SlideShare a Scribd company logo

Turning the tables talk delivered at CCISDA conference

D
Dean Iacovelli

Slides from my presentation at the CCISDA (California Counties) information technology conference this week. NOTE: hacking video I narrated has been removed for file size considerations.

Technology
1 of 29
Download to read offline
TURNING THE TABLES Dean Iacovelli Director, Secure Enterprise Microsoft State and Local Government deaniac@microsoft.comEvolving cybersecurity strategies
A LITTLE ABOUT ME – DEAN IACOVELLI 13 years working with Microsoft State and Local customers Roles ▪ First Chief Security Advisor for Microsoft State and Local ▪ First Cloud Services Director, incubated team of specialists on what would become Office 365 ▪ Currently Director of Secure Enterprise, managing a team of cybersecurity specialists focused on security for Office 365, Identity, Threat Protection, and Windows security
ANATOMY OF A BREACH…OR SEVERAL IMPACT Own domain Delete backups Exfiltrate data Redirect funds Ransom Botnet ESCALATION Pass the hash Pass the ticket RECON Target recon Network traversal Mailbox persistence Device persistence ENTRY PHISHING Spear, whaling, trusted user PASSWORD Brute force, spray KNOWN VULNERABILITIES OS, database, apps
“THE STATE OF THE STATE” IN CYBERSECURITY ASYMMETRICAL threat creates resource drain Profit-motivated, well resourced HUMAN adversary with attacks getting cheaper PERFECT STORM #1: They use your transparency against you Attacks are becoming AUTOMATED, responses are not PERFECT STORM #2: Second lowest security rating, second highest rate of attack (NPR) Global shortage of cybersecurity talent The cost can be enormous and it’s ASYMMETRICAL to org size – see OPM Outcome ? Only 5% of security alerts get investigated (Forbes) CONCLUSION: Trying to solve the security problem at an individual org level with current approaches isn’t sufficient and may bankrupt your organization. So what can we do differently ? Two arguments/ideas for your consideration.
1. BEGIN MOVING TO BEST OF BREED SECURITY PLATFORM Complexity is the enemy of security – too many disparate “best of breed” solutions, too much data and little integration/coordination If you choose to integrate these, significant cost and complexity If not, humans become the integration and limit response time and decision quality – i.e. attacks at Internet speed, response at human speed Need to begin moving to a security platform that is pre-integrated, identity- driven, policy-based “Simplify the scope of EPP by using OS-embedded security features, such as disk encryption and USB device control, especially when migrating to Windows 10” - Gartner “Redefining Endpoint Protection” report, Sep 2017
AUTOMATION of insights and response INTEGRATION of all components for coordinated response FOUNDATIONS OF A MODERN SECURITY PLATFORM MACHINE LEARNING and AI to separate signal and noise CLOUD SCALE real-time threat intel
Identity Devices Apps and Data Security Operations Azure Active Directory Advanced Threat Analytics O365 Advanced Threat Protection O365 Threat Intelligence Win 10 Identity Protection Intune Win 10 Threat Resistance Win 10 Post Breach Analysis Win 10 Info Protection Azure Info Protection Data Loss Prevention Cloud App Security INTELLIGENT SECURITY GRAPH INTELLIGENT SECURITY GRAPH ELEMENTS OF A MODERN SECURITY PLATFORM Cyber Defense Operations Center Digital Crimes Unit (DCU) Secure Score
Internet of Things Unmanaged & Mobile Clients Sensitive Workloads CYBERSECURITY REFERENCE ARCHITECTURE Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection System Center Configuration Manager + Intune Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ EPP - Windows Defender EDR - Windows Defender ATP Mac OS Multi-Factor Authenticatio n MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Windows Info Protection Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Managemen t Enterprise Threat Detection Analytic s Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WE F SIEM Integration IoT Identity & AccessUEBA Windows 10 Windows 10 Security • Secure Boot • Device Guard • Application Guard • Credential Guard • Windows Hello Managed Clients Windows Server 2016 Security Shielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V Containers, Nano server, … Software as a Service ATA Privileged Access Workstations (PAWs) • Device Health Attestation • Remote Credential Guard Intune MDM/MAM Conditional Access Cloud App Security Azure Information Protection (AIP) • Classify • Label • Protect • Report Office 365 DLP Endpoint DLP Structured Data & 3rd party Apps DDoS attack mitigation ClassificationLabels ASM Lockbo x Office 365 Information Protection Legacy Window s Backup and Site Recovery Shielded VMs Domain Controllers Office 365 ATP • Email Gateway • Anti-malware Hold Your Own Key (HYOK) ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances
2. MOVE TO CLOUD FIRST OR EVEN CLOUD ONLY POLICY 1B annual spend on cyber security – TRANSFORMATIONAL economics of cloud let you pool risk and resources Stay continuously patched and compliant “Built in, not bolt on” Intelligent Security Graph is a game changer Certs AND a track record “Gartner predicts that by 2018, increased security will displace cost savings and agility as the primary driver for government agencies to move to public cloud within their jurisdictions.” – Gartner 2016 prediction
BRAKES ARE WHAT ALLOW THE CAR TO GO FASTER. FINALLY, PLEASE REMEMBER…
Q & A
THANK YOU ! Dean Iacovelli deaniac@microsoft.com
Behavioral Analytics Machine learning baselines your environment, then scans for anomalies. Detection for known threats Forensic tools to search for known security attacks such as “pass the hash” ADVANCED THREAT ANALYTICS Identify advanced on-premises security attacks before they cause damage Focus on what’s important Clear, efficient, and convenient timeline feed that surfaces the right things along with recommendations for investigation and remediation
Reduce the threat of malicious content Move beyond signature-based defense to heuristic analysis and cloud-based pre-detonation of attack content. Increase understanding of threats Global visibility to real-time threat trends allow dynamic policy adjustment. OFFICE 365 ADVANCED THREAT PROTECTION Simplify management Single console for both cloud-side and client-side threat analysis.
Broad visibility into attack trends Billions of data points from Office, Windows, and Azure OFFICE 365 THREAT INTELLIGENCE Integrated data from external cyber threat hunters Intuitive dashboards with drill- down capabilities
Windows hello • Enterprise grade alternative to passwords • Natural (biometrics) or familiar (PIN) as a means to validate a user’s identity • Security benefits of smartcards without the complexity WINDOWS 10 IDENTITY PROTECTION Protecting user identities from theft and misuse Credential guard • Prevents theft of user credentials via common attacks like Pass-the-Hash (PtH)) • Credentials are secured by placing them within a hardware isolated container, safe even if OS is compromised
Access management • Conditional access • Compliance enforcement • Multi-identity support Mobile device &and app management • Manage iOS, Android, and Windows devices • Protect data in corporate apps with or without a device enrollment INTUNE Manage and secure mobile productivity
WINDOWS 10 THREAT RESISTANCE PRE-BREACH Protect devices and networks with a comprehensive set of pre-breach defenses Trusted boot • Tamper free boot via modern hardware (TPM/UEFI) • Automatically remediate and self-heal from any tampering Device guard • System hardening offers zero day protection for the system core • Next-gen app control ensures only trusted apps can run on the device Windows defender AV • Integrated enterprise grade protection from against viruses, malware, spyware, and other threats Source: AV-comparatives.org
WINDOWS 10 THREAT RESISTANCE POST-BREACH Windows Defender Advanced Threat Protection helps detect, investigate, and respond to advanced attacks Built into Windows, cloud-powered • No additional deployment and infrastructure • Continuously up-to-date, lower costs Behavior-based, post-breach detection • Actionable, correlated alerts for known and unknown adversaries • Real-time and historical data Unique threat intelligence knowledge base • Unparalleled threat optics provide detailed actor profiles • First and third-party threat intelligence data
WINDOWS 10 INFORMATION PROTECTION Protect business data when devices are lost or stolen and from accidental data leaks Bitlocker • Highly customizable full-volume encryption • Single sign-on experience on modern devices • Easily manageable with advanced provisioning, reporting, and self-service recovery options for users Enterprise data protection • Business data containment for sensitive information • Block docs from managed apps from being transferred to consumer apps • Remotely wipe business data from a device while leaving personal data untouched 0101 1001
Persistent classification and protection • Policy driven classification and protection • Data security regardless of where data is stored or shared Visibility and control • Data use/abuse tracking for IT and users • Document revocation in case of unexpected distribution AZURE INFORMATION PROTECTION Better secure your sensitive information - anytime, anywhere Simple, intuitive for users • Intuitive interface for users • Integrated into common apps and services • In-product notifications help users make right decisions
Detect • Scan for sensitive information in Exchange, SharePoint, and OneDrive for Business • Find over 80 sensitive content types (PII, credit card, HIPAA) Protect • Auto-encrypt docs, tie to forced authentication • Block egress of sensitive data DATA LOSS PREVENTION IN OFFICE 365 Detect, protect, and monitor your sensitive information Monitor • Track policy violations though inbox reports
Discover • Gain complete visibility and context for cloud usage and shadow IT—no agents required Control • Shape your cloud environment with granular controls and policy setting for access, data sharing, and DLP CLOUD APP SECURITY Enterprise-grade security for your cloud apps Investigate • Identify high-risk usage and security incidents, detect abnormal user behavior, and prevent threats 0101 1001
THE MICROSOFT CYBER DEFENSE OPERATIONS CENTER
THE MICROSOFT DIGITAL CRIMES UNIT (DCU) Combining creative legal strategies, cutting edge data analytics and public/private partnerships to fight cybercrime Combat Internet Fraud • Partner with law enforcement globally to detect and prosecute Internet scammers Botnet Takedown • Collect 250M records of sensor data per day to detect and locate global botnets • Use variety of legal and technical approaches to have them shut down or neutralized
“SECURE SCORE” CLOUD BEST PRACTICE ANALYZER Security analytics based on proven cloud security best practices Baseline on what you own in Office 365 • Up to 60 different controls/practices are assessed Reports deliver a plan for score improvement • See your score improve over time. Export data to Excel for use in project management, task assignment, etc.. • Global context Compare your score against other Office 365 organizations worldwide.
Our most unique global asset in the fight, informed by trillions of feeds. Machine learning helps sort the signal from the noise. This signal is leveraged across all of Microsoft’s security services. 450B monthly authentications 18+B Bing web pages scanned750M+ Azure user accounts Enterprise security for 90% of Fortune 500 Malware data from Windows Defender Shared threat data from partners, researchers and law Enforcement worldwide Botnet data from Microsoft Digital Crimes Unit 1.2B devices scanned each month 400B emails analyzed 200+ global cloud consumer and Commercial services INTELLIGENT SECURITY GRAPH Back

Recommended

ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Leo TechnoSoft’s Intelligence Driven SOC is integrated Context-aware Security...
Leo TechnoSoft’s Intelligence Driven SOC is integrated Context-aware Security...Leo TechnoSoft’s Intelligence Driven SOC is integrated Context-aware Security...
Leo TechnoSoft’s Intelligence Driven SOC is integrated Context-aware Security...hardik soni
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksAkram Qureshi
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365AntonioMaio2
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSDavid J Rosenthal
 

Recommended

ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Leo TechnoSoft’s Intelligence Driven SOC is integrated Context-aware Security...
Leo TechnoSoft’s Intelligence Driven SOC is integrated Context-aware Security...Leo TechnoSoft’s Intelligence Driven SOC is integrated Context-aware Security...
Leo TechnoSoft’s Intelligence Driven SOC is integrated Context-aware Security...hardik soni
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksAkram Qureshi
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365AntonioMaio2
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSDavid J Rosenthal
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Radhakrishnan Govindan
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal
 
Empower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by AtidanEmpower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by AtidanDavid J Rosenthal
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Microsoft Österreich
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityGet Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityDavid J Rosenthal
 
Microsoft Digital Crimes Unit
Microsoft Digital Crimes UnitMicrosoft Digital Crimes Unit
Microsoft Digital Crimes UnitMicrosoft Österreich
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterMicrosoft Österreich
 
Ramnish Singh Platform Security Briefing
Ramnish Singh Platform Security BriefingRamnish Singh Platform Security Briefing
Ramnish Singh Platform Security Briefingguestb099f64c
 
Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Chris Genazzio
 
EMS Diagram Click Through Web
EMS Diagram Click Through WebEMS Diagram Click Through Web
EMS Diagram Click Through WebEric Inch
 
Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa Plain Concepts
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information ProtectionMicrosoft Österreich
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Ingram Micro Cloud
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information ProtectionAndrew Bettany
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
In t trustm365ems_v3
In t trustm365ems_v3In t trustm365ems_v3
In t trustm365ems_v3InTTrust S.A.
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Ravikumar Sathyamurthy
 

More Related Content

What's hot

Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Radhakrishnan Govindan
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal
 
Empower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by AtidanEmpower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by AtidanDavid J Rosenthal
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Microsoft Österreich
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityGet Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityDavid J Rosenthal
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterMicrosoft Österreich
 
Ramnish Singh Platform Security Briefing
Ramnish Singh Platform Security BriefingRamnish Singh Platform Security Briefing
Ramnish Singh Platform Security Briefingguestb099f64c
 
Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Chris Genazzio
 
EMS Diagram Click Through Web
EMS Diagram Click Through WebEMS Diagram Click Through Web
EMS Diagram Click Through WebEric Inch
 
Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa Plain Concepts
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information ProtectionMicrosoft Österreich
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Ingram Micro Cloud
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information ProtectionAndrew Bettany
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 

What's hot (20)

Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
 
Empower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by AtidanEmpower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
Empower Enterprise Mobility- Maximize Mobile Control- Presented by Atidan
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityGet Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
 
Microsoft Digital Crimes Unit
Microsoft Digital Crimes UnitMicrosoft Digital Crimes Unit
Microsoft Digital Crimes Unit
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security Center
 
Ramnish Singh Platform Security Briefing
Ramnish Singh Platform Security BriefingRamnish Singh Platform Security Briefing
Ramnish Singh Platform Security Briefing
 
Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview
 
EMS Diagram Click Through Web
EMS Diagram Click Through WebEMS Diagram Click Through Web
EMS Diagram Click Through Web
 
Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watson
 
2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD
 

Similar to Turning the tables talk delivered at CCISDA conference

In t trustm365ems_v3
In t trustm365ems_v3In t trustm365ems_v3
In t trustm365ems_v3InTTrust S.A.
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Ravikumar Sathyamurthy
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeemu Tiainen
 
Mobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaMobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaBipeen Sinha
 
O365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi RoineO365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi RoineNCCOMMS
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
 
AWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - IntelAWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - IntelAmazon Web Services
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...David J Rosenthal
 
Secure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat ProtectionSecure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat ProtectionAmmar Hasayen
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckArrow ECS UK
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 
Being more secure using Microsoft 365 Business
Being more secure using Microsoft 365 BusinessBeing more secure using Microsoft 365 Business
Being more secure using Microsoft 365 BusinessRobert Crane
 

Similar to Turning the tables talk delivered at CCISDA conference (20)

In t trustm365ems_v3
In t trustm365ems_v3In t trustm365ems_v3
In t trustm365ems_v3
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
Mobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaMobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen Sinha
 
O365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi RoineO365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
 
Secure the modern Enterprise
Secure the modern EnterpriseSecure the modern Enterprise
Secure the modern Enterprise
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
 
AWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - IntelAWS Summit Auckland Sponsor Presentation - Intel
AWS Summit Auckland Sponsor Presentation - Intel
 
Information Security
Information SecurityInformation Security
Information Security
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
Foster Employee Engagement and Create a Digital Culture Through Microsoft Mod...
 
Secure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat ProtectionSecure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat Protection
 
go secure cloud.pdf
go secure cloud.pdfgo secure cloud.pdf
go secure cloud.pdf
 
CIO Forum June Microsoft.pdf
CIO Forum June Microsoft.pdfCIO Forum June Microsoft.pdf
CIO Forum June Microsoft.pdf
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 
Gestión de identidad
Gestión de identidadGestión de identidad
Gestión de identidad
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
 
Being more secure using Microsoft 365 Business
Being more secure using Microsoft 365 BusinessBeing more secure using Microsoft 365 Business
Being more secure using Microsoft 365 Business
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 

Turning the tables talk delivered at CCISDA conference

  • 1. TURNING THE TABLES Dean Iacovelli Director, Secure Enterprise Microsoft State and Local Government deaniac@microsoft.comEvolving cybersecurity strategies
  • 2. A LITTLE ABOUT ME – DEAN IACOVELLI 13 years working with Microsoft State and Local customers Roles ▪ First Chief Security Advisor for Microsoft State and Local ▪ First Cloud Services Director, incubated team of specialists on what would become Office 365 ▪ Currently Director of Secure Enterprise, managing a team of cybersecurity specialists focused on security for Office 365, Identity, Threat Protection, and Windows security
  • 3. ANATOMY OF A BREACH…OR SEVERAL IMPACT Own domain Delete backups Exfiltrate data Redirect funds Ransom Botnet ESCALATION Pass the hash Pass the ticket RECON Target recon Network traversal Mailbox persistence Device persistence ENTRY PHISHING Spear, whaling, trusted user PASSWORD Brute force, spray KNOWN VULNERABILITIES OS, database, apps
  • 4. “THE STATE OF THE STATE” IN CYBERSECURITY ASYMMETRICAL threat creates resource drain Profit-motivated, well resourced HUMAN adversary with attacks getting cheaper PERFECT STORM #1: They use your transparency against you Attacks are becoming AUTOMATED, responses are not PERFECT STORM #2: Second lowest security rating, second highest rate of attack (NPR) Global shortage of cybersecurity talent The cost can be enormous and it’s ASYMMETRICAL to org size – see OPM Outcome ? Only 5% of security alerts get investigated (Forbes) CONCLUSION: Trying to solve the security problem at an individual org level with current approaches isn’t sufficient and may bankrupt your organization. So what can we do differently ? Two arguments/ideas for your consideration.
  • 5. 1. BEGIN MOVING TO BEST OF BREED SECURITY PLATFORM Complexity is the enemy of security – too many disparate “best of breed” solutions, too much data and little integration/coordination If you choose to integrate these, significant cost and complexity If not, humans become the integration and limit response time and decision quality – i.e. attacks at Internet speed, response at human speed Need to begin moving to a security platform that is pre-integrated, identity- driven, policy-based “Simplify the scope of EPP by using OS-embedded security features, such as disk encryption and USB device control, especially when migrating to Windows 10” - Gartner “Redefining Endpoint Protection” report, Sep 2017
  • 6. AUTOMATION of insights and response INTEGRATION of all components for coordinated response FOUNDATIONS OF A MODERN SECURITY PLATFORM MACHINE LEARNING and AI to separate signal and noise CLOUD SCALE real-time threat intel
  • 7. Identity Devices Apps and Data Security Operations Azure Active Directory Advanced Threat Analytics O365 Advanced Threat Protection O365 Threat Intelligence Win 10 Identity Protection Intune Win 10 Threat Resistance Win 10 Post Breach Analysis Win 10 Info Protection Azure Info Protection Data Loss Prevention Cloud App Security INTELLIGENT SECURITY GRAPH INTELLIGENT SECURITY GRAPH ELEMENTS OF A MODERN SECURITY PLATFORM Cyber Defense Operations Center Digital Crimes Unit (DCU) Secure Score
  • 8. Internet of Things Unmanaged & Mobile Clients Sensitive Workloads CYBERSECURITY REFERENCE ARCHITECTURE Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection System Center Configuration Manager + Intune Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ EPP - Windows Defender EDR - Windows Defender ATP Mac OS Multi-Factor Authenticatio n MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Windows Info Protection Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Managemen t Enterprise Threat Detection Analytic s Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WE F SIEM Integration IoT Identity & AccessUEBA Windows 10 Windows 10 Security • Secure Boot • Device Guard • Application Guard • Credential Guard • Windows Hello Managed Clients Windows Server 2016 Security Shielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V Containers, Nano server, … Software as a Service ATA Privileged Access Workstations (PAWs) • Device Health Attestation • Remote Credential Guard Intune MDM/MAM Conditional Access Cloud App Security Azure Information Protection (AIP) • Classify • Label • Protect • Report Office 365 DLP Endpoint DLP Structured Data & 3rd party Apps DDoS attack mitigation ClassificationLabels ASM Lockbo x Office 365 Information Protection Legacy Window s Backup and Site Recovery Shielded VMs Domain Controllers Office 365 ATP • Email Gateway • Anti-malware Hold Your Own Key (HYOK) ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances
  • 9. 2. MOVE TO CLOUD FIRST OR EVEN CLOUD ONLY POLICY 1B annual spend on cyber security – TRANSFORMATIONAL economics of cloud let you pool risk and resources Stay continuously patched and compliant “Built in, not bolt on” Intelligent Security Graph is a game changer Certs AND a track record “Gartner predicts that by 2018, increased security will displace cost savings and agility as the primary driver for government agencies to move to public cloud within their jurisdictions.” – Gartner 2016 prediction
  • 10.
  • 11. BRAKES ARE WHAT ALLOW THE CAR TO GO FASTER. FINALLY, PLEASE REMEMBER…
  • 12. Q & A
  • 13. THANK YOU ! Dean Iacovelli deaniac@microsoft.com
  • 14.
  • 15. Behavioral Analytics Machine learning baselines your environment, then scans for anomalies. Detection for known threats Forensic tools to search for known security attacks such as “pass the hash” ADVANCED THREAT ANALYTICS Identify advanced on-premises security attacks before they cause damage Focus on what’s important Clear, efficient, and convenient timeline feed that surfaces the right things along with recommendations for investigation and remediation
  • 16. Reduce the threat of malicious content Move beyond signature-based defense to heuristic analysis and cloud-based pre-detonation of attack content. Increase understanding of threats Global visibility to real-time threat trends allow dynamic policy adjustment. OFFICE 365 ADVANCED THREAT PROTECTION Simplify management Single console for both cloud-side and client-side threat analysis.
  • 17. Broad visibility into attack trends Billions of data points from Office, Windows, and Azure OFFICE 365 THREAT INTELLIGENCE Integrated data from external cyber threat hunters Intuitive dashboards with drill- down capabilities
  • 18. Windows hello • Enterprise grade alternative to passwords • Natural (biometrics) or familiar (PIN) as a means to validate a user’s identity • Security benefits of smartcards without the complexity WINDOWS 10 IDENTITY PROTECTION Protecting user identities from theft and misuse Credential guard • Prevents theft of user credentials via common attacks like Pass-the-Hash (PtH)) • Credentials are secured by placing them within a hardware isolated container, safe even if OS is compromised
  • 19. Access management • Conditional access • Compliance enforcement • Multi-identity support Mobile device &and app management • Manage iOS, Android, and Windows devices • Protect data in corporate apps with or without a device enrollment INTUNE Manage and secure mobile productivity
  • 20. WINDOWS 10 THREAT RESISTANCE PRE-BREACH Protect devices and networks with a comprehensive set of pre-breach defenses Trusted boot • Tamper free boot via modern hardware (TPM/UEFI) • Automatically remediate and self-heal from any tampering Device guard • System hardening offers zero day protection for the system core • Next-gen app control ensures only trusted apps can run on the device Windows defender AV • Integrated enterprise grade protection from against viruses, malware, spyware, and other threats Source: AV-comparatives.org
  • 21. WINDOWS 10 THREAT RESISTANCE POST-BREACH Windows Defender Advanced Threat Protection helps detect, investigate, and respond to advanced attacks Built into Windows, cloud-powered • No additional deployment and infrastructure • Continuously up-to-date, lower costs Behavior-based, post-breach detection • Actionable, correlated alerts for known and unknown adversaries • Real-time and historical data Unique threat intelligence knowledge base • Unparalleled threat optics provide detailed actor profiles • First and third-party threat intelligence data
  • 22. WINDOWS 10 INFORMATION PROTECTION Protect business data when devices are lost or stolen and from accidental data leaks Bitlocker • Highly customizable full-volume encryption • Single sign-on experience on modern devices • Easily manageable with advanced provisioning, reporting, and self-service recovery options for users Enterprise data protection • Business data containment for sensitive information • Block docs from managed apps from being transferred to consumer apps • Remotely wipe business data from a device while leaving personal data untouched 0101 1001
  • 23. Persistent classification and protection • Policy driven classification and protection • Data security regardless of where data is stored or shared Visibility and control • Data use/abuse tracking for IT and users • Document revocation in case of unexpected distribution AZURE INFORMATION PROTECTION Better secure your sensitive information - anytime, anywhere Simple, intuitive for users • Intuitive interface for users • Integrated into common apps and services • In-product notifications help users make right decisions
  • 24. Detect • Scan for sensitive information in Exchange, SharePoint, and OneDrive for Business • Find over 80 sensitive content types (PII, credit card, HIPAA) Protect • Auto-encrypt docs, tie to forced authentication • Block egress of sensitive data DATA LOSS PREVENTION IN OFFICE 365 Detect, protect, and monitor your sensitive information Monitor • Track policy violations though inbox reports
  • 25. Discover • Gain complete visibility and context for cloud usage and shadow IT—no agents required Control • Shape your cloud environment with granular controls and policy setting for access, data sharing, and DLP CLOUD APP SECURITY Enterprise-grade security for your cloud apps Investigate • Identify high-risk usage and security incidents, detect abnormal user behavior, and prevent threats 0101 1001
  • 26. THE MICROSOFT CYBER DEFENSE OPERATIONS CENTER
  • 27. THE MICROSOFT DIGITAL CRIMES UNIT (DCU) Combining creative legal strategies, cutting edge data analytics and public/private partnerships to fight cybercrime Combat Internet Fraud • Partner with law enforcement globally to detect and prosecute Internet scammers Botnet Takedown • Collect 250M records of sensor data per day to detect and locate global botnets • Use variety of legal and technical approaches to have them shut down or neutralized
  • 28. “SECURE SCORE” CLOUD BEST PRACTICE ANALYZER Security analytics based on proven cloud security best practices Baseline on what you own in Office 365 • Up to 60 different controls/practices are assessed Reports deliver a plan for score improvement • See your score improve over time. Export data to Excel for use in project management, task assignment, etc.. • Global context Compare your score against other Office 365 organizations worldwide.
  • 29. Our most unique global asset in the fight, informed by trillions of feeds. Machine learning helps sort the signal from the noise. This signal is leveraged across all of Microsoft’s security services. 450B monthly authentications 18+B Bing web pages scanned750M+ Azure user accounts Enterprise security for 90% of Fortune 500 Malware data from Windows Defender Shared threat data from partners, researchers and law Enforcement worldwide Botnet data from Microsoft Digital Crimes Unit 1.2B devices scanned each month 400B emails analyzed 200+ global cloud consumer and Commercial services INTELLIGENT SECURITY GRAPH Back