 WhatsApp Number 24x7 Best Services
 
Instruction Manual | ThermTec Wild Thermal Monoculars | Optics Trade
Instruction Manual | ThermTec Wild Thermal Monoculars | Optics TradeInstruction Manual | ThermTec Wild Thermal Monoculars | Optics Trade
Instruction Manual | ThermTec Wild Thermal Monoculars | Optics Trade
 
Real Moto 2 MOD APK v1.1.721 All Bikes, Unlimited Money
Real Moto 2 MOD APK v1.1.721 All Bikes, Unlimited MoneyReal Moto 2 MOD APK v1.1.721 All Bikes, Unlimited Money
Real Moto 2 MOD APK v1.1.721 All Bikes, Unlimited Money
 
Austria vs France David Alaba Switches Position to Defender in Austria's Euro...
Austria vs France David Alaba Switches Position to Defender in Austria's Euro...Austria vs France David Alaba Switches Position to Defender in Austria's Euro...
Austria vs France David Alaba Switches Position to Defender in Austria's Euro...
 
France's UEFA Euro 2024 Ambitions Amid Coman's Injury.docx
France's UEFA Euro 2024 Ambitions Amid Coman's Injury.docxFrance's UEFA Euro 2024 Ambitions Amid Coman's Injury.docx
France's UEFA Euro 2024 Ambitions Amid Coman's Injury.docx
 
办理学位证(KCL文凭证书)伦敦国王学院毕业证成绩单原版一模一样
办理学位证(KCL文凭证书)伦敦国王学院毕业证成绩单原版一模一样办理学位证(KCL文凭证书)伦敦国王学院毕业证成绩单原版一模一样
办理学位证(KCL文凭证书)伦敦国王学院毕业证成绩单原版一模一样
 
Call Girls in Dhaula Kuan 💯Call Us 🔝8264348440🔝
Call Girls in Dhaula Kuan 💯Call Us 🔝8264348440🔝Call Girls in Dhaula Kuan 💯Call Us 🔝8264348440🔝
Call Girls in Dhaula Kuan 💯Call Us 🔝8264348440🔝
 
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdfJORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
JORNADA 3 LIGA MURO 2024GHGHGHGHGHGH.pdf
 
young Call girls in Moolchand 🔝 9953056974 🔝 Delhi escort Service
young Call girls in Moolchand 🔝 9953056974 🔝 Delhi escort Serviceyoung Call girls in Moolchand 🔝 9953056974 🔝 Delhi escort Service
young Call girls in Moolchand 🔝 9953056974 🔝 Delhi escort Service
 
IPL Quiz ( weekly quiz) by SJU quizzers.
IPL Quiz ( weekly quiz) by SJU quizzers.IPL Quiz ( weekly quiz) by SJU quizzers.
IPL Quiz ( weekly quiz) by SJU quizzers.
 
FULL ENJOY Call Girls In Savitri Nagar (Delhi) Call Us 9953056974
FULL ENJOY Call Girls In Savitri Nagar (Delhi) Call Us 9953056974FULL ENJOY Call Girls In Savitri Nagar (Delhi) Call Us 9953056974
FULL ENJOY Call Girls In Savitri Nagar (Delhi) Call Us 9953056974
 
Technical Data | ThermTec Wild 650L | Optics Trade
Technical Data | ThermTec Wild 650L | Optics TradeTechnical Data | ThermTec Wild 650L | Optics Trade
Technical Data | ThermTec Wild 650L | Optics Trade
 
Croatia vs Italy UEFA Euro 2024 Croatia's Checkered Legacy on Display in New ...
Croatia vs Italy UEFA Euro 2024 Croatia's Checkered Legacy on Display in New ...Croatia vs Italy UEFA Euro 2024 Croatia's Checkered Legacy on Display in New ...
Croatia vs Italy UEFA Euro 2024 Croatia's Checkered Legacy on Display in New ...
 
Resultados del Campeonato mundial de Marcha por equipos Antalya 2024
Resultados del Campeonato mundial de Marcha por equipos Antalya 2024Resultados del Campeonato mundial de Marcha por equipos Antalya 2024
Resultados del Campeonato mundial de Marcha por equipos Antalya 2024
 

cyber-security-reference-architecture

  • 1. Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Extranet Azure Key Vault Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ Mac OS Multi-Factor Authentication MIM PAM Network Security Groups Azure AD PIM Windows Info Protection Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Security Operations Center (SOC) WEF SIEM Integration IoT Identity & Access Windows 10Managed Clients Software as a Service ATA Azure Information Protection (AIP) • Classify • Label • Protect • Report Endpoint DLP ClassificationLabels Office 365 Information Protection Legacy Windows Hold Your Own Key (HYOK) 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Azure AD Identity Protection Security Appliances Last updated July 2017 – latest at http://aka.ms/MCRA EPP - Windows Defender AV EDR - Windows ATP Azure SQL Threat Detection Windows Server 2016 Security Shielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V Containers, Nano server, Defender AV, Defender ATP (Roadmap), and more… Azure App Gateway Azure Antimalware SQL Encryption & Data Masking SQL Firewall Disk & Storage Encryption Conditional Access Office 365 ATP • Email Gateway • Anti-malware • Threat Protection • Threat Detection Azure Security Center (ASC) Analytics / UEBA MSSP Windows Security Center Azure Security Center Vulnerability Management SIEM Office 365 • Security & Compliance • Threat Intelligence Hello for Business Windows 10 Security • Secure Boot • Device Guard • Exploit Guard • Application Guard • Credential Guard • Windows Hello • Remote Credential Guard • Device Health Attestation Security Development Lifecycle (SDL) Cybersecurity Operations Service (COS) Incident Response and Recovery Services Office 365 DLP Cloud App Security Lockbox ASM Intune MDM/MAM DDoS attack mitigation Backup & Site RecoverySystem Center Configuration Manager + Intune Privileged Access Workstations (PAWs) Shielded VMs ESAE Admin Forest Domain Controllers
  • 2. Cybersecurity Reference Architecture Mark Simos Sachin Gupta Enterprise Cybersecurity Group
  • 3. Active Threat Detection Software as a Service Office 365 Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Intranet Extranet On Premises Datacenter(s) IPS DLP SSL Proxy $ Windows 10 NGFW Mac OS Enterprise Servers Domain Controllers VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Analytics Managed Security Provider SIEM Security Operations Center (SOC) Logs & Analytics Hunting Teams IoT Identity & AccessUEBA Managed Clients Legacy Windows Information Protection Endpoint DLP Components • Network Edge Defenses • Operations, Identity, & Info Protection Functions • Enterprise Servers & VMs • SaaS adoption (sanctioned or Shadow IT) • Identity Systems including Active Directory • Mix of managed & unmanaged devices • Endpoint and Edge DLP • Highly Sensitive Assets • SIEM & Analytics • Advanced Detection & Response
  • 4. SECURE MODERN ENTERPRISE Identity Apps and Data Infrastructure Devices Identity Embraces identity as primary security perimeter and protects identity systems, admins, and credentials as top priorities Apps and Data Aligns security investments with business priorities including identifying and securing communications, data, and applications Infrastructure Operates on modern platform and uses cloud intelligence to detect and remediate both vulnerabilities and attacks Devices Accesses assets from trusted devices with hardware security assurances, great user experience, and advanced threat detectionSecure Platform (secure by design)
  • 5. Secure Platform (secure by design) SECURE MODERN ENTERPRISE Identity Apps and Data Infrastructure Devices Secure the Pillars Build the Security Foundation Start the journey by getting in front of current attacks • Critical Mitigations – Critical attack protections • Attack Detection – Hunt for hidden persistent adversaries and implement critical attack detection • Roadmap and planning – Share Microsoft insight on current attacks and strategies, build a tailored roadmap to defend your organization’s business value and mission Build Security Foundation – Critical Attack Defenses Secure the Pillars Continue building a secure modern enterprise by adopting leading edge technology and approaches: • Threat Detection – Integrate leading edge intelligence and Managed detection and response (MDR) capabilities • Identity and Access Management – continue reducing risk to business critical identities and assets • Information Protection– Discover, protect, and monitor your critical data • Cloud Adoption – Chart a secure path into a cloud- enabled enterprise • Device & Datacenter Security – Hardware protections for Devices, Credentials, Servers, and Applications • App/Dev Security – Secure your development practices and digital transformation components http://aka.ms/SPARoadmap
  • 6. Active Threat Detection Software as a Service Office 365 Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Intranet Extranet On Premises Datacenter(s) IPS DLP SSL Proxy $ Windows 10 NGFW Mac OS Enterprise Servers Domain Controllers VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Analytics Managed Security Provider SIEM Security Operations Center (SOC) Logs & Analytics Hunting Teams IoT Identity & AccessUEBA Managed Clients Legacy Windows Information Protection Endpoint DLP Major Incident Credential Theft Mitigations Prevention • Privileged Access Workstations • Administrative Forest (ESAE) • Privileged Access Management Detection • Advanced Threat Analytics • ETD Managed Detection and Response (MDR) Response • Incident Response MIM PAM Enterprise Threat Detection Investigation and Recovery ATA ATA Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Privileged Access Workstations Admin Forest
  • 7. Approved Cloud Services Office 365 Network Perimeter Unmanaged Devices Threats Persistent • Network perimeter repels and detects classic attacks …but is reliably defeated by • Phishing • Credential theft • Data has moved out of the network and its protections • You must establish an Identity security perimeter • Strong Authentication • Monitoring and enforcement of access policies • Threat monitoring using telemetry & intelligence Resources $ $ $ $$ $ $ $ $ $ $ Identity Perimeter Shadow IT
  • 8. Devices Apps Infrastructure Data Identity Unprotected Sensitive Data Unmanaged Devices Risky Use of Approved SaaS Apps Shadow IT SaaS Applications Phishing Credential Theft & Abuse
  • 9. MIM PAM Enterprise Threat Detection Investigation and Recovery ATA Privileged Access Workstations Admin Forest Challenges • Phishing reliably gains foothold in environment • Credential Theft allows traversal within environment Microsoft Approach • Time of click (vs. time of send) protection and attachment detonation • Integrated Intelligence, Reporting, Policy enforcement • Securing Privileged Access (SPA) roadmap to protect Active Directory and existing infrastructure Identity Phishing Credential Theft & Abuse Office 365 ATP • Email Gateway • Anti-malware Azure AD Identity Protection Conditional Access Advanced Threat Analytics
  • 10. Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ Mac OS Multi-Factor Authentication MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Enterprise Threat Detection Analytics Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WEF SIEM Integration IoT Identity & AccessUEBA Windows 10Managed Clients Software as a Service ATA Privileged Access Workstations (PAWs) Endpoint DLP DDoS attack mitigation Office 365 Information Protection Legacy Windows Backup and Site Recovery Domain Controllers Office 365 ATP • Email Gateway • Anti-malware ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances
  • 11. Apps Phishing Theft se Shadow IT SaaS Applications Challenges • Shadow IT - Unsanctioned cloud services storing and processing your sensitive data • SaaS Management – Challenging to consistently manage many Software as a Service (SaaS) Microsoft Approach Enable Full Security Lifecycle 1. Discover SaaS Usage 2. Investigate current risk posture 3. Take Control to enforce policy on SaaS tenants and data 4. Alert and take automatic action on policy violations (e.g. remove public access to sensitive document) Cloud App Security Risky Use of Approved SaaS Apps
  • 12. Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ Mac OS Multi-Factor Authentication MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Enterprise Threat Detection Analytics Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WEF SIEM Integration IoT Identity & AccessUEBA Windows 10Managed Clients Software as a Service ATA Privileged Access Workstations (PAWs) Endpoint DLP DDoS attack mitigation Office 365 Information Protection Legacy Windows Backup and Site Recovery Domain Controllers Office 365 ATP • Email Gateway • Anti-malware ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances Cloud App Security
  • 13. Data Unprotected Sensitive Data Credential Theft & Abuse Challenges • Limited visibility and control of sensitive data • Data classification is large and challenging project Microsoft Approach • Protect data anywhere it goes • Bring or Hold your own Key • Support most popular formats • Integration with Existing DLP Azure Information Protection (AIP) • Classify • Label • Protect • Report ClassificationLabels Hold Your Own Key (HYOK) Endpoint DLP Edge DLP
  • 14. Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ Mac OS Multi-Factor Authentication MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Enterprise Threat Detection Analytics Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WEF SIEM Integration IoT Identity & AccessUEBA Windows 10Managed Clients Software as a Service ATA Privileged Access Workstations (PAWs) Conditional Access Cloud App Security Azure Information Protection (AIP) • Classify • Label • Protect • Report Office 365 DLP Endpoint DLP Structured Data & 3rd party Apps DDoS attack mitigation ClassificationLabels ASM Lockbox Office 365 Information Protection Legacy Windows Backup and Site Recovery Domain Controllers Office 365 ATP • Email Gateway • Anti-malware Hold Your Own Key (HYOK) ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances
  • 15. Microsoft Approach • Provide a great user experience, strong Hardware- based security, and advanced detection + response capabilities • Mobile Device Management and Mobile App Management of popular devices via Intune • Policy enforcement via Conditional Access Devices Unmanaged Devices Challenges • Provide secure PCs and devices for sensitive data • Manage & protect data on non-corporate devices Intune MDM/MAM Conditional Access Windows 10
  • 16. Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ Mac OS Multi-Factor Authentication MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Enterprise Threat Detection Analytics Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WEF SIEM Integration IoT Identity & AccessUEBA Windows 10Managed Clients Software as a Service ATA Privileged Access Workstations (PAWs) Intune MDM/MAM Conditional Access Cloud App Security Azure Information Protection (AIP) • Classify • Label • Protect • Report Office 365 DLP Endpoint DLP Structured Data & 3rd party Apps DDoS attack mitigation ClassificationLabels ASM Lockbox Office 365 Information Protection Legacy Windows Backup and Site Recovery Domain Controllers Office 365 ATP • Email Gateway • Anti-malware Hold Your Own Key (HYOK) ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances
  • 17. Powered by the Intelligent Security Graph Professional Services Information Identity Cloud Infrastructure Private Cloud & On- Premises Infrastructure Microsoft Threat Detection Deep insight across your environment Azure Security Center • Threat Protection • Threat Detection EDR - Windows Defender ATP Enterprise Threat Detection OMS ATA Investigation and Recovery Cloud App Security Office 365 ATP • Email Gateway • Anti-malware PADS Detect Threats with managed detection and response (MDR) service Hunt for threats and persistent adversaries in your environment Respond to Threats with seasoned professionals and deep expertise Operations Management Suite Azure AD Identity Protection Advanced Threat Analytics SIEM Security Appliances
  • 18. Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Cybersecurity Reference Architecture Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection System Center Configuration Manager + Intune Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ EPP - Windows Defender EDR - Windows Defender ATPMac OS Multi-Factor Authentication MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Windows Info Protection Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Enterprise Threat Detection Analytics Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WEF SIEM Integration IoT Identity & AccessUEBA Windows 10 Windows 10 Security • Secure Boot • Device Guard • Application Guard • Credential Guard • Windows Hello Managed Clients Windows Server 2016 Security Shielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V Containers, Nano server, … Software as a Service ATA Privileged Access Workstations (PAWs) • Device Health Attestation • Remote Credential Guard Intune MDM/MAM Conditional Access Cloud App Security Azure Information Protection (AIP) • Classify • Label • Protect • Report Office 365 DLP Endpoint DLP Structured Data & 3rd party Apps DDoS attack mitigation ClassificationLabels ASM Lockbox Office 365 Information Protection Legacy Windows Backup and Site Recovery Shielded VMs Domain Controllers Office 365 ATP • Email Gateway • Anti-malware Hold Your Own Key (HYOK) ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances • Hover over each item in presentation mode to see description • Click to go to a webpage
  • 19. Business Critical Workloads Cybersecurity Reference Architecture Extranet Microsoft Azure On Premises Datacenter(s) Nearly all customer breaches involve credential theft (Microsoft Incident Response team) Colocation $ Enterprise Servers Security Operations Center (SOC) Identity & Access Managed Clients Legacy Windows Privileged Access Workstations (PAWs) Data Protection Full Lifecycle Protections (Classify, Protect, Report, Revoke) Critical Formats DLP integration Office 365 Information Protection Advanced Email Protection Partnerships • Firewall, Proxy • Data Loss Prevention (DLP) • Intrusion Prevention (IPS) Advanced Threat Protection and Detection Analytics & Reporting Conditional Access Multi-factor Authentication Privileged Access Management …and more Windows 10 Security • Hardware based protections • Powerful detection and investigation capabilities Mac OS Built-in Security Protection from DDoS, Disasters, & Ransomware Compliance Internet Facing Workloads Security Appliances Threat Protection and Monitoring • Incident Response and Recovery Services • Visibility across your enterprise assets • Integration with your existing SIEM Datacenter and Virtualization Security Critical Protections for Privileged Identities | Private Cloud Fabric | Workloads Internet of Things Unmanaged & Mobile Clients Mobile Device & App Management (MDM/MAM) Discover & Secure SaaS usage Last updated March 2017 – latest at http://aka.ms/MCRA

Notas del editor

  1. Key Takeaway: This is the Cybersecurity Reference architecture we built to illustrate the broad set of capabilities that help our customers secure their modern enterprise. Note that this slide has links to more information for each capability. Just put it in presentation mode and hover over them to see a brief description and click for more information.