Embed Size (px)
Citation preview
Koncepcja rozwiązań bezpieczeństwa Microsoft
Dominik Mostowski
Securing Privileged Access
Office 365 Security
Rapid Cyberattacks (Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording StrategiesOffice 365
Dynamics 365
+Monitor
Azure Sentinel – Cloud Native SIEM and SOAR (Preview)
SQL Encryption &
Data Masking
Data Loss Protection
Data Governance
eDiscovery
Securing Privileged Access
Office 365 Security
Rapid Cyberattacks (Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording StrategiesOffice 365
Dynamics 365
+Monitor
Azure Sentinel – Cloud Native SIEM and SOAR (Preview)
SQL Encryption &
Data Masking
Data Loss Protection
Data Governance
eDiscovery
•
•
•
Identity and Access Management
Securing Privileged Access
Office 365 Security
Rapid Cyberattacks (Wannacrypt/Petya)
•
•
•
•
•
•
•
Azure Sentinel – Cloud Native SIEM and SOAR (Preview)
•
•
•
•
+Monitor
•
•
Securing Privileged AccessOffice 365 SecurityRapid Cyberattacks(Wannacrypt/Petya)
•
•
•
•
•
•
•
•
•
SQL Encryption &
Data Masking
!
AlertsSecurity Profiles
Host | User | File | App | IPActions Configurations
Insights and relationships
OAuth 2.0 and OpenID Connect 1.0
Azure AD Identity
Protection IntuneWindows
Defender ATPOffice 365 ATP Cloud Application
SecurityAzure ATP Azure Security
CenterAzure Information
Protection
Ecosystem
Partners
Other Microsoft Graph ServicesOffice 365 | Intune | Active Directory | More…
Users Groups Mail Files Calendar
Zarządzanie bezpieczeństwem tożsamości oraz tożsamości uprzywilejowane
Dominik Mostowski
Security as A Service Components
Secure the Front Door
Secure Content
Secure Devices
Great Employee Experience
Intro
Security as a ServiceSecurity managed from the cloud.
SECURE CONTENT
PROTECT CONTENT:
CREATION, TRANSIT,
CONSUMPTION
SECURE DEVICES
WORKPLACE ISSUED OR
BYOD DEVICES
GREAT EMPLOYEE
EXPERIENCE
PRODUCTIVITY WITHOUT
COMPROMISE
SECURE THE FRONT
DOOR
IDENTITY DRIVEN
SECURITY
1. Protect at the front doorSafeguard your resources at the front door with innovative
and advanced risk-based conditional accesses
2. Protect your data against user mistakesGain deep visibility into user, device, and data activity on-
premises and in the cloud.
3. Detect attacks before they cause damageUncover suspicious activity and pinpoint threats with deep
visibility and ongoing behavioral analytics.
Conditions
Allow access
Or
Block access
Actions
Enforce MFA
per user/per
app
Location
Device state
User/Application
MFA
Risk
User
Microsoft Advanced Threat Analytics (ATA)
Behavioral Analytics
Detection of known malicious attacks
Detection of known security issues
On-premises detection
Cloud App Security + Azure Active Directory Premium
Behavioral analytics
Detection in the cloud
Anomaly detection
Security reporting and monitoring
Risk based conditional access and Multi-Factor AuthenticationYou can use Azure AD Identity Protection for conditional access risk policies. Conditional access risk policies help give your organization advance protection based on risk events and unusual sign-in activities. Using multi-factor authentication helps protect resources from being accessed by an unauthorized or risky users.
Advanced Security ReportingTake advantage of advanced security reports, notifications, remediation recommendations and policies to protect your business from current and future threats.
Identify threats on-premisesFrom detecting known malicious attacks to uncovering abnormal activity with machine learning and behavioral analytics, identify advanced persistent threats to your enterprise quickly and take action swiftly with Microsoft Advanced Threat Analytics.
Identify high-risk usage of cloud apps, abnormal behavior and prevent threat. Whether or not you’re in the cloud, your employees are. Bring the security of your on-premises systems to your cloud applications—both approved and unapproved—for deeper visibility, comprehensive controls, and enhanced protection against cloud security issues.
Secure The Front Door
Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools
Security/Monitoring/Reporting SolutionsNotifications
Data Extracts/Downloads
Reporting APIs
Apply Microsoft learnings to your existing security tools
Microsoft machine - learning engine
Leaked credentials
Infected devices Configuration
vulnerabilities Brute force
attacksSuspicious sign-
in activities
Azure Active Directory Premium
Microsoft IntuneMicrosoft Intelligent
Security Graph
Risk-based conditional access
• Block access
• Wipe device
Conditions
• Allow
• Enforce MFA
• Remediate
Actions
Location (IP range)
Device state
User groupUser
MFA
Risk
On-premises
applications
Microsoft Azure
Risk (Low, Medium, High)
Azure AD Premium feature: Multi-factor authentication
Mobile apps Phone calls Text messages
How it works
• Push Notification
• One-Time Passcode
(OTP) Token
• Phone Calls • Text Message
Discover, restrict, and monitor privileged identities
Enforce on-demand, just-in-time administrative access when needed
Provides more visibility through alerts, audit reports and access reviews
Global Administrator
Billing Administrator
Exchange Administrator
User Administrator
Password Administrator
Removes unneeded permanent
admin role assignments
Limits the time a user has admin
privileges
Ensures MFA validation prior to
admin role activation
Reduces exposure to attacks targeting admins
Separates role administration
from other tasks
Adds roles for read-only views
of reports and history
Asks users to review and justify
continued need for admin role
Simplifies delegation
Enables least privilege role
assignments
Alerts on users who haven’t
used their role assignments
Simplifies reporting on admin
activity
Increases visibility and finer-grained control
Microsoft Advanced Threat Analytics
brings the behavioral analytics concept
to IT and the organization’s users.
An on-premises platform to identify advanced security attacks and insider threats before they cause damage
DETECT ATTACKS BEFORE THEY CAUSE DAMAGE
Behavioral
Analytics
Detection of advanced
attacks and security risks
Advanced Threat
Detection
DiscoveryGain complete visibility and
context for cloud usage and
shadow IT—no agents required
Data controlShape your cloud environment with
granular controls and policy setting
for access, data sharing, and DLP
Threat protectionIdentify high-risk usage and security
incidents, detect abnormal user
behavior, and prevent threats
Integrate with existing security, mobility, and encryption solutions
http://aka.ms/SPAroadmap http://aka.ms/cyber-services
http://aka.ms/securitystandards
Death Star GoFetch
Office 365
User
Role
Group
Device
Config
Location
Last Sign-in
Conditional
access risk
Health/Integrity
Client
Config
Last seen
High
Medium
Low
FirewallIntrusion
Detection/PreventionForward/Reverse
Proxy
Source: IP Address/Port
Destination: IP Address/Port
Signatures
Analytics
Allow List
Authentication
Intranet Resources
Actions:• Allow
• Allow Restricted
• Require MFA
• Block
• Force Remediation
Actions:• Allow
• Block
Device
User
Role: Sales Account Representative
Group: London Users
Device: Windows
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
Office resource
Conditional
access risk
Health: Device compromised
Client: Browser
Config: Anonymous
Last seen: Asia
High
Medium
Low
Anonymous IP
Unfamiliar sign-in location for this user
Malicious activity detected on device
Device
Sensitivity: MediumBlock access
Force threat
remediation
https://channel9.msdn.com/events/Ignite/
Microsoft-Ignite-Orlando-2017/BRK3016
Apps
Analytics
CRM andMarketingAutomation
Business
Social IDs
Business & Government IDs
contoso
Customers
Azure AD B2C
Securely authenticate customerswith their preferred identity provider
Provide branded registration
and login experiences
Capture login, preference, and conversion data for customers
