SlideShare una empresa de Scribd logo

Cloudbrew 2019 - Threat hunting with the Microsoft Cloud

Descargar como PPTX, PDF
T
Tom Janetscheck

With the release of Azure Sentinel, Microsoft has shifted some features from Azure Security Center to their new threat hunting solution. But how do all the security tools Microsoft offers nowadays integrate with each other? How can you find a way through this security jungle? And how do you make sure to have the right tools in place when it comes to protecting your IT environments and hunting threats? Join cloud security expert and Microsoft MVP Tom Janetscheck for this demo-rich session to get all these questions answered and to learn how to protect your resources easily and efficiently.

Tecnología
1 de 25
#TechforPeople.
welcome.
Innovative technology consulting for business. Threat hunting with the Microsoft Cloud Making data-informed decisions with Microsoft Azure Tom Janetscheck, Principal Cloud Security Architect & Microsoft MVP
about me. Tom Janetscheck Principal Cloud Security Architect @ Devoteam Alegri Focused on Azure Identity, Security, Governance, and Infrastructure International user group and conference speaker Community lead of Azure Meetup Saarbrücken Co-organizer of Azure Saturday Tech blogger and book author @azureandbeyond https://blog.azureandbeyond.com
● Cloud security challenges Why is cloud security so difficult and identity security so important? ● Azure Security Center Improve your hybrid cloud security posture ● Microsoft Intelligent Security Graph Unique insights, informed by trillions of signals ● Azure Sentinel SIEM/SOAR solution from the cloud ● Demo agenda.
Federal criminal agency – 2018 cybercrime situation report 87.000 cases of cybercrime in 2018 60.000.000 € amount of damage with an immense dark figure Estimated amount of damage according to Bitcom: 100.000.000.000 (!) € per yearSource: BKA - 2018 Cybercrime situation report
Governance – a definition Establishment of policies, and continuous monitoring of their proper implementation, by the members of the governing body of an organization[…]1 1Source: BusinessDictionary
Cyber Threat Hunting – a definition The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions[…]1 1Source: TechRepublic
Today‘s cloud security challenges Increasingly sophisticated attacks It’s both, a strength and a challenge of the cloud. How do you make sure that ever-changing services are up to your security standards? Attack automation and evasion techniques are evolving along multiple dimensions We need human expertise, adaptability, and creativity to combat human threat actors.
Office 365 Modernizing the security perimeter • • + =  
Microsoft Azure Security Center Security Center assesses your environment and enables you to understand the status of your resources, and whether they are secure. Enable actionable, adaptive protections that identify and mitigate risk to reduce exposure to attacks Use advanced analytics and Microsoft Intelligent Security Graph to rapidly detect and respond to evolving cyber threats
Strengthen your security posture Identify shadow IT subscriptions Optimize and improve resource security Continous assessments
Recognize configuration issues
Microsoft Azure Security Center Security Center assesses your environment and enables you to understand the status of your resources, and whether they are secure. Enable actionable, adaptive protections that identify and mitigate risk to reduce exposure to attacks Use advanced analytics and Microsoft Intelligent Security Graph to rapidly detect and respond to evolving cyber threats
Adaptive threat prevention Advanced Threat Protection Native integration with Microsoft Defender ATP for Windows machines Advanced Thread Detection for Linux machines
Microsoft Azure Security Center Security Center assesses your environment and enables you to understand the status of your resources, and whether they are secure. Enable actionable, adaptive protections that identify and mitigate risk to reduce exposure to attacks Use advanced analytics and Microsoft Intelligent Security Graph to rapidly detect and respond to evolving cyber threats
Microsoft Intelligent Security Graph
Inside the Intelligent Security Graph Microsoft Trust Center
SOC Integration Unifying and Informing Analysts GRAPH API Account, Mail, Calendar, documents, directory, devices, etc. { } GRAPH SECURITY API { } http://aka.ms/graphsecurityapi | https://aka.ms/graphsecuritydocs SIEM / Others FIREWALL PROVIDER
Enrichment with Intelligence (Geo location, IP Reputation) Core capabilities Microsoft Services Public Clouds Security solutions Integrate ServiceNow Community Other tools Apps, users, infrastructure Collect Automate & orchestrate response Playbooks Investigate & hunt suspicious activities Interactive Attack Visualization, Azure Notebooks Analyze & detect threats Machine learning, UEBA Data SearchData Repository Azure Monitor (log analytics) Data Ingestion
Assume breach! It’s not a question about the “if”, but about the “when”!
Have your monitoring ready! You need to know what’s going on in your environment. Massive telemetry is necessary!
Leverage AI/ML- based security tools! Human security skills are on short supply so make sure you rely on an intelligent cloud service!
Witness on-stage live attacks against identities and servers and learn how Azure Security Center and Azure Sentinel help you to keep track on current threats. demo.
thank you. #TechforPeople.

Recomendados

What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?sohailAhmad304
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat huntingVikas Jain
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Harsh Bhanushali
 
OA_Cyber security course with AI
OA_Cyber security course with AIOA_Cyber security course with AI
OA_Cyber security course with AIObject Automation
 
Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...idsecconf
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Stefaan Van daele
 

Recomendados

What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?sohailAhmad304
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat huntingVikas Jain
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Harsh Bhanushali
 
OA_Cyber security course with AI
OA_Cyber security course with AIOA_Cyber security course with AI
OA_Cyber security course with AIObject Automation
 
Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...idsecconf
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Stefaan Van daele
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityDr. Umesh Rao.Hodeghatta
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation♟Sergej Epp
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and ComplianceAnton Chuvakin
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksBGA Cyber Security
 
Cloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesCloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesDr. Rajesh P Barnwal
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsSandeep Saxena
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...Priyanka Aash
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security ArchitecturePriyanka Aash
 
Using Big Data for Cybersecurity
Using Big Data for CybersecurityUsing Big Data for Cybersecurity
Using Big Data for CybersecuritySplunk
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...IJCNCJournal
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterMicrosoft Österreich
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure SentinelBGA Cyber Security
 

Más contenido relacionado

La actualidad más candente

Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityDr. Umesh Rao.Hodeghatta
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19Francesco Flammini
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation♟Sergej Epp
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and ComplianceAnton Chuvakin
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksBGA Cyber Security
 
Cloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesCloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesDr. Rajesh P Barnwal
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsSandeep Saxena
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...Priyanka Aash
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security ArchitecturePriyanka Aash
 
Using Big Data for Cybersecurity
Using Big Data for CybersecurityUsing Big Data for Cybersecurity
Using Big Data for CybersecuritySplunk
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...IJCNCJournal
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 

La actualidad más candente (20)

Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber Security
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19“AI techniques in cyber-security applications”. Flammini lnu susec19
“AI techniques in cyber-security applications”. Flammini lnu susec19
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloud
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and Compliance
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist Attacks
 
Cloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesCloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research Challenges
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security Metrics
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker kno...
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security Architecture
 
Using Big Data for Cybersecurity
Using Big Data for CybersecurityUsing Big Data for Cybersecurity
Using Big Data for Cybersecurity
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 

Similar a Cloudbrew 2019 - Threat hunting with the Microsoft Cloud

Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterMicrosoft Österreich
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
Cloudbrew 2019 - Azure Security
Cloudbrew 2019 - Azure SecurityCloudbrew 2019 - Azure Security
Cloudbrew 2019 - Azure SecurityTom Janetscheck
 
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...Prometix Pty Ltd
 
Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security BrochureJoseph DeFever
 
Webinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosWebinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosJenniferMete1
 
Microsoft Azure Security - Customer Deck.pptx
Microsoft Azure Security - Customer Deck.pptxMicrosoft Azure Security - Customer Deck.pptx
Microsoft Azure Security - Customer Deck.pptxAanSulistiyo
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelSamik Roy
 
Microsoft Sentinel and Its Components.pptx
Microsoft Sentinel and Its Components.pptxMicrosoft Sentinel and Its Components.pptx
Microsoft Sentinel and Its Components.pptxInfosectrain3
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewDavid J Rosenthal
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips Mario Worwell
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsFredBrandonAuthorMCP
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Research
 
ExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPTim De Keukelaere
 

Similar a Cloudbrew 2019 - Threat hunting with the Microsoft Cloud (20)

Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security Center
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
 
Cloudbrew 2019 - Azure Security
Cloudbrew 2019 - Azure SecurityCloudbrew 2019 - Azure Security
Cloudbrew 2019 - Azure Security
 
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
 
Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security Brochure
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
 
Webinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosWebinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von Baggenstos
 
Microsoft Azure Security - Customer Deck.pptx
Microsoft Azure Security - Customer Deck.pptxMicrosoft Azure Security - Customer Deck.pptx
Microsoft Azure Security - Customer Deck.pptx
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinel
 
Microsoft Sentinel and Its Components.pptx
Microsoft Sentinel and Its Components.pptxMicrosoft Sentinel and Its Components.pptx
Microsoft Sentinel and Its Components.pptx
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure Sentinel
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
 
ExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATP
 

Último

A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 

Último (20)

A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Cloudbrew 2019 - Threat hunting with the Microsoft Cloud

  • 3. Innovative technology consulting for business. Threat hunting with the Microsoft Cloud Making data-informed decisions with Microsoft Azure Tom Janetscheck, Principal Cloud Security Architect & Microsoft MVP
  • 4. about me. Tom Janetscheck Principal Cloud Security Architect @ Devoteam Alegri Focused on Azure Identity, Security, Governance, and Infrastructure International user group and conference speaker Community lead of Azure Meetup Saarbrücken Co-organizer of Azure Saturday Tech blogger and book author @azureandbeyond https://blog.azureandbeyond.com
  • 5. ● Cloud security challenges Why is cloud security so difficult and identity security so important? ● Azure Security Center Improve your hybrid cloud security posture ● Microsoft Intelligent Security Graph Unique insights, informed by trillions of signals ● Azure Sentinel SIEM/SOAR solution from the cloud ● Demo agenda.
  • 6. Federal criminal agency – 2018 cybercrime situation report 87.000 cases of cybercrime in 2018 60.000.000 € amount of damage with an immense dark figure Estimated amount of damage according to Bitcom: 100.000.000.000 (!) € per yearSource: BKA - 2018 Cybercrime situation report
  • 7. Governance – a definition Establishment of policies, and continuous monitoring of their proper implementation, by the members of the governing body of an organization[…]1 1Source: BusinessDictionary
  • 8. Cyber Threat Hunting – a definition The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions[…]1 1Source: TechRepublic
  • 9. Today‘s cloud security challenges Increasingly sophisticated attacks It’s both, a strength and a challenge of the cloud. How do you make sure that ever-changing services are up to your security standards? Attack automation and evasion techniques are evolving along multiple dimensions We need human expertise, adaptability, and creativity to combat human threat actors.
  • 10. Office 365 Modernizing the security perimeter • • + =  
  • 11. Microsoft Azure Security Center Security Center assesses your environment and enables you to understand the status of your resources, and whether they are secure. Enable actionable, adaptive protections that identify and mitigate risk to reduce exposure to attacks Use advanced analytics and Microsoft Intelligent Security Graph to rapidly detect and respond to evolving cyber threats
  • 12. Strengthen your security posture Identify shadow IT subscriptions Optimize and improve resource security Continous assessments
  • 14. Microsoft Azure Security Center Security Center assesses your environment and enables you to understand the status of your resources, and whether they are secure. Enable actionable, adaptive protections that identify and mitigate risk to reduce exposure to attacks Use advanced analytics and Microsoft Intelligent Security Graph to rapidly detect and respond to evolving cyber threats
  • 15. Adaptive threat prevention Advanced Threat Protection Native integration with Microsoft Defender ATP for Windows machines Advanced Thread Detection for Linux machines
  • 16. Microsoft Azure Security Center Security Center assesses your environment and enables you to understand the status of your resources, and whether they are secure. Enable actionable, adaptive protections that identify and mitigate risk to reduce exposure to attacks Use advanced analytics and Microsoft Intelligent Security Graph to rapidly detect and respond to evolving cyber threats
  • 18. Inside the Intelligent Security Graph Microsoft Trust Center
  • 19. SOC Integration Unifying and Informing Analysts GRAPH API Account, Mail, Calendar, documents, directory, devices, etc. { } GRAPH SECURITY API { } http://aka.ms/graphsecurityapi | https://aka.ms/graphsecuritydocs SIEM / Others FIREWALL PROVIDER
  • 20. Enrichment with Intelligence (Geo location, IP Reputation) Core capabilities Microsoft Services Public Clouds Security solutions Integrate ServiceNow Community Other tools Apps, users, infrastructure Collect Automate & orchestrate response Playbooks Investigate & hunt suspicious activities Interactive Attack Visualization, Azure Notebooks Analyze & detect threats Machine learning, UEBA Data SearchData Repository Azure Monitor (log analytics) Data Ingestion
  • 21. Assume breach! It’s not a question about the “if”, but about the “when”!
  • 22. Have your monitoring ready! You need to know what’s going on in your environment. Massive telemetry is necessary!
  • 23. Leverage AI/ML- based security tools! Human security skills are on short supply so make sure you rely on an intelligent cloud service!
  • 24. Witness on-stage live attacks against identities and servers and learn how Azure Security Center and Azure Sentinel help you to keep track on current threats. demo.