Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

Securing your Organization with Microsoft 365

Securing your Organization with Microsoft 365

Descargar para leer sin conexión

Global Azure Bootcamp 2018 completed recently across the world with a huge success, and I had the opportunity to co-organize the event in Chennai, India. Also delivered a session under the IT Pro track on "Securing Your Organization with Microsoft 365. Uploaded the Session Slides here.

Event url: http://chennai-gab2018.azurewebsites.net/

Global Azure Bootcamp 2018 completed recently across the world with a huge success, and I had the opportunity to co-organize the event in Chennai, India. Also delivered a session under the IT Pro track on "Securing Your Organization with Microsoft 365. Uploaded the Session Slides here.

Event url: http://chennai-gab2018.azurewebsites.net/

Más Contenido Relacionado

Libros relacionados

Gratis con una prueba de 30 días de Scribd

Ver todo

Audiolibros relacionados

Gratis con una prueba de 30 días de Scribd

Ver todo

Securing your Organization with Microsoft 365

  1. 1. Ravikumar Sathyamurthy @shakthiravi Microsoft MVP | Office Servers and Services Securing Your Organization with Microsoft 365 21/04/2018 www.anywherexchange.com
  2. 2. THE WORLD HAS CHANGED
  3. 3. THE WORLD IS NOW A GIANT NETWORK
  4. 4. DIGITAL TRANSFORMATION
  5. 5. IN THE PAST, THE FIREWALL WAS THE SECURITY PERIMETER devices datausers apps On-premises / Private cloud
  6. 6. On-premises
  7. 7. 10 Cyberthreats by the numbers across 3 key attack zones Within 4 minutes 286 days 80 days 63% 58% 80% 55,000 200,000 53 seconds $1 BillionIt takes hackers 4 min to get into networks through email attacks and 286 days for detection followed by an additional 80 days for damage control 90% User DeviceEmail
  8. 8. A complete, intelligent solution that empowers everyone to be creative and work together, securely Unlock creativity Built for teamwork Integrated for simplicity Intelligent security Microsoft 365 Office 365 + Windows 10 + Enterprise Mobility + Security
  9. 9. Threat Protection Protect, detect, and respond to the most advanced threats using advanced based hardware security and the power of the cloud Protect, Detect & Respond Identity Protection Kick passwords to the curb with a convenient, easy to use and enterprise-grade alternative that is designed for today’s mobile-first world. Information Protection Protect data on lost and stolen devices and prevent accidental data leaks using data separation, containment, and encryption. Servicing and Centralized Security Management Microsoft 365 Security
  10. 10. Bing Xbox Live OneDrive Microsoft Digital Crimes Unit Microsoft Cyber Defense Operations Center Azure Microsoft Accounts Skype Enterprise Mobility + Security Azure Active Directory Office365
  11. 11. Unique insights, informed by trillions of signals. This signal is leveraged across all of Microsoft’s security services POWERED BY THE INTELLIGENT SECURITY GRAPH 450B monthly authentications 18+B Bing web pages scanned750M+ Azure user accounts Enterprise security for 90% of Fortune 500 Malware data from Windows Defender Shared threat data from partners, researchers and law Enforcement worldwide Botnet data from Microsoft Digital Crimes Unit 1.2B devices scanned each month 400B emails analyzed 200+ global cloud consumer and Commercial services
  12. 12. Microsoft 365 Momentum Monthly Active Users 100M+ Office 365 Monthly Active Devices 500M+ Windows 10 Growth in Cloud Data Stored 250% SharePoint Authentications Per Month 60B Azure Active Directory
  13. 13. Microsoft 365 Microsoft 365 Business Microsoft 365 Enterprise Microsoft 365 Education Microsoft 365E5 Microsoft 365E3 Microsoft 365F1
  14. 14. Office 365 Enterprise Chat- centric workspace Email & Calendar Voice, Video & Meetings Office applications/ co-authoring Sites & Content Management Analytics Advanced Security & Compliance Enterprise Mobility+ Security Identity & Access Management Managed Mobile Productivity Information Protection Identity Driven Security Windows 10 Enterprise Advanced Endpoint Security Designed For Modern IT More Productive Powerful, Modern devices Microsoft 365 Enterprise
  15. 15. On-premises / Private cloud
  16. 16. Windows Server Active Directory Azure Public cloud Microsoft Azure Active Directory Commercial IdPs Consumer IdPs Partners Customers Azure AD Connect
  17. 17. Mobile device & app management Information protection Holistic and innovative solutions for protection across users, devices, apps and data Protect at the front door Detect & remediate attacks Protect your data anywhere Azure Active Directory Premium Microsoft Intune Azure Information Protection Microsoft Cloud App Security Microsoft Advanced Threat Analytics Identity and access management Threat detection
  18. 18. Technology Benefit E3 E5 Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises app MFA, conditional access, and advanced security reporting ● ● Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities ● Microsoft Intune Mobile device and app management to protect corporate apps and data on any device ● ● Azure Information Protection P1 Encryption for all files and storage locations Cloud-based file tracking ● ● Azure Information Protection P2 Intelligent classification and encryption for files shared inside and outside your organization ● Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications ● Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics ● ● Identity and access management Managed mobile productivity Information protection Threat Detection
  19. 19. Apps Risk MICROSOFT INTUNE Make sure your devices are compliant and secure, while protecting data at the application level AZURE ACTIVE DIRECTORY Ensure only authorized users are granted access to personal data using risk-based conditional access MICROSOFT CLOUD APP SECURITY Gain deep visibility, strong controls and enhanced threat protection for data stored in cloud apps AZURE INFORMATION PROTECTION Classify, label, protect and audit data for persistent security throughout the complete data lifecycle MICROSOFT ADVANCED THREAT ANALYTICS Detect breaches before they cause damage by identifying abnormal behavior, known malicious attacks and security issues ! Device ! Access granted to data CONDITIONAL ACCESS Classify LabelAudit Protect ! ! Location
  20. 20. Identity-driven security CLOUD-POWERED PROTECTION Conditions Allow access or Block access Actions Enforce MFA per user/per app User, App sensitivity Device state LocationUser NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT MFA IDENTITY PROTECTION Risk
  21. 21. Require MFA Allow access Deny access Force password reset****** Limit access Controls On-premises apps Web apps Users Devices Location Apps Conditions Machine learning Policies Real time Evaluation Engine Session Risk 3 10TB Effective policy
  22. 22. Identity Protection at its best Risk severity calculation Remediation recommendations Risk-based conditional access automatically protects against suspicious logins and compromised credentials Gain insights from a consolidated view of machine learning based threat detection Leaked credentials Infected devices Configuration vulnerabilities Risk-based policies MFA Challenge Risky Logins Block attacks Change bad credentials Machine-Learning Engine Brute force attacks Suspicious sign- in activities
  23. 23. Discover, restrict, and monitor privileged identities Enforce on-demand, just-in-time administrative access when needed Provides more visibility through alerts, audit reports and access reviews Global Administrator Billing Administrator Exchange Administrator User Administrator Password Administrator
  24. 24. On-premises app Web app SaaS service Device unlock Microsoft Authenticator Device + Biometric Biometric on device + Windows 10 or other OS Microsoft Edge or other browser Any device Azure Active Directory Microsoft account
  25. 25. DEMOS!
  26. 26. INFORMATION PROTECTION Detect ProtectClassify Monitor C L O U DD E V I C E S O N P R E M I S E S Protect sensitive data throughout the lifecycle – inside and outside the organization
  27. 27. PCs, tablets, mobile Office 365 DLP Windows Information Protection & BitLocker for Windows 10 Azure Information Protection Exchange Online, SharePoint Online & OneDrive for Business Highly regulated Intune MDM & MAM for iOS & Android Microsoft Cloud App Security Office 365 Advanced Data Governance Datacenters, file shares Azure 3rd-Party SaaS MICROSOFT’S INFORMATION PROTECTION SOLUTIONS Comprehensive protection of sensitive data across devices, cloud services and on- premises environments O F F I C E 3 6 5D E V I C E S C L O U D S E R V I C E S , S A A S A P P S & O N - P R E M I S E S
  28. 28. Data is created, imported, & modified across various locations Data is detected Across devices, cloud services, on-prem environments Sensitive data is classified & labeled Based on sensitivity; used for either protection policies or retention policies Data is protected based on policy Protection may in the form of encryption, permissions, visual markings, retention, deletion, or a DLP action such as blocking sharing Data travels across various locations, shared Protection is persistent, travels with the data Data is monitored Reporting on data sharing, usage, potential abuse; take action & remediate Retain, expire, delete data Via data governance policies
  29. 29. DEMOS!
  30. 30. PROTECT Apps and Data Stop Malicious email attachments Avoid malicious email links Defend the gateway File inspection and remediation Mitigate shadow IT Automatically block over sharing Risk detection for data in cloud apps PROTECT Your Devices Prevent encounters Isolate threats Control execution PROTECT Users Identify advanced persistent threats Detect suspicious activity Reduce false positives PROTECT workloads across hybrid infrastructure Assess security state continuously Remediate vulnerabilities and drive compliance Enable security controls
  31. 31. VISIBILITY CONTROL GUIDANCE Understand the security state and risks across resources Define consistent security policies and enable controls Enhance security through built-in intelligence and recommendations INTELLIGENT SECURITY MANAGEMENT APPS / DATADEVICES Powered by the Intelligent Security Graph IDENTITY INFRASTRUCTURE INFRASTRUCTUREAPPS / DATADEVICESIDENTITY
  32. 32. https://docs.microsoft.com/en-us/microsoft-365-enterprise/
  33. 33. FastTrack for Microsoft 365 Move to the cloud with confidence Migrate email, content, and light up Microsoft 365 services Deploy and securely manage devices Enable your business and gain end-user adoption Delivered by Microsoft engineers as part of your subscription Tight integration with qualified partners for additional services Maximized ROI Faster Deployment Higher Adoption FastTrack.microsoft.com
  34. 34. Questions?

Notas del editor

  • It takes hackers 4 min to get into networks through email attacks and 286 days detection followed by 80 days for damage control. 55K Ransomware attacks happen every month (5X YOY increase). Security is TOP OF THE MIND for customers today and now they can choose any starting point depending on their needs and budget: Secure the Front Door, Secure the Content, Secure Devices, Provide a great productivity experience without compromising security
  • Recently Microsoft introduced Microsoft 365 to help foster a new culture of work. It’s a complete, intelligent solution that empowers everyone to be creative and work together, securely. It brings together the best of Microsoft with Office 365, Windows 10 and Enterprise Mobility + Security. We think this is an offering that can truly help you transform customer’s business.

    Microsoft 365 delivers on 4 key promises:

    • Unlocks creativity by enabling people to work naturally with ink, voice and touch, all backed by tools that utilize AI and machine learning.
    • Provides the broadest and deepest set of apps and services with a universal toolkit for teamwork, giving people flexibility and choice in how they connect, share and communicate.
    • Simplifies IT by unifying management across users, devices, apps and services.
    • Helps safeguard customer data, company data and intellectual property with built-in, intelligent security.
  • 13
  • Microsoft is in perfect position to help you with our Intelligent Security Graph.

    One way that Microsoft detects cybersecurity activity in our data centers is the Intelligent Security Graph. Microsoft has incredible breadth and depth of signal and information we analyze from 450B authentications per month across our cloud services, 400B emails scanned for spam and malware, over a billion enterprise and consumer devices updated monthly, and 18B+ Bing scans per month. This intelligence, enhanced by rich expertise of Microsoft’s world class talent of security researchers, analysts, hunters, and engineers, is built into our products and our platform – enabling customers, and Microsoft, to detect and respond to threats more quickly. Microsoft security teams use the graph to correlate large-scale critical security events, using innovative cloud-first machine learning and behavior and anomaly-based search queries, to surface actionable intelligence.  The graph enables teams to collaborate internally and apply preventive measures or mitigations in near real-time to counter cyber threats.  This supports protection for users around the world, and assures CISOs that Microsoft has the breadth and scale to monitor and protect users’ identities, devices, apps and data, and infrastructure.
    The massive scale of Microsoft’s cloud enables us to gather an enormous amount of intelligence on malicious behavior, which in turn allows us to prevent the compromise of accounts, and block the use of leaked or stolen credentials.

  • I love this video, but the nuance that Satya did in his speech can be missed by some. Let me break it down. He first talked about Office, Windows, and EMS. Those products are distinct and we’ve had success in SMB with most of them. But then he pivots quickly and says that we’re starting to talk about them in the terms that customers will get the most value. He talks about them coming together as a single product, a holistic product. And that is super powerful.
     
    He introduced Microsoft 365 Enterprise and Microsoft 365 Business at Inspire. We also announced our Microsoft 365 Education offer and Firstline worker offer with our Microsoft 365 Enterprise plans at Ignite 2017. You’re starting to see the whole picture of Microsoft 365 within our portfolio, and you’ll learn more about all of this over time. Today, however, I’m going to talk to you about that first proof point on the vision that is Microsoft 365 and that is our SMB offering—Microsoft 365 Business.
     
    We’ve been looking across the landscape at many of the trends and challenges that small and midsize businesses have been facing. For years now, customers have been rapidly deploying software as a service apps and other aspects of the cloud. In fact, they have many “clouds” and for many small business customers, many of their assets are no longer on prem.
  • Broad notes on the breadth of offerings surrounding Microsoft 365.
  • Build 2012
  • 24
  • https://azure.microsoft.com/en-us/resources/videos/azure-active-directory-identity-protection/
  • Discover permanent administrators in your organization
    Enforce on-demand, just-in-time administrative access when needed
    Security Wizard simplifies converting permanent admins to eligible admins
    Alerts on users who haven’t been using their roles
    Audit reports and Access reviews enable determining who still needs administrative rights

    https://technet.microsoft.com/en-us/library/dd548356(v=ws.10).aspx





  • We see four primary elements of the information protection lifecycle: Detect, classify, protect and monitor. Each step has its own set of requirements and unique considerations.

    First, let’s talk about the Detect phase: Detecting sensitive data is the first step. As data travels to various location – often outside of the organization’s environment, you want to know what sensitive data you have and where it’s located. Data may have different levels of sensitivity, and not all data needs the same level of protection.

    Classify: After sensitive data has been detected, it’s important to classify the data into distinct categories so that custom controls, such as policies and actions, can be applied. Once the classification scheme is set by the organization, policies can be configured and customized so that sensitive data such as intellectual property, customer info, health records, etc., are protected, stored and shared in a manner that adheres to the organization’s unique requirements. Classification and labeling persists with the file and can be understood and honored by other services, avoiding the need to reclassify and re-label throughout the file’s journey.

    Protect: Classifying and labeling data often results a policy rule to apply some level of protection to sensitive data.

    Monitor: Gaining visibility into how users are using or distributing sensitive information is an important component of your information protection strategy. In the case of unexpected activity or events involving sensitive information, organizations also need to be able to respond quickly and accurately.  

    Microsoft’s information protection solutions addresses each of these steps. This includes protecting sensitive information across Devices, SaaS applications and cloud services, as well as on premises environments.
  • We can make the information protection lifecycle a little more concrete by following the journey of a typical document or file. It all starts with data creation or origination. This can occur at any number of locations, device types or services. For example, a user may create an Excel spreadsheet in Office 365 while on their Surface pro. For customers just getting started storing data in a cloud service, they may be importing a bulk of data into the service from another location. For this data creation phase, it’s important to consider what kind of baseline encryption is offered by the service you are using – for both data at rest and data in transit. If the data resides on a device or drive, it’s also important to consider if that device requires full-disk encryption to protect in that event that the device is lost or stolen.

    After data is created or originated, the next natural step is to scan and detect sensitive data as it moves across devices, apps and services. In most environments, only a small percentage of the entire corpus of data contains sensitive information. The key is to be able to identify and detect the data that contains the sensitive or important information you care about.

    Once sensitive data is detected and identified, you want to be able to classify and label that data in a manner that reflects its sensitivity. Even if the data is considered sensitive, they are typically different levels of sensitivity, and you may want different actions to be applied based on the level of sensitivity. For example, getting back to the example Excel file, if it contains employee ID numbers it may be labeled as Confidential, whereas if it contained Social Security Numbers, it may be labelled as Highly Confidential. It’s important that you have the granularity you need to detect and label the different kinds of documents in your environment based on the varying degrees of sensitivity.

    Once the data has been stamped with a sensitivity label, your company can have the desired policy automatically applied to the document. Based on the policy defined by your company, any number of protective actions can be taken, such as encryption, restricting access rights, applying visual markings or a watermark, applying a retention or deletion policy, OR a DLP action such as blocking sharing. A critical step in the overall information protection strategy is defining the policies and actions to take, while also ensuring end-users can get their jobs done.

    Of course, files and data often don’t stay in one location. Users may need to share the information with others, both inside and outside of the organization, in order to collaborate and get their work done. For example, information may be emailed, access to the file may be shared or the information may be moved to another service. It’s important in the information protection lifecycle that protection persists with the data, no matter where it travels. If the Excel file has a classification of “Highly Confidential” and sharing is restricted, and lives in SharePoint Online, that label and protection should persists if a user happens to move the file to Box, for example.

    Whether the data stays or one place or moves around, it’s critical that IT has the ability to monitor data access and sharing, usage and respond quickly to potential abuse or threats. This can be in the form of real time alerts, emails or reporting dashboard.

    Finally, depending on the sensitivity of data and corporate defined policy, as the data ages it is subject to expiration, retention and deletion. This is an important aspect of overall information protection, because if sensitive data persists in the environment longer than necessary, it can pose a potential risk if discovered and compromised.

    This is a brief view of the overall information protection lifecycle using the life of a file as an example. As you can see, there are key considerations to evaluate at each step.

  • To help protect organizations from advanced cyber attacks, Microsoft has built solutions for the potential attack vectors.

    We can help secure your end-user identities where we leverage our machine learning and signal from the threat landscape to identify vulnerabilities to reduce the attack surface.
    To protect your apps and data, Microsoft has developed solutions to help secure email, data, and even your app ecosystem.
    Microsoft has solutions to help protect your devices to prevent encounters, isolate malicious threats, and to control execution of untrusted applications or code.
    We can also secure your cloud infrastructure by leveraging built-in controls across servers, apps, databases and networks

    Let’s take a closer look at each attack vector and the solutions that can help secure each vector.
  • By leveraging the Microsoft Intelligent Security Graph, Microsoft’s threat protection services provide intelligence and integration across your organization’s entire threat protection stack to help address your biggest security concerns:

    Gaining the ability to protect your business from advanced cyber attacks.
    Having the capability to help detect suspicious behavior within the organization.
    Developing processes and having the tools to quickly respond to threats which enable damage control and limit the effects from an attack.

    With the ability to protect, detect, and respond, to the growing and evolving cyber threat landscape, your organization can immediately enjoy greater security and focus on tasks which are fundamental to your business rather than worry about being impacted by a cyber attack.
  • An effective security management solution is not about a single console. Effective security management integrates where it counts, but also offers specialized tools for different functions.
    We can help you consolidate from many to few while ensuring that your specialized teams have the flexibility and freedom to manage their security as per the unique needs of that component, whether it is identity, devices, apps or infrastructure.

    However, the key that makes Microsoft security management consoles much more effective is the intelligence sharing, which helps your organization maintain a consistent and robust security posture.

    With Microsoft, intelligence is shared through the Microsoft Intelligent Security Graph. Harnessing the power of machine learning, processing trillions of pieces of data from billions of devices, we make the security management solutions work for you. This shared intelligence is leveraged by the management consoles across Identity, Devices, Apps & Data and Infrastructure- helping security admins and operation center teams to get important information optimized for their workloads.

    The key for a CISO’s success in managing security is not about a single console across everything, but integration wherever it makes sense. You don’t need all the point solutions to manage, data points to sift through to secure your end user devices and expanding networks.

    With single vendor mgmt., built-in controls that come with MS solutions and the unmatched intelligence, Microsoft becomes your trusted partner in achieving intelligent security management.

    In short, Microsoft provides you intelligent security management with:
    Specialized Controls based on your security teams’ needs;
    Visibility where needed;
    And Guidance on how to harden your organization’s security posture based on unmatched intelligence.

×