An overview of current cyber security concerns and ways to combat them, as well as an introduction to some of the capabilities of Azure Active Directory

1. Looks STRONG
Layered DEFENCE
Feels SAFE

3. Cyber Threats
…no longer just an IT issue.
• Average time attackers stay in a network before detection is over 200 days
• Over 75% of all network intrusions are traced back to compromised credentials
• Average cost of a data breach to a company is $3.5 million
• Estimated cost of cybercrime to the global economy is $500 billion

4. Motivations
• Enforcement of social or political points of view
• To gain long term trusted access to internal resources
• Information
• Compute power and bandwidth
• Obtain credentials for access to other services
• Extortion by means of
• Business systems interruption
• Threatening individuals privacy
• or discrediting the organisation

5. Cyber Threats
…there are 2 types of organisations affected:
Those that don’t
know it (yet)
Those that have
been breached

6. Changing nature of Cyber Attacks
Attacks and threats have grown substantially more
sophisticated, frequent and severe.
In the vast majority of attacks, they compromise user credentials
and use legitimate IT tools instead of malware.
We are now working under the assumption
that we are already breached

8. 5 Key Recommendations
Amit Yoran, RSA President
1. Even advanced protection can fail
2. We need pervasive and true visibility of everything
3. Identity and Authentication matter more than ever
• Don’t trust the trusted, protect them!
4. Don’t mistake a malware solution for an Advanced Threat Strategy
5. Use external Threat Intelligence Reports

9. What REALLY matters?
Brand • Trustworthiness
Reputation
• Availability
• Reliability
Credibility • Accreditation
Financials
• Cost to prevent
• Cost to repair

10. What needs protection?
•Logon credentials
•Gaining trusted access
•Across all entities
Identity
•Infrastructure – admin, service, and system accounts
•high costs to repair in both time and materials
•Use MFA and education!
Resources
•Privileged access to sensitive information
•DLP helps classified/controlled, information
•What about the rest?
Information
•Documents at rest, in transit, or shared externally
•Encryption is the minimal level for everythingData

11. HOW?
Protect
Education and
vigilance is key
Layered approach
Technology and
People
Detect
Understand the
scenarios
Look for anomalies
Test regularly
Analyse
Know the scale of
the problem
Identify the
potential impact
Protect the logs
and other
information
Respond
Don’t react hastily,
follow a plan
Call in the experts,
including the
lawyers if necessary
Communicate
clearly, but securely

12. Identity Management
• Know who your people are and centralise management of Identities:
• Administrators and trusted authorities
• Insiders
• Externals
• Implement good housekeeping
• Ensure training for security and privacy at all levels
• Monitor behaviours and regulate access permissions
• Implement key policies:
• Pin locks
• Passwords
• Multi-Factor authentication

13. Application and Device Management
Management based on characteristics:
• Ownership
• Support/Management
• Level of trust
• Device standards and capabilities
• Location and usage scenario

14. Data Security
Enable key features where possible:
• Full drive encryption
• Data replication services
• Invest in Information Rights Management and Data Loss
Prevention for the most sensitive information

15. Wheretostart?

17. Multi-Factor Authentication
Enable/Enforce MFA to end-users
Will enforce App Passwords for
rich clients that don t support MFA
- Office 2013 (can preview ADAL)
- Office 2010
- Skype for Business
- OneDrive for Business
- Mail apps on smartphones
Multi-Factor
Authentication
Second Factor options:
- Mobile app (online and OTP)
- Phone Call
- SMS
Application passwords
Default Microsoft greetings
Office 365 /
Azure Administrators
Fraud alert
One-Time Bypass
Custom greetings/caller ID
Caching
Trusted IPs
MFA SDK
Security Reports
MFA for on-premises apps
Block/Unblock Users
Event Confirmation
Azure AD Premium
additional features

18. Access Control Service
Enables the use of multiple
IdPs to provision access to
SaaS applications
• Integrated Single Sign On
• Claims-based access control
• Centralised authorization into web
applications
• Google, Yahoo!, Facebook, etc.
• Available in Basic and Premium

19. Cloud App Discovery

20. Azure Rights Management
Enable control of data
beyond your security
boundary
• Limit access to known identities
• Monitor, track, change
permissions in-flight
• Company policy templates,
automated application, individual
control

21. Protect a document and share

22. Customer registration and download

23. Track & Revoke

24. Track & Revoke

25. Resources
• Protecting Azure Blob Storage with Azure RMS Whitepaper
http://blogs.msdn.com/b/rms/archive/2014/05/27/protecting-azure-blob-storage-with-azure-rms-whitepaper.aspx
• Information Protection and Control (IPC) in Office 365 with Microsoft
Rights Management service (RMS) whitepaper
http://www.microsoft.com/en-us/download/confirmation.aspx?id=34768
• Official RMS Team blog
http://blogs.technet.com/b/rms/
• RMS Analyzer Tool
http://blogs.technet.com/b/rms/

26. Azure Security Center
Currently in public preview:
• Advanced Threat Analytics – global scale
• Security monitoring and auditing
• Threat detection and alerts
• Hadoop cluster ingests massive quantities of data from security feeds
• Machine Learning and Real People! (cyber security teams and partnerships)
• In partnership with the major industry security vendors
• Integrates with existing security solutions (SIEM)

27. Cloud Access Security Broker
Adallom: recently purchase by Microsoft
• Centralised AuthN/AuthZ for all cloud application
• Agentless, flexible deployment options
• Integrated with solutions like CheckPoint, SIEM, DLP and MDM

28. Advanced Threat Analytics
Focus on what’s
important, fast
• Malicious attack detection
• Alerts for known security
issues and risks
• Analysis for abnormal
behaviour using machine
learning

29. ATA: Pass-The-Hash Demo
• Our bad guy is DodgyUser, he’s managed to get access to a PC and running his tools….
• Our good guy is MarketingUser, he’s logged on to this pc and carrying out his work
normally
• DodgyUser is able to enumerate all users logged on,
and obtain the HASH of their password:

30. ATA: Pass-The-Hash Demo
• With this information, DodgyUser can now switch to use these credentials
on any machine and perform operations as that user

31. ATA: Pass-The-Hash Demo
• ATA was watching:

32. ATA: Alerts

33. ATA: Alerts

34. Coming soon…
Administrative
Units
BYO SaaS
Applications
Pwd rollover
for FB, Twitter
and Linked In
Dynamic group
membership
Conditional
Access – per
app
Privileged
Identity
management
Self-service
app requests
Azure
reporting API
Cloud Access
Security Broker
(Adallom?)

35. Windows 10
• 110 million activations in just 2 months !
• Deploy without re-imaging the device
• Windows Hello & BitLocker
• Registered hardware can be 2nd factor for sign-in to all services
• Separation of business and personal information
• Same experience on Phone as on Desktop
• Enterprise containerisation with Hyper-V
• Universal App Store – with employee store experience

36. Actions & Resources
• Start using MFA for all your personal accounts
• Consider security at the beginning of Solution
Development
• Look for and highlight any risks or concerns
at your customer
• Join the discussion on our Yammer group
Security
• Use the Cloud Roadmap diagrams to explore
solutions and options
• Use this deck, works well on mobile
Share the message, raise awareness

37. Thank you !
Richard Diver
@rdiver