Get control over your datacenter with security monitoring using OMS Microsoft Ignite 2016 5/15/2018 10:58 PM BRK2001 Get control over your datacenter with security monitoring using OMS Meir Mendelovich Principal Program Manager @MMendelovich © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Security challenges for IT Operations 5/15/2018 10:58 PM Security challenges for IT Operations Number of threats is rising Environments are more complex Security talent is scarce © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Security Assets DATA CLOUD & DATACENTER APPLICATIONS ENDPOINTS IDENTITY DATA CLOUD & DATACENTER APPLICATIONS (SaaS) ENDPOINTS (Devices) IDENTITY Rights Management Services Information Protection OMS Security Azure Security Center Cloud App Security Advanced Threat Protection Device Guard Credential Guard Intune Windows Hello Windows Defender & ATP Azure AD Identity Protection Advanced Threat Analytics

OMS Security OMS security is a solution that enables you to: 5/15/2018 10:58 PM OMS Security OMS security is a solution that enables you to: Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats Optimized for hybrid datacenters Azure Private AWS On premises © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Use of operations data for Security 5/15/2018 10:58 PM Use of operations data for Security Use of operational data for security Security , not logs Logs, not security © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

OMS Security Analyze and visualize your security posture 5/15/2018 10:58 PM OMS Security Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

OMS Security Analyze and visualize your security posture 5/15/2018 10:58 PM OMS Security Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Out of the box security data collection Collect data from any machine on any environment Just install the OMS agent and you are ready to go SCOM deployment can direct their logs to OMS Support both Windows, Linux and security solutions Collect Windows security event log, App Locker logs and more. Collect Syslog AuthPriv. AuditD coming soon. Private AWS

Connect almost any security solution OMS Security can collect CEF CEF, Common Event Format supported by most security solutions Collected over Syslog to OMS Linux agent OMS Security can collect Cisco ASA Cisco ASA firewall logs are collected over Syslog and parsed Indexed and normalized Easy to search, visualize and alert Enriching the data Records are cross correlated with Threat Intelligence feed Malicious traffic is tagged with threat details and geo location OMS Logs OMS Linux agent CEF over Syslog Security Solution On-prem / private cloud Any public cloud

Cloud power: Endless scale, no maintenance Scale from a single machine to Terabytes per day Just add more machines and data sources, no need to change anything. Some of our customers are already ingesting Terabytes of data per day for covering tens of thousands of machines Global reach Service provided in four geographies: US, Europe, Asia, Australia. More in the future. Backup and high availability are built in No need to do anything No need to upgrade or update – ever The service is maintained and upgraded for you Agents are auto-updated Private AWS

Cloud power: Easy to deploy Moving from zero to security hero in less than an hour Come and see live demo tomorrow - BRK3328 Wednesday, September 28 10:45am - 12:00pm, Room C112

Unlock security data with OMS Log Analytics (1) Search Fast, integrated search makes it easy to query security data Free text, structured, aggregations, calculations Alerts Send e-mail Send WebHook (JSON over HTTP) Open ticket on incident management systems (Service Now, Cherwell, Provance) Run Automation runbooks Export data Export to Excel (CSV file) Visualize and share data using PowerBI Private AWS

Unlock security data with OMS Log Analytics (2) API Read data from OMS and integrate with other systems Write custom ingestion to collect other types of data Custom logs collection Collect any Syslog, Windows event log or file Extract fields from structured or unstructured data Custom dashboards Create your own dashboards based on standard and custom data Share these dashboards Private AWS

Demo OMS Security Analyze and visualize your security posture 5/15/2018 10:58 PM OMS Security Demo Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

OMS Security Analyze and visualize your security posture 5/15/2018 10:58 PM OMS Security Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Out-of-the-box security posture assessments Update View the update and patching status on all your servers Antimalware Discover antimalware software deployed and your current protection state Security Configuration Baseline Assess best practice security configuration rules on all of your computers Identity Snapshot of the identities that access your servers

Demo OMS Security Analyze and visualize your security posture 5/15/2018 10:58 PM OMS Security Demo Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Additional OMS Assessments Active Directory SQL Server DNS Server, DHCP and IP Address (DDI) More to come…

Integrated Threat Intelligence OMS Security comes with Threat Intelligence feed Based on the leading vendors in this market and Microsoft own intelligence No need to purchase anything Log records are cross-correlated and enriched Relevant log records are matched to find traffic involving malicious IP addresses No need for complex integrations Search and visualize threats on maps Records are geo-tagged Full threat report with on the adversary

Demo OMS Security Analyze and visualize your security posture 5/15/2018 10:58 PM OMS Security Demo Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

OMS Security Analyze and visualize your security posture 5/15/2018 10:58 PM OMS Security Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Notable Issues Prioritized list of notable security issues requiring your attention – across all security domains Add your own notable issues Turn notable issues into alerts

Advanced Detection Analytics Built-in advanced detection analytics Hundreds of detection rules and patterns based on common security events Behavioral and machine learning tools calibrated for low false-positive Always current, constantly updated Our security research team is constantly analyzing new threats and update the analytics Integrated with Microsoft ATA Microsoft Advanced Threat Analytics (ATA) detections are normalized and presented side-by-side

Demo OMS Security Analyze and visualize your security posture 5/15/2018 10:58 PM OMS Security Demo Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Vision for Hybrid, Multi-Cloud Workload Protection 5/15/2018 10:58 PM Vision for Hybrid, Multi-Cloud Workload Protection & Azure Security Center OMS Security Security built in to OMS Collection of security data from virtually any source (Azure or AWS, Windows Server or Linux, VMware or OpenStack) Insight into security status (antimalware, system updates) Correlations to detect malicious activities and search for rapid investigation Threat detection using advanced analytics Integrates operational and security management Security built-in to Azure Asset discovery and ongoing security assessment (antimalware, system updates, encryption, virtual network configurations) Actionable security recommendations Security policy for IT governance Integrated management and monitoring of partner security solutions Microsoft Operations Management Suite © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Call to action: Try OMS Security with your servers/desktops Go to http://oms.microsoft.com and sign-in It takes minutes to get up and running It is free for small deployments Product updates: http://aka.ms/OMSSecBlog

Operations Management Suite Sessions at #MSIgnite Microsoft 2016 5/15/2018 10:58 PM Operations Management Suite Sessions at #MSIgnite Day Time Code Room Title Focus Topics Monday 2:15-3:30 BRK1017 C202-204 Take your management and security strategy to the cloud with Operations Management Suite (OMS) Top-line breakout Tuesday 9:00-9:45 BRK2198 B206 Protect your data with a modern backup, archive and disaster recovery solution Protection & Recovery 10:45-12:00 BRK3063 C302 Back up born-in-the-cloud and hybrid applications with Operations Management Suite and Azure Backup 12:30-1:45 BRK2001 B405-407 Get control over your datacenter with security monitoring using Operations Management Suite Security & Compliance 11:30-12:15 BRK1018 C114 Discover how Manulife and Rackspace manage their hybrid environments today Overview 4:00-5:15 BRK3163 B401-402 Manage and troubleshoot infrastructure and application issues using Operations Management Suite Insights & Analytics Wednesday 9:00-10:15 BRK2178 Thomas Murphy Ballroom 1 Dive deep into Operations Management Suite for applications and infrastructure BRK3328 C112 Assess security posture of your datacenter in under one hour using Operations Management Suite BRK2181 Protect every app: transform disaster recovery with Operations Management Suite BRK2180 B213-B214 Monitor Linux in any cloud with Operations Management Suite 4:40-5:15 BRK1000 Discover how Accenture and Time Warner manage hybrid environments today Thursday BRK3042 Migrate and disaster recover Azure workloads using Operations Management Suite 11:30am - 12:15pm BRK2293 Mitigate datacenter security threats with guided investigation using Operations Management Suite BRK2179 C113 Manage your Azure Resources at scale with Operations Management Suite BRK3164 Sidney Marcus Auditorium Automate tasks and gain efficiency for your hybrid environment Automation & Control Friday BRK2095 Uncover system and service issues of any app with Operations Management Suite 10:45-12:00PM BRK2091 A411-412 Manage updates across on-premises and clouds for Windows Server & Linux BRK2092 Thomas Murphy Ballroom 2&3 Explore configuration and change management in Operations Management Suite © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

System Center sessions at #MSIgnite Microsoft 2016 5/15/2018 10:58 PM System Center sessions at #MSIgnite Day Time Code Room Title Focus Topics Monday 2:15-3:30 BRK2204 B312-314 Meet Windows Server 2016 and System Center 2016! Top-line breakout Tuesday 9:00-10:15 BRK2159 Georgia Ballroom Take advantage of new capabilities in System Center 2016 4:00-5:15 BRK3166 Thomas Murphy Ballroom 2&3 Manage your software-defined datacenter using System Center 2016 Virtual Machine Manager System Center Thursday BRK3165 Monitor your changing datacenter using Microsoft System Center 2016 Operations Manager Wednesday 12:30pm - 1:45pm BRK 2121 B213-214 Monitor and diagnose web apps & services with Application Insights & SCOM Management theater sessions at #MSIgnite Day Time Code Room Title Focus Topics Monday 1:00-1:20 THR3028 Build solutions with Operations Management Suite extensions and integration OMS Tuesday 10:20-10:40 THR3023 Microsoft Theater 1 Witness cloud attacks illustrated: insights from Operations Management Suite and Security Security & Compliance Wednesday THR3029 Learn lessons and notes from the field - Operations Management Suite Site Recovery and Backup Protection & Recovery 2:10-2:30 THR3024 Evolve your automation strategy with Operations Management Suite Automation & Control Thursday 12:05-12:25 THR3022 Evolve your MP experience in System Center Operations Manager 2016 System Center © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Free IT Pro resources To advance your career in cloud technology Microsoft Ignite 2016 5/15/2018 10:58 PM Free IT Pro resources To advance your career in cloud technology Plan your career path Microsoft IT Pro Career Center www.microsoft.com/itprocareercenter Cloud role mapping Expert advice on skills needed Self-paced curriculum by cloud role $300 Azure credits and extended trials Pluralsight 3 month subscription (10 courses) Phone support incident Weekly short videos and insights from Microsoft’s leaders and engineers Connect with community of peers and Microsoft experts Get started with Azure Microsoft IT Pro Cloud Essentials www.microsoft.com/itprocloudessentials Demos and how-to videos Microsoft Mechanics www.microsoft.com/mechanics Connect with peers and experts Microsoft Tech Community https://techcommunity.microsoft.com © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session 5/15/2018 10:58 PM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at http://myignite.microsoft.com From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting https://aka.ms/ignite.mobileapp © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/15/2018 10:58 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.