Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Cybersecurity questions for today …
•
•
•
•
•
•
•
Microsoft and Cybersecurity ?
In the news
OUR SECURITY POSTUREPROTECT - DETECT - RESPOND
OURSECURITY POSTURE
RESPOND
Establish a holistic, multidimensional approach to response
PROTECT
Today’s cloud-first, mobile-first
world demands the highest level of
identity and data security in order
to keep your business protected
DETECT
Don’t wait 200 days to discover
you’ve been breached. Invest in
the tools and services that enable
you to detect attacks faster
Protecting our customers, our company, and our world
Cyber growing threats demand a coordinated response
Sharing broadly with the Microsoft Security Response Center (MSRC) and the Microsoft Malware Protection Center (MMPC)
EXPERIENCE
• 1M+ Corporate Machines protected by enterprise IT security
• Multi-platform cloud-first hybrid enterprise
• Decades of experience as a global enterprise
• Runs on multi-tenant Azure environment, same as you
VISIBILITY
• Malware largest anti-virus and
antimalware service
• Clients Windows Updates, Error
Reports
• Email Outlook.com, Office 365
• Web content Bing, Azure AD
• Cloud platform Azure IaaS
and PaaS, Azure Security Center
EXPERTISE
• Development Security established Security Development Lifecycle (SDL) - ISO/IEC 27034-1
• Operational Security for Hyper-scale cloud services
• Combatting Cybercrime in the cloud & partnering with law enforcement to disrupt malware
• Incident Investigation and recovery for customers
Visibility
ExpertiseExperience
Context
Industry leading capabilities
CONTEXT
• Trillions of URLs indexed
• Hundreds of Billions of
authentications, monthly emails
analyzed
• Billions of daily web pages
scans, Windows devices reporting
• Hundreds of Millions of
reputation look ups
• Millions of daily suspicious files
detonations
HumanAnalysis
MachineLearning
Data
Apps and Data
SaaS
Microsoft protecting you
Malware Protection Center Cyber Hunting Teams Security Response Center
DeviceInfrastructure
CERTs
PaaS IaaS
Identity
INTELLIGENT SECURITY GRAPH
Cyber Defense
Operations Center
Digital Crimes Unit
Antivirus NetworkIndustry Partners
SECURE MODERN ENTERPRISE
Identity Apps
and Data
Infrastructure Devices
Identity Embraces identity as primary security perimeter and protects
identity systems, admins, and credentials as top priorities
Apps and Data Aligns security investments with business priorities including
identifying and securing communications, data, and applications
InfrastructureOperates on modern platform and uses cloud intelligence to
detect and remediate both vulnerabilities and attacks
Devices
Accesses assets from trusted devices with hardware security
assurances, great user experience, and advanced threat detectionSecure Platform (secure by design)
Secure Platform (secure by design)
SECURE MODERN ENTERPRISE
Identity Apps
and Data
Infrastructure Devices
Phase 1: Build Security Foundation – Critical Attack Defenses
Phase 2: Secure the Pillars
Phase 2: Secure the Pillars
Continue building a secure modern enterprise by adopting leading edge technology and architectures:
• Privileged Access Security -
Industrial Grade protections
for critical identities and
assets
• Shadow IT visibility –
Discover, protect, and monitor
your critical data in the cloud
• Device and Datacenter
Security - Hardware rooted
protections for devices,
servers, and credentials
• Threat Detection - Deep
analyst expertise and unique
technical and human insights
into threats
• Cloud Security Risk
Mitigation - Chart a secure
path as a cloud-enabled
enterprise
Phase 1: Build the FoundationStart the journey by getting in
front of current attacks
• Critical Mitigations – Critical
attack protections
• Attack Detection – Hunt for
hidden persistent adversaries
and implement critical attack
detection
• Roadmap and planning –
Share Microsoft insight on
current attacks and strategies,
build a tailored roadmap to
defend your organization’s
business value and mission
Tier 2 Workstation
& Device
Admins
Tier 0Domain &
Enterprise
Admins
Tier 1Server
Admins
1. Beachhead (Phishing Attack, etc.)
2. Lateral Movementa. Steal Credentials
b. Compromise more hosts &
credentials
3. Privilege Escalationa. Get Domain Admin credentials
4. Execute Attacker Missiona. Steal data, destroy systems, etc.
b. Persist Presence
24-48 Hours
Tier 2 Workstation
& Device
Admins
Tier 0Domain &
Enterprise
Admins
Tier 1Server
Admins
2. Restrict Lateral Movementa. Random Local Password
1. Restrict Privilege Escalationa. Privileged Access Workstations
b. Assess AD Security
4. Organizational Preparationa. Strategic Roadmap
b. Technical Education
Restrict Lateral Movement
Restrict Privilege Escalation
Attack DetectionAdvanced Threat Analytics (ATA)Hunt for Adversaries
3. Attack Detectiona. Attack Detection
b. Hunt for Adversaries
Organizational Preparation Education
Strategy &
Integration
Phase 1 – Build the Foundation
Aligned with Securing Privileged
Access (SPA) roadmap
http://aka.ms/SPAroadmap
Phase 2 – Secure the Pillars
Foundation: Critical Attack Defenses
To Cloud or Not to Cloud ?
• User chooses apps (unsanctioned, shadow IT)
• User can access resources from anywhere
• Data is shared by user and cloud apps
• IT has limited visibility and protection
• Only sanctioned apps are installed
• Resources accessed via managed devices/networks
• IT had layers of defense protecting internal apps
• IT has a known security perimeter
Life with cloudLife before cloud
On-premises
Storage, corp data Users
What is driving change?
Cloud Services
Load Balancer
WEB ROLE
INSTANCES
Tables/NoSQL
TYPE Y
STORAGE SOLUTIONS
Database
CACHE
Blobs/Files
TYPE X
QUEUE
Virtual Machines
VIRTUAL MACHINES
STORAGE BLOBS / FILES (Virtual Disks)
…
Windows
Linux
SQL
GalleryLoad Balancer
VIRTUAL
NETWORK
COMPUTE
VirtualMachines
Get full control over a server in the
cloud and maintain it as your
business requires.
CloudServices
Managed Virtual Machines with
specific web and worker roles that
are stateless
Batch
For running large scale parallel and
high performance computing
(HPC) applications
Scheduler
Create jobs that run reliably on
simple or complex schedules to
invoke any type of service.
Remote App
Access Windows apps that run
within the Service on VM’s from
any device and any location.
NETWORKING
VirtualNetwork
Provision and manage VPNs in
Azure and securely link to your on-
premises IT infrastructure.
ExpressRoute
Connect on-premises and cloud
data centers directly through
dedicated, non-internet lines.
Traffic Manager
Load-balance incoming global
traffic across multiple services
running in multiple data centers.
IDENTITY & ACCESS
ActiveDirectory
Identity and access management
for cloud applications and ability to
link to on-premises Server AD.
Multi-FactorAuthentication
Safeguard access to data and apps
with additional physical layer of
security control.
MEDIA & CDN
Content Delivery
Network (CDN)
Cache content for your apps at
100’s of edge locations to improve
user experiences.
MediaServices
Range of services that support
video on-demand and live
streaming workflows.
WEB & MOBILE
Web Apps
Managed web platform, get
started for free and scale as you
go using many tools/ languages.
Add backend capabilities to mobile
apps, with native client support on
most device platforms.
MobileApps
APIManagement
Publish and Manage APIs to
developers, partners and
employees securely and at scale.
Create and surface your app logic
as APIs for other services and apps
to consume.
APIApps
LogicApps
Build/execute business processes
by linking your own custom API’s
with an API Gallery/Marketplace
NotificationHubs
Deliver millions of cross platform
push notifications from any
application backend, anywhere.
GALLERY DEPLOY
YOUR
CODE
APP
TYPES
Load Balancer
API MARKETPLACE…
API APP WEB APPLOGIC APP MOBILE APP
Windows 10 Mobile
iOS
Android
Nokia X
Windows Store
iOS
Android
HTML5/JS
APP
INSTANCES
App Services
STORAGE & BACKUP
Backup
Managed service that handles
backup/restore of Windows Server
machines/backup agent.
StorSimple
Automated, policy driven solution
to extend on-premises primary
storage for backup / DR.
SiteRecovery
Coordinate replication and
recovery of System Center private
clouds
Storage Blobs& Files
Store binary application data and
web content – store for dedicated
and shared virtual disks for VM’s
Import/Export
For massive data transfer – ship
encrypted disks to move data
in/out of blob storage.
DATA
SQLDatabase
Managed relational database
service with high availability and
selectable performance levels.
DocumentDB
Store/retrieve millions of JSON
objects from a highly scalable
NoSQL document database.
RedisCache
Make applications scale and be
more responsive under load by
keeping data closer to app logic.
Search
Managed, scalable search service
for your apps, create tunable
search results and ranking models.
Tables
Massive scale for semi-structured
key/value type data in this
schema-less NoSQL store.
ANALYTICS
HDInsight
Big Data (based on Apache
Hadoop) analytics that integrate
easily with Microsoft Office.
MachineLearning
Mine historical data with compute
power to predict future trends or
behavior.
StreamAnalytics
Process data streams in real-time
to discover and react to trends.
DataFactory
Ingest data from multiple sources
to combine into a cloud based
Data Warehouse.
EventHubs
Ingest, persist, process millions of
events per second from millions of
devices.
Ingest, persist, process millions of
events per second from millions of
devices.
MobileEngagement
DEVELOPER SERVICES
Visual StudioOnline
Store code, plan and track
projects, build, deploy and test
apps in the cloud collaboratively.
ApplicationInsights
Analyze app usage, availability and
performance to detect issues and
solve problems proactively.
MANAGEMENT
Automation
Run durable PowerShell scripts to
automate frequent, long running,
complex Azure tasks.
Portal
Web based experience to
provision, control and monitor all
Azure services.
OperationalInsights
Analyze and troubleshoot on-
premises IT infrastructure without
using instrumented code.
KeyVault
Safeguard and control keys and
secrets in cloud scale hardware
security modules.
HYBRID INTEGRATION
BiztalkServices
Build EDI and Enterprise App
Integration (EAI) solutions in the
cloud.
HybridConnections
Connect apps in Azure with on-
premises resources without a VPN
or dedicated line.
ServiceBus
Messaging capabilities (pub/sub,
queues) and on-premises to cloud
connectivity solution.
StorageQueues
Simple message queue for
application de-coupling
architecture for scale out.
Store /Marketplace
Find and manage other services
provided by third parties.
VM Depot
Find free open source VM images
that you can download and run in
Azure Virtual Machines.
COMMERCE
500+New releases in
the last 12 months
>90,000New Azure customer subscriptions/month
1.5Trillion
Messages per month processed by Azure IoT
>500Million
Users in Azure Active Directory
777Trillion
Storage Transactionsper day
>1.5Million
SQL Databases running on Azure
>40%Revenue from
Start-ups and ISVs
Azure momentum
Microsoft identity security at a glance
Automatically
deflect 1.5
million attacks
per day in the
consumer space
>1.3 billion auths
every day on Azure AD
+ 13 billion auths
from the consumer space (MSA)
Every day the Identity ML
system processes
>10 TB of data
Identify 30K potentially
compromised users per day
Azure ComplianceThe largest compliance portfolio in the industry
Holistic Cyber Defense – how to build ?
Secure Development Lifecycle
On-premises Hybrid Cloud
DeviceUser Data
Holistic Cyber Defense is multi-dimensional
Protect by reducing threat of
credential theft
Detect suspicious behavior and
unusual activity
Respond by elevating access
requirements based on Risk
Protect across levels –
Hardware, Software, and
Applications
Detect any deviations from
baseline, policies, or behavior
Respond dynamically to any
suspicious device or application
Protect data no matter where it
is located
Detect any attempts for
unauthorized data access
Respond to any data leak by
removing or monitoring access
Capabilities(MCS, Premier, ACE)
Our Top Conversations on Cybersecurity
Planning on moving apps or DC infrastructure
services to the cloud, or planning on moving to O365
Need a strategy to mitigate the risk of users
bringing unmanaged PCs, phones, tablets
Need to protect data from theft,
unauthorized disclosure, and accidental
distribution
Concerned they have been compromised and
wants to be able to detect threats
Concerned with security risks and vulnerabilities and
want to make sure we are doing basic hygiene
Top Scenarios
Partner with Devices and Mobility
Partner with Cyber
Partner with Cloud Productivity
Cloud
Mobile
InfoProtect
Threats
PlatformSec
Partner with Cyber
Solution Maps(MCS, Premier, ACE)
Secu
rity
Ass
ess
men
t Su
ite
Partner with Cloud Productivity
But Start with Basics:
Software security does not follow the Lada car evolution model…
We need to follow changing threat landscape
Microsoft Security Technologies
Modern Desktops Security
C R E D E N T I A L G UA R D
Why Windows 10 ?
US Department of Defense Windows 10 Migration - Rationale
Microsoft Windows 10 is intended as a cross-
platform release and will be a ubiquitous
operating system for desktops, laptops, and
tablets.
Microsoft Windows 10 enterprise edition provides
security features that are not available in older
versions of Windows
These new features, when employed, are critical to
mitigating advanced network threats.
Rapid implementation to Microsoft Windows 10
will improve our cybersecurity posture, lower the
cost of IT, and streamline the IT operating
environment
Windows 10
Plan by US Air Force
04/10/201639
NATO Secret
International
Staf
Headquarters
New
HQ
04/10/201640
1. NATO Software for Nations Use
2. Multinational development of interoperability standards & advanced technology
3. Implementation of NATO solutions in multinational forces
4. Test and re-use of NATO solutions by Partners (Sweden and Finland)
5. Enabling Joint C4ISR
“Partnering with Nations to achieve Connected Forces and NATO Forces 2020 goals more efficiently”
NCIA 5 Goals as defined by the 28 Nations (NC3B):
Common Funded Solutions In the NCIA
Customer Services Catalogue (examples)
NATO Information Portal
NATO Tasker Tracker Enterprise
NATO Common Operational Picture
Land C2 Information System
Ava
ilab
le
Premier Support Services for NATOOrganizational Continuity, IT Service Improvement and Security. 24x7 global support coverage. Support Account
Management, Workshops, Problem Resolution Support, Support Assistance, Information Services, Security
Microsoft products licenses used for New NATO HQ
NATO provides as PFE
(Purchaser Furnished
Infrastructure & Service):
• Office Professional Plus
• Enterprise Client Access
Licenses (e-CAL) for
Windows Server, Exchange
Server, SharePoint Server,
Lync Server, System Centre,
Forefront and SQL Server
SharePoint based NATO C2
NATO Information Portal Requirements
Cloud Powered Antimalware Protection
DESKTOPS ATTACKS HAPPEN FAST AND ARE
HARD TO STOP
If an attacker sends an email
to 100 people in your
company…
…23 people will open it… …11 people will open the
attachment…
…and six will do it in the
first hour.
HOW DO THESE ATTACKS USUALLY START?
• 0days
• Vulnerabilities
• Weak defenses
• Social engineering
How do they get in? How do they get privilege's?
ADDING A POST-BREACH MINDSET TO THE WINDOWS 10 DEFENSE STACK
PRE-BREACH POST-BREACH
Windows Defender ATP
Breach detection
investigation &
response
Breach detection
investigation & response
Windows Defender Advanced Threat Protection (ATP)
Device protection
Device Health attestation
Device Guard
Device Control
Security policies
Device protection
Device Health Attestation
Device Guard
Device Control
Security policies
Information protection
Device protection / Drive encryption
Enterprise Data Protection
Conditional access
Threat resistance
SmartScreen
AppLocker
Device Guard
Windows Defender
Network/Firewall
Threat resistance
SmartScreen
AppLocker
Device Guard
Windows Defender
Network/Firewall
Identity protection
Built-in 2FA
Account lockdown
Credential Guard Microsoft Passport
Windows Hello :)
Built-in 2FA
Account lockdown
Credential Guard Microsoft Passport
Windows Hello ;)
Identity protection
Device protection / Drive encryption
Windows Information Protection
Conditional access
Information protection
WINDOWS DEFENDER
ADVANCED THREAT PROTECTION
D E T E C T , I N V E S T I G A T E A N D R E S P O N D T O T A R G E T E D A T T A C K S
Unique threat intelligence knowledge base
Rich timeline for investigation
Behavior-based, breach detection
Built in to Windows 10, cloud powered
helps enterprise customers detect and remediate
Advanced Attacks and data breaches
Windows Defender ATP
Powered by cloud
Machine Learning
Analytics over the largest
sensor array in the world
Client side dynamic
endpoint behavioral
sensors and loggers,
works side by side
with any existing endpoint
security technology
Enhanced by the
community of our
Hunters,
researchers and
threat intelligence
Built into
SIEM
SIEM / central UX
Threat Intelligence from partnerships
Threat Intelligence by Microsoft hunters
Exploration
Alerts
SecOps console
Forensic collection
Always-on endpoint
behavioral sensorsSecurity analytics
Behavioral IOAs Dictionary
Files and URLs detonation
Known adversaries
unknown
Customers' Windows Defender ATP tenant
Windows APT Hunters, MCS Cyber
MicrosoftDetection Stack
…
DATA AND COMPLIANCE
Client threat data collection
Compliance and Privacy
Sample Collection
Geolocation
Telemetry, automatically collected from
on-boarded endpoints, serves to
proactively identify indications of attack
and can be viewed by customer SecOps.
Threat insights are shared among WDATP
customers
WDATP can be configured to collect
samples upon identifying IoAs or
suspicious activities, which enables deeper
analysis to identify potential threats.
Sample collection can be performed
automatically for fast detection, or
manually after SecOps’ explicit approval
All customer data resides in compliant
storage (Windows Azure), isolated from
data of other customers, and secured by
access control with full auditing and
logging capabilities. PII data anonymized
prior to aggregation and processing
Enterprise data will have geo-affinity
to a single Data Center geo-location.
Each enterprise can select their
preferred data center location from
available Azure data center locations
ONE MICROSOFT VISION
Integration & exchange of signals
Exchange Online ATP(Office365)
Windows 10
Advanced Threat
Analytics (ATA)
Windows Defender ATP
Information Protection
Mobile security landscapeComprehensive approach to
mobile security and discover a
foundation for both management
and protection:
microsoft.com/ems
AZURE RIGHTS
MANAGEMENT
& SECURE
ISLANDS
ATA INTUNE
AZURE ACTIVE
DIRECTORY
IDENTITY
PROTECTION MICROSOFT
CLOUD APP
SECURITY
Information Protection Vision
On any device
Email LOB appsFiles
Share internally Share externally (B2C)Share externally (B2B)
Policy
enforcement
Document
revocation
Document
tracking
Access
controlEncryptionClassification
and labeling
In any part of the world
• US
• EU
• APAC
• China
• Germany
Information Protection The 5 Step Program
Classify
Label
Protect
Monitor
Respond
Classification on use
Leverage Labels Everywhere
DLP, eDiscovery, Compliance
Top DLPVendors
Apply data-bound protection
Cloud Drive
Dan opened ‘gov.doc’Fred failed to use ‘gov.doc’Jane printed ‘gov.doc’*Use User/ITPro logs/portals
Act on Use/Abuse/Overuse
Start small, now, and move quickly
Automatic Classification
Manual Classification
Classification Level Recommendation
Reclassification Justification
Do you trust your Admin?
Yes
Yes
Yes
Yes
Yes
Step 1 – how things look today
VIRTUAL
MACHINES
Server administrator Yes
Storage administrator No
Network administrator No
Backup operator No
Hyper-V administrator n/a
PHYSICAL MACHINES
No1
No
No
No
No
and now with ‘Shielded’ VMs in Windows Server 2016
1 requires adherence to secure configuration best practices, e.g. TPM-based attestation
Step 2 – Decryption keys controlled by external system
Fab
ric
Co
ntro
ller
Cloud/Datacenter
Host OS
Hypervisor
Guest VM Guest VM
Hyper-V Host 2
Host OS
Hypervisor
Guest VM Guest VM
Hyper-V Host 3
Host OS
Hypervisor
Guest VM Guest VM
Hyper-V Host 1
Guest VM
Key Protection
Host Guardian Service
Secure Server OS ?
Our Server Journey
Windows NT to Windows Server
2003
Windows/WindowsNT
Server Roles/Features
Windows Server 2008and
Windows Server 2008 R2
Server Core
Full Server
Windows Server 2012and
Windows Server 2012 R2
Server Core
Minimal Server Interface
GUI Shell
• A new headless, 64-bit only,
deployment option for
Windows Server
• Deep refactoring focused on
• CloudOS infrastructure
• Born-in-the-cloud applications
And one more “little” thing: Nano Server
NanoServer
ServerCore
Serverwith a
Desktop Exp
Minimal footprint• Server Roles and Optional Features live outside of Nano Server
• No binaries or metadata in image
• Standalone packages that install like applications
Key Roles & Features• Hyper-V, Clustering, Storage
• Core CLR, PaaS & ASP.NET V.Next,
• Containers
Full driver support & Antimalware
System Center and Apps Insight agents to follow
Nano Server - Roles & Features
https://technet.microsoft.com/en-us/windows-server-docs/get-started/getting-started-with-nano-server
Windows Server 2016 offers a new installation option: Nano Server. Nano Server is a remotely
administered server operating system optimized for private clouds and datacenters. It is similar to
Windows Server in Server Core mode, but significantly smaller, has no local logon capability, and only
supports 64-bit applications, tools, and agents. It takes up far less disk space, sets up significantly
faster, and requires far fewer updates and restarts than Windows Server. When it does restart, it
restarts much faster. The Nano Server installation option is available for Standard and Datacenter
editions of Windows Server 2016.
Nano Server is ideal for a number of scenarios:
• As a "compute" host for Hyper-V virtual machines, either in clusters or not
• As a storage host for Scale-Out File Server.
• As a DNS server
• As a web server running Internet Information Services (IIS)
• As a host for applications that are developed using cloud application patterns and run in a
container or virtual machine guest operating system
From observations to operations
Alerts and advisories (three-day notification, public vulnerability announcements, out-of-cycle notifications)
Internet safety reference material
Microsoft Security Response Alliance portal access
Digital Crimes Community portal access
Cyber Threat Intelligence Program botnet feeds
Malicious URL feeds
Other emerging detection guidance
Big Data Analytics Sharing with Governments –Cyber Threat Intelligence Program
70 million IP addresses
500 million pings/day
Volume constantly changing
The Microsoft Cyber Defense Operations Center
• Protect Microsoft’s cloud infrastructure, customer-facing cloud services, products and devices, and internal resources 24 x 7 x 365
• Unite personnel, technology, and analytics in a central hub
• Provide world-class security protection, detection, and response
• More than 50 Security Experts and Data Scientists
• Connected to >3500 Security Professionals across Microsoft
• Tight partnerships with Microsoft Research and the Security Development Lifecycle (SDL) team
Protect
Protect customers’
most valuable assets
by helping to prevent
cyber-attacks,
compromise
Active Directory Security Solutions* ADSA (through ACE); Secure and Resilient AD (through CSS)
Credential Theft Mitigation (CTM) Solutions
Privileged Account Workstation (PAW); Enhanced Security Administrative Environment (ESAE), etc.
Cyber Security Architect (CSA)
Security Development Lifecycle (SDL) Maturity Assessment
Microsoft Security Risk Assessment (MSRA)
Detect
Monitor customer
networks to expose
attacks, vulnerabilities
and persistent threats
Advanced Threat Analytics (ATA) Implementation Services (ATA IS)
Persistent Adversary Detection Service (PADS)
Microsoft Threat Detection Service (MTDS)
Respond
Investigate and disrupt
suspicious events to
provide diagnoses and
recommended
mitigations
Incident Response (IR)
Recovery – Tactical and Strategic (TR/SR)
Security Evaluation and Certification
The following Microsoft Windows 10 product editions are FIPS 140-2 validated:
Windows 10 Enterprise and LTSB Windows 10 Pro Windows 10
US Federal and Canadian governments have FIPS 140-2 requirements for the use of cryptography to protect sensitive data.
These validation certificates are currently for Windows 10 (TH1). Certificates have been updated at the end of June 2016 to include the Windows 10 November 2015 Update (TH2 / 1511), Windows 10 Mobile, Microsoft Surface Hub, and additional Microsoft hardware devices.
For reference, the FIPS 140-2 validation certificates are posted here:http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
FIPS 140-2 Validation of Windows 10
In order to achieve more consistent and
efficient use of scarce resources, the NIAP
has issued Reference (d) and other
guidance that limits the circumstances
under which products may be evaluated to:• Products claiming compliance with a U.S. approved Protection Profile
(with an EAL no higher than that specified in the profile), or
• When a U.S. approved Protection Profile docs not exist and a
government agency requests a Common Criteria evaluation, NIAP will
consider accepting a product into evaluation at EAL2 only. Validator
resource availability and customer need (as
specified in the LOI) will serve as the basis for acceptance
New US DoD Policy - Updated Guidance Concerning the Acquisition of Information Assurance (IA) and lA-enabled Products
NATO Information Assurance Products Catalogue - updated
http://www.ia.nato.int/niapc/
http://www.ia.nato.int/Search/NIAPC/AND/Category_/Manufacturer_73/Country_/Classification_/EvaluationScheme_
Product Main Category
Bitlocker - Windows 7, Windows Server 2008 (R2) Disk/File Encryption
Hyper-V - Windows Server 2008 (R2) Server virtualization Operating System Security Management
Hyper-V - Windows Server 2012 (R2) Server virtualization Operating System Security Management
ListDlls version 2.25 Computer Forensics
Microsoft Baseline Security Analyzer (MBSA) versions 1.2.1 and 2.0Operating System Security Management
SQL Server 2008 (R2) Database Management System
SQL Server 2012 Database Management System
SQL Server 2014 Database Management System
Strings, version 2.3. Computer Forensics
Surface Pro 3 with Windows 8.1 Operating System Security Management
Windows 7 Operating System Security Management
Windows 8(.1) Operating System Security Management
Windows Phone 8(.1) Operating System Security Management
Windows Server 2008 (R2) Operating System Security Management
Windows Server 2012 (R2) Operating System Security Management
Certification Date Completed Evaluated for
CC Mobile Device Fundamentals Protection Profile 2.0 January 29, 2016 Windows 10
CC General Purpose OS Protection Profile 4.1 April 6, 2016 Windows 10
CC Mobile Device Fundamentals Protection Profile 2.0 May 12, 2016 Windows 10 Mobile, Windows 10
CC Mobile Device Fundamentals Protection Profile 2.0 June 24, 2016 Windows 10 November 2015 Update
FIPS 140-2 Level 1 June 2, 2016 Windows 10
CC certificate for Windows 10 November 2015 Update with Surface Book against the Mobile Device protection profile
• Global list of CC-evaluated products http://www.commoncriteriaportal.org/products/
• Certification listing https://www.niap-ccevs.org/st/Compliant.cfm?pid=10715
• Security target (the claims we make about Windows 10) https://www.niap-ccevs.org/st/st_vid10715-st.pdf
• The report by the independent evaluation lab https://www.niap-ccevs.org/st/st_vid10715-aar.pdf
• The validation report that confirms the lab’s findings https://www.niap-ccevs.org/st/st_vid10715-vr.pdf
Windows 10/Windows 10 Mobile FIPS 140-2 evaluation and Common Criteria Certifications (up to date)
Example of
Windows 10
Secure
Configuration
Guidance
- Poland
What next ? We can help
Cybersecurity – standardization simplifies management and operations
Exploiting user credentials in the vast majority of attacks – Advanced Threat
Analytics can help to detect and mitigate them
Microsoft investment in Protect, Detect and Response model is now available
for GOV/MIL customers responsible for interoperability and national Cyber
Defense/Cybersecurity capabilities development
Microsoft Services can be used for operational support and development on
GOV/MIL cyber capabilities
SUMMARY
These practices are still importantPart of a complete long term security strategy
Domain Controller Security Updates
Target full deployment within 7 days
Remove Users from Local
Administrators
Manage exceptions down to near-zero
Ensure only admin of one workstation
Baseline Security Policies
Apply standard configurations
Manage exceptions down to near-zero
Anti-Malware
Detect and clean known threats
Log Auditing and Analysis
Centralize logs to enable investigations
and analysis
Software Inventory and Deployment
Ensure visibility and control of
endpoints to enable security operations
CYBER SECURITY DEMYSTIFIED
Download your free
digital copy of the Cyber
Security Demystified
eBook and share it
with your business
stakeholders today:
http://aka.ms/csdebook
AND IN THE MEANTIME…
simple but important actions
to improve your security today:6
Educate yourself and your staff on the latest risks, common cyber crime methods and best practice
Don’t run software as an Administrator to mitigate risks
Use firewall and antivirus software to spot threats
Develop your software securely. Visit: microsoft.com/sdlto find out more
Make sure to regularly check and install the latest security updates
Use the most up to date versions of all software and use automatic updates where possible
www.microsoft.com/sir
www.facebook.com/MicrosoftDCU
www.microsoft.com/twc blogs.technet.com/securitynews.microsoft.com/presskits/dcu
https://twitter.com/MicrosoftDCU
www.youtube.com/user/DCUMicrosoft
Additional Cyber Resources
Public preview announcement
Support for federated identities
Azure AD Identity Protection Documentation
Demo playbook
End user experience
Channel 9 Video
APIs
Security reader role
Azure Information Protection Resources