SlideShare a Scribd company logo

"Evolving Cybersecurity Strategies" - Identity is the new security boundary

D
Dean Iacovelli

This document discusses evolving cybersecurity strategies and moving to an identity-driven security model. It argues that the traditional approach of using many separate "best of breed" security products is too complex, expensive, and slow. Instead, it recommends moving to an integrated security platform centered around identity. This platform would provide pre-integrated solutions, identity-based policies, and machine learning capabilities to detect threats faster. It also discusses leveraging cloud infrastructure and workloads for improved security through features like regular updates and an "intelligent security graph" using data from billions of signals.

Technology
1 of 38
Download to read offline
Identity as the New Security Boundary Jim Bryson + Dave Dixon Technology Solutions Professionals – Microsoft State and Local Government Secure Enterprise Evolving Cyber Security Strategies
“THE STATE OF THE STATE” IN CYBERSECURITY Asymmetrical threat creates resource drain You are fighting a profit-motivated, well resourced HUMAN adversary Public sector orgs are being explicitly targeted Result ? Half of reported security incidents are in the public sector The cost can be enormous – $4M per breach on average (can be a lot more – see OPM) And even if you had the money, there aren’t enough trained cyber techs to tackle the problem CONCLUSION: Trying to solve the security problem at an individual org level with current approaches is not working and may bankrupt your organization. So what can we do differently ? Two arguments/ideas for your consideration.
BEGIN MOVING TO BEST OF BREED SECURITY PLATFORM Pubsec organizations typically have upwards of 30-40 “best of breed” security vendors to manage If they choose to integrate these, significant cost and complexity If they choose not to integrate, humans become the integration and limit response time and decision quality – i.e. attacks at Internet speed, response at human speed Need to begin moving to a security platform that is pre- integrated, identity-driven (90+% of attacks), policy- based to respond on Internet time
COST/APPROACH CONTINUUM Solution2 Solution1 Solution3 Solution4 Solution5 TIME COST Solution2 Solution1 Solution3 Solution4 Solution5 TIME COST “BEST OF BREED” PRODUCTS “BEST OF BREED” PLATFORM IMPLEMENTING POINT SOLUTIONS IS EXPENSIVE Integration cost Software cost Integration becomes more complex, expensive with each solution… Increased leverage and optimization of existing tools, built in integration, consistent policy, infra (AD), IT skills, user training …and eventually, I become afraid of breaking my custom integration if I upgrade this
MOVE MORE WORKLOADS TO HYPERSCALE CLOUD 1B annual spend on cyber security – economics of running your workloads in our cloud are TRANSFORMATIONAL – pay for a “slice” rather than owning the whole thing Reduced window of attack due to rolling updates Platform approach – “built in, not bolt on”, integrated, automated, policy-based Designed for mobile first, cloud first Intelligent security graph - our most unique global asset in the fight, informed by trillions of feeds. Machine learning helps sort the signal from the noise. This signal is leveraged across all our security services Certs AND a track record - we defend 200+ of the largest cloud services in the world, some since 1998 (Windows Update). Oh yeah and Microsoft itself.
Our most unique global asset in the fight, informed by trillions of feeds. Machine learning helps sort the signal from the noise. This signal is leveraged across all of Microsoft’s security services 450B monthly authentications 18+B Bing web pages scanned750M+ Azure user accounts Enterprise security for 90% of Fortune 500 Malware data from Windows Defender Shared threat data from partners, researchers and law Enforcement worldwide Botnet data from Microsoft Digital Crimes Unit 1.2B devices scanned each month 400B emails analyzed 200+ global cloud consumer and Commercial services INTELLIGENT SECURITY GRAPH
Shadow IT Data breach IDENTITY – DRIVEN SECURITY Employees Partners Customers Cloud apps Identity Devices Apps & Data Transition to cloud & mobility New attack landscape Current defenses not sufficient Identity breach On-premises apps SaaS Azure
Web apps (Azure Active Directory Application Proxy) Integrated custom apps SaaS apps OTHER DIRECTORIES 2900+ pre-integrated popular SaaS apps and self-service integration via templates Secure Sign-In Activity with Conditional Access, MFA, and Single Sign-On Easily publish on-premises web apps via Application Proxy + custom apps Microsoft Azure Desktop Virtualization Informa tion protecti on Mobile device & application management Identity and Access Manage ment IDENTITY – DRIVEN SECURITY
Conditions Allow access or Block access Actions Enforce MFA per user/per app User, App sensitivity Device state LocationUser NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT MFA IDENTITY PROTECTION Risk IDENTITY – DRIVEN SECURITY
CLOUD-POWERED PROTECTION Identity Protection at its best Risk severity calculation Remediation recommendations Risk-based conditional access automatically protects against suspicious logins and compromised credentials Gain insights from a consolidated view of machine learning based threat detection Leaked credentials Infected devices Configuration vulnerabilities Risk-based policies MFA Challenge Risky Logins Block attacks Change bad credentials Machine-Learning Engine Brute force attacks Suspicious sign- in activities
CLOUD-POWERED PROTECTION Discover, restrict, and monitor privileged identities Enforce on-demand,just-in-timeadministrativeaccess when needed Provides more visibilitythrough alerts, auditreports and access reviews Global Administrator Billing Administrator Exchange Administrator User Administrator Password Administrator
IDENTITY – DRIVEN SECURITY Microsoft Advanced Threat Analytics (ATA) Behavioral Analytics Detection of known malicious attacks Detection of known security issues On-premises detection Cloud App Security Behavioral analytics Detection in the cloud Anomaly detection Azure Active Directory Premium Security reporting and monitoring (access & usage)
Identity is the New Security Security Features for Identity in Windows 10.
PROTECT FROM WITHIN Operating system uses defense in depth to address threats that get inside the perimeter Windows 10
Achieve more and transform your business with the most secure Windows ever. Safer and more secure Powerful, modern devices More personalMore productive
WINDOWS 10 IDENTITY GOALS Mainstream two-factor authentication Make credentials theft resistant and breach and phish proof Deliver solution to both consumer and business users Use credentials on familiar mobile devices for desktop sign-in
Simplify access to devices and apps Protect at the front door Safeguard your credentials IDENTITY & ACCESS MANAGEMENT Prove users are authorized and secure before granting access to apps and data
Windows Trusted Boot Windows Hello Credential Guard Device Guard Enterprise Data Protection Windows Defender ATP WINDOWS 7 WINDOWS 10
Windows Trusted Boot Windows Hello Credential Guard Device Guard Windows Information Protection Windows Defender ATP WINDOWS 7 WINDOWS 10
Windows 10 Security on Modern Devices (Fresh Install or upgraded from 64-bit Windows 8 ) POST-BREACHPRE-BREACH Breach detection investigation & response Device protection Identity protection Information protection Threat resistance
SECURED BY HARDWARE USER CREDENTIAL An asymmetrical key pair Provisioned via PKI or created locally via Windows 10 WINDOWS HELLO FOR BUSINESS Device-Based Multi-Factor UTILIZE FAMILIAR DEVICES
 Improved security  Fingerprint and facial recognition  Ease of use  Impossible to forget  VBS support BIOMETRIC MODALITIES
PIN Simplest implementation option No hardware dependencies User familiarity Windows Hello Higher security Ease of use Impossible to forget Fingerprint, Facial, Iris Windows Hello Sample design, UI not final
A world beyond passwords with two factor authentication PIN or Biometric plus your device (PC or Phone) Breach, theft, and phish proof identities Single sign-on on-prem, on the web, across sites Sign-in to devices using Azure Active Directory IDENTITY FOR BUSINESS
MULTIFACTOR WITH EXISTING DEVICES SIMPLIFYING DEPLOYMENT
Typical multi-factor authentication implementations LIMITED USE OF MFA CREATES WEAK LINKS User UN/Password High-value assets Most network resources
SHARED SECRETS shhh! Easily mishandled or lost (Hint:Theuseristheproblem)
Internet username and password User THE SITES WE USE ARE A WEAK LINK Bad Guy 1 Social .com Bank .com Network .com LOL .com Obscure .com 1 2
Business username and password User 1 3 5 Device IDP IDP IDP 2 4 Network Resource THE USER AND DEVICE ARE THE WEAK LINKS Bad Guy
PKI based authentication 1 Windows 8.1 User 2 IDP Active Directory 3 4 5 6Network Resource THE CA IS UNDER ATTACK Bad Guy
“PASS THE HASH” ATTACKS Today’s security challenge
TODAY’S SECURITY CHALLENGE PASS THE HASH ATTACKS Pass the hash attacks have gone from hypothetical to very real threats Enables an attacker to get user access tokens using common tools like MimiKatz Once obtained an attacker is often able to steal additional access tokens Enables an attacker to frequently persist even once detected
TODAY’S SECURITY CHALLENGE PASS THE HASH ATTACKS
SOLUTION VSM uses Hyper-V powered secured execution environment to protect NTLM tokens – you can get things in but can’t get things out Decouples NTLM hash from logon secret Fully randomizes and manages full length NTLM hash to prevent brute force attack Requires Windows 10 client and domain controller PASS THE HASH ATTACKS
CREDENTIAL GUARD Securing your credentials Uses built-in hypervisor Isolates the Local Security Authority (LSA) Blocks all insecure authentication protocols, include NTLMv1, MS-CHAPv2, and weaker Kerberos encryption types, such as DES
VIRTUALIZATION BASED SECURITY WINDOWS 10 Kernel Windows Platform Services Apps Kernel SystemContainer Trustlet#1 Trustlet#2 Trustlet#3 Hypervisor Device Hardware Windows Operating System Hyper-VHyper-V
TODAY’S SOLUTION: CREDENTIAL GUARD  Pass the Hash (PtH) attacks are the #1 go-to tool for hackers. Used in nearly every major breach and APT type of attack  Credential Guard uses VBS to isolate Windows authentication from Windows operating system  Protects LSA Service (LSASS) and derived credentials (NTLM Hash)  Fundamentally breaks derived credential theft using MimiKatz, Kernel Windows Platform Services Apps Kernel SystemContainer Credential Guard Trustlet#2 Trustlet#3 Hypervisor Device Hardware Windows Operating System Hyper-VHyper-V
Thank You

Recommended

Microsoft Intelligent Communications - Skype and Teams with Office 365
Microsoft Intelligent Communications - Skype and Teams with Office 365Microsoft Intelligent Communications - Skype and Teams with Office 365
Microsoft Intelligent Communications - Skype and Teams with Office 365David J Rosenthal
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...IBM Security
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerIBM Security
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...IBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 

Recommended

Microsoft Intelligent Communications - Skype and Teams with Office 365
Microsoft Intelligent Communications - Skype and Teams with Office 365Microsoft Intelligent Communications - Skype and Teams with Office 365
Microsoft Intelligent Communications - Skype and Teams with Office 365David J Rosenthal
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...IBM Security
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerIBM Security
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...IBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat ManagementKillian Delaney
 
Attack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainAttack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainIBM Security
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?IBM Security
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Chris Genazzio
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsIBM Security
 
Malware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthMalware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthIBM Security
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Rochester Security Event
Rochester Security EventRochester Security Event
Rochester Security Eventcalebbarlow
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPowerSaturdayParis
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Thailand Co Ltd
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productGFI Software
 
IBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerIBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerThierry Matusiak
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeIBM Security
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identity Defined Security Alliance
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and complianceDean Iacovelli
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckArrow ECS UK
 

More Related Content

What's hot

Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat ManagementKillian Delaney
 
Attack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainAttack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainIBM Security
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?IBM Security
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Chris Genazzio
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsIBM Security
 
Malware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthMalware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthIBM Security
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Rochester Security Event
Rochester Security EventRochester Security Event
Rochester Security Eventcalebbarlow
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPowerSaturdayParis
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productGFI Software
 
IBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerIBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerThierry Matusiak
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeIBM Security
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 

What's hot (20)

Mobile Threat Management
Mobile Threat ManagementMobile Threat Management
Mobile Threat Management
 
Attack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainAttack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack Chain
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
 
Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview
 
Empowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOpsEmpowering Application Security Protection in the World of DevOps
Empowering Application Security Protection in the World of DevOps
 
Malware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient TruthMalware on Smartphones and Tablets: The Inconvenient Truth
Malware on Smartphones and Tablets: The Inconvenient Truth
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
 
Rochester Security Event
Rochester Security EventRochester Security Event
Rochester Security Event
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 security
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
 
IBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerIBM Security Software Solutions - One Pager
IBM Security Software Solutions - One Pager
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the Mouse
 
Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't See
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromise
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019
 

Similar to "Evolving Cybersecurity Strategies" - Identity is the new security boundary

Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and complianceDean Iacovelli
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckArrow ECS UK
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSDavid J Rosenthal
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsAddressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsPrecisely
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceDean Iacovelli
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Ravikumar Sathyamurthy
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudITDogadjaji.com
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Webinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosWebinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosJenniferMete1
 
Centrify rethink security brochure
Centrify rethink security brochureCentrify rethink security brochure
Centrify rethink security brochureMark Gibson
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Protecting Businesses with Top Cybersecurity Companies.pptx
Protecting Businesses with Top Cybersecurity Companies.pptxProtecting Businesses with Top Cybersecurity Companies.pptx
Protecting Businesses with Top Cybersecurity Companies.pptxSonaliG6
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?TechSoup
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 

Similar to "Evolving Cybersecurity Strategies" - Identity is the new security boundary (20)

Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and compliance
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMS
 
Information Security
Information SecurityInformation Security
Information Security
 
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsAddressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conference
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Webinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosWebinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von Baggenstos
 
Centrify rethink security brochure
Centrify rethink security brochureCentrify rethink security brochure
Centrify rethink security brochure
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Gestión de identidad
Gestión de identidadGestión de identidad
Gestión de identidad
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
Protecting Businesses with Top Cybersecurity Companies.pptx
Protecting Businesses with Top Cybersecurity Companies.pptxProtecting Businesses with Top Cybersecurity Companies.pptx
Protecting Businesses with Top Cybersecurity Companies.pptx
 
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?Cyberattacks on the Rise: Is Your Nonprofit Prepared?
Cyberattacks on the Rise: Is Your Nonprofit Prepared?
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
Sophos
SophosSophos
Sophos
 

Recently uploaded

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

Recently uploaded (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 

"Evolving Cybersecurity Strategies" - Identity is the new security boundary

  • 1. Identity as the New Security Boundary Jim Bryson + Dave Dixon Technology Solutions Professionals – Microsoft State and Local Government Secure Enterprise Evolving Cyber Security Strategies
  • 2. “THE STATE OF THE STATE” IN CYBERSECURITY Asymmetrical threat creates resource drain You are fighting a profit-motivated, well resourced HUMAN adversary Public sector orgs are being explicitly targeted Result ? Half of reported security incidents are in the public sector The cost can be enormous – $4M per breach on average (can be a lot more – see OPM) And even if you had the money, there aren’t enough trained cyber techs to tackle the problem CONCLUSION: Trying to solve the security problem at an individual org level with current approaches is not working and may bankrupt your organization. So what can we do differently ? Two arguments/ideas for your consideration.
  • 3. BEGIN MOVING TO BEST OF BREED SECURITY PLATFORM Pubsec organizations typically have upwards of 30-40 “best of breed” security vendors to manage If they choose to integrate these, significant cost and complexity If they choose not to integrate, humans become the integration and limit response time and decision quality – i.e. attacks at Internet speed, response at human speed Need to begin moving to a security platform that is pre- integrated, identity-driven (90+% of attacks), policy- based to respond on Internet time
  • 4. COST/APPROACH CONTINUUM Solution2 Solution1 Solution3 Solution4 Solution5 TIME COST Solution2 Solution1 Solution3 Solution4 Solution5 TIME COST “BEST OF BREED” PRODUCTS “BEST OF BREED” PLATFORM IMPLEMENTING POINT SOLUTIONS IS EXPENSIVE Integration cost Software cost Integration becomes more complex, expensive with each solution… Increased leverage and optimization of existing tools, built in integration, consistent policy, infra (AD), IT skills, user training …and eventually, I become afraid of breaking my custom integration if I upgrade this
  • 5. MOVE MORE WORKLOADS TO HYPERSCALE CLOUD 1B annual spend on cyber security – economics of running your workloads in our cloud are TRANSFORMATIONAL – pay for a “slice” rather than owning the whole thing Reduced window of attack due to rolling updates Platform approach – “built in, not bolt on”, integrated, automated, policy-based Designed for mobile first, cloud first Intelligent security graph - our most unique global asset in the fight, informed by trillions of feeds. Machine learning helps sort the signal from the noise. This signal is leveraged across all our security services Certs AND a track record - we defend 200+ of the largest cloud services in the world, some since 1998 (Windows Update). Oh yeah and Microsoft itself.
  • 6. Our most unique global asset in the fight, informed by trillions of feeds. Machine learning helps sort the signal from the noise. This signal is leveraged across all of Microsoft’s security services 450B monthly authentications 18+B Bing web pages scanned750M+ Azure user accounts Enterprise security for 90% of Fortune 500 Malware data from Windows Defender Shared threat data from partners, researchers and law Enforcement worldwide Botnet data from Microsoft Digital Crimes Unit 1.2B devices scanned each month 400B emails analyzed 200+ global cloud consumer and Commercial services INTELLIGENT SECURITY GRAPH
  • 7. Shadow IT Data breach IDENTITY – DRIVEN SECURITY Employees Partners Customers Cloud apps Identity Devices Apps & Data Transition to cloud & mobility New attack landscape Current defenses not sufficient Identity breach On-premises apps SaaS Azure
  • 8. Web apps (Azure Active Directory Application Proxy) Integrated custom apps SaaS apps OTHER DIRECTORIES 2900+ pre-integrated popular SaaS apps and self-service integration via templates Secure Sign-In Activity with Conditional Access, MFA, and Single Sign-On Easily publish on-premises web apps via Application Proxy + custom apps Microsoft Azure Desktop Virtualization Informa tion protecti on Mobile device & application management Identity and Access Manage ment IDENTITY – DRIVEN SECURITY
  • 9. Conditions Allow access or Block access Actions Enforce MFA per user/per app User, App sensitivity Device state LocationUser NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT MFA IDENTITY PROTECTION Risk IDENTITY – DRIVEN SECURITY
  • 10. CLOUD-POWERED PROTECTION Identity Protection at its best Risk severity calculation Remediation recommendations Risk-based conditional access automatically protects against suspicious logins and compromised credentials Gain insights from a consolidated view of machine learning based threat detection Leaked credentials Infected devices Configuration vulnerabilities Risk-based policies MFA Challenge Risky Logins Block attacks Change bad credentials Machine-Learning Engine Brute force attacks Suspicious sign- in activities
  • 11. CLOUD-POWERED PROTECTION Discover, restrict, and monitor privileged identities Enforce on-demand,just-in-timeadministrativeaccess when needed Provides more visibilitythrough alerts, auditreports and access reviews Global Administrator Billing Administrator Exchange Administrator User Administrator Password Administrator
  • 12. IDENTITY – DRIVEN SECURITY Microsoft Advanced Threat Analytics (ATA) Behavioral Analytics Detection of known malicious attacks Detection of known security issues On-premises detection Cloud App Security Behavioral analytics Detection in the cloud Anomaly detection Azure Active Directory Premium Security reporting and monitoring (access & usage)
  • 13. Identity is the New Security Security Features for Identity in Windows 10.
  • 14. PROTECT FROM WITHIN Operating system uses defense in depth to address threats that get inside the perimeter Windows 10
  • 15. Achieve more and transform your business with the most secure Windows ever. Safer and more secure Powerful, modern devices More personalMore productive
  • 16. WINDOWS 10 IDENTITY GOALS Mainstream two-factor authentication Make credentials theft resistant and breach and phish proof Deliver solution to both consumer and business users Use credentials on familiar mobile devices for desktop sign-in
  • 17. Simplify access to devices and apps Protect at the front door Safeguard your credentials IDENTITY & ACCESS MANAGEMENT Prove users are authorized and secure before granting access to apps and data
  • 18. Windows Trusted Boot Windows Hello Credential Guard Device Guard Enterprise Data Protection Windows Defender ATP WINDOWS 7 WINDOWS 10
  • 19. Windows Trusted Boot Windows Hello Credential Guard Device Guard Windows Information Protection Windows Defender ATP WINDOWS 7 WINDOWS 10
  • 20. Windows 10 Security on Modern Devices (Fresh Install or upgraded from 64-bit Windows 8 ) POST-BREACHPRE-BREACH Breach detection investigation & response Device protection Identity protection Information protection Threat resistance
  • 21. SECURED BY HARDWARE USER CREDENTIAL An asymmetrical key pair Provisioned via PKI or created locally via Windows 10 WINDOWS HELLO FOR BUSINESS Device-Based Multi-Factor UTILIZE FAMILIAR DEVICES
  • 22.  Improved security  Fingerprint and facial recognition  Ease of use  Impossible to forget  VBS support BIOMETRIC MODALITIES
  • 23. PIN Simplest implementation option No hardware dependencies User familiarity Windows Hello Higher security Ease of use Impossible to forget Fingerprint, Facial, Iris Windows Hello Sample design, UI not final
  • 24. A world beyond passwords with two factor authentication PIN or Biometric plus your device (PC or Phone) Breach, theft, and phish proof identities Single sign-on on-prem, on the web, across sites Sign-in to devices using Azure Active Directory IDENTITY FOR BUSINESS
  • 26. Typical multi-factor authentication implementations LIMITED USE OF MFA CREATES WEAK LINKS User UN/Password High-value assets Most network resources
  • 27. SHARED SECRETS shhh! Easily mishandled or lost (Hint:Theuseristheproblem)
  • 28. Internet username and password User THE SITES WE USE ARE A WEAK LINK Bad Guy 1 Social .com Bank .com Network .com LOL .com Obscure .com 1 2
  • 29. Business username and password User 1 3 5 Device IDP IDP IDP 2 4 Network Resource THE USER AND DEVICE ARE THE WEAK LINKS Bad Guy
  • 30. PKI based authentication 1 Windows 8.1 User 2 IDP Active Directory 3 4 5 6Network Resource THE CA IS UNDER ATTACK Bad Guy
  • 32. TODAY’S SECURITY CHALLENGE PASS THE HASH ATTACKS Pass the hash attacks have gone from hypothetical to very real threats Enables an attacker to get user access tokens using common tools like MimiKatz Once obtained an attacker is often able to steal additional access tokens Enables an attacker to frequently persist even once detected
  • 34. SOLUTION VSM uses Hyper-V powered secured execution environment to protect NTLM tokens – you can get things in but can’t get things out Decouples NTLM hash from logon secret Fully randomizes and manages full length NTLM hash to prevent brute force attack Requires Windows 10 client and domain controller PASS THE HASH ATTACKS
  • 35. CREDENTIAL GUARD Securing your credentials Uses built-in hypervisor Isolates the Local Security Authority (LSA) Blocks all insecure authentication protocols, include NTLMv1, MS-CHAPv2, and weaker Kerberos encryption types, such as DES
  • 36. VIRTUALIZATION BASED SECURITY WINDOWS 10 Kernel Windows Platform Services Apps Kernel SystemContainer Trustlet#1 Trustlet#2 Trustlet#3 Hypervisor Device Hardware Windows Operating System Hyper-VHyper-V
  • 37. TODAY’S SOLUTION: CREDENTIAL GUARD  Pass the Hash (PtH) attacks are the #1 go-to tool for hackers. Used in nearly every major breach and APT type of attack  Credential Guard uses VBS to isolate Windows authentication from Windows operating system  Protects LSA Service (LSASS) and derived credentials (NTLM Hash)  Fundamentally breaks derived credential theft using MimiKatz, Kernel Windows Platform Services Apps Kernel SystemContainer Credential Guard Trustlet#2 Trustlet#3 Hypervisor Device Hardware Windows Operating System Hyper-VHyper-V