THR2099 What to do BEFORE all hell breaks loose: Building a modern cybersecurity strategy.

Slides:

Advertisements

Similar presentations

Advertisements

Your Partner for Superior Cybersecurity

Your security risk is higher than ever.

Azure on Steroids: Full Automation with PowerShell

How To Deliver Apps Faster And Secure Them The Microsoft Way

Microsoft Dynamics 365 for Talent: The New Rules of Engagement

Cloud Security IS Application-Centric Security

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,

Azure Cloud Shell Magic of Modern Command-line Management

Windows 10 and the cloud: Why the future needs hybrid solutions

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

Decoding audit events in Microsoft Office 365

Optimizing Microsoft OneDrive for the enterprise

What a Real, Functioning DevOps Team Looks Like

“Enable, Invent & Adopt, Transform”

Protect sensitive information with Office 365 DLP

Location – the next frontier in analytics

SQL Server on Linux on All-Flash Arrays

Understanding Windows Analytics Update Compliance

Excel and Power BI Better Together Democratization of data

Workflow Orchestration with Adobe I/O

9/6/2018 8:11 PM THR1046 Using Digital Experience Management to Validate the Impact of IT Change Mike Marks Product Evangelist, Riverbed © Microsoft Corporation.

Customize Office 365 Search and create result sources

How we got a traditional bank collaborating across boundaries

The utility belt for managing security and compliance in Office 365

Find, try and get line-of-business apps on Microsoft AppSource

User Group Best Practices

Automated Response with Windows Defender ATP

Best Practices for Securing Hybrid Clouds

9/12/2018 7:18 AM THR1081 Don’t be the first victim of new malware Turn Windows Defender AV Cloud Protection on! Amitai Senior Program.

Group Policy in MDM: Dealing with ADMX backed policies

Automate all things! Microsoft Azure continuous deployment

Agile Planning with Visual Studio Team Services (VSTS)

Prevent Costly Data Leaks from Microsoft Office 365

9/22/2018 3:49 AM BRK2247 Learn from MVPs: Panel discussion on all things SharePoint and OneDrive © Microsoft Corporation. All rights reserved. MICROSOFT.

Azure PowerShell Aaron Roney Senior Program Manager Cormac McCarthy

Laura A. Robinson July 10, June 30, /15/2018 4:19 PM

Continuous Delivery with Visual Studio Team Services

Azure Advisor: Optimization in the best way

Bring existing desktop apps to UWP with the Desktop Bridge

Mobile Center and VSTS: Better together for your Mobile DevOps

Fixing Bad IT Security: Stupid Mistakes and Dangerous Conveniences

12/5/2018 2:50 AM How to secure your front door with real-time risk assessments of your logons Jan Ketil Skanke COO and Principal Cloud Architect CloudWay.

Accelerate Office 365 Adoption Through Microsoft FastTrack Services

Microsoft products for non-profits

Automating security for better, continuous compliance in the cloud

Introduction to ASP.NET Core 1.0

Five cool things you can do with Windows PowerShell on Office 365

Microsoft To-Do Preview

Yammer for IT Tom Kretzmer Solutions Developer, Westinghouse THR1016

Microsoft Exchange: Through the eyes of MVPs (Panel discussion)

MDM Migration Analysis Tool (MMAT)

Overview: Dynamics 365 for Project Service Automation

Understand your Azure cloud assets dependencies with BMC Discovery

Breaking Down the Value of A Yammer Post: 20 Things to Do

Cool Microsoft Edge Tips and Tricks

When Bad Things Happen to Good Applications

Getting the most out of Azure resources with Azure Advisor

“Hey Mom, I’ll Fix Your Computer”

4/21/2019 7:09 AM THR2098 Unlock New Opportunities with Nintex Hawkeye Process Intelligence and Workflow Analytics Sr. Product.

4/28/2019 3:30 AM THR1061 Learn how Dynamics 365, Office 365 and related applications work together to transform the workplace Donna Edwards Solution Architect.

Consolidate, manage, backup, and secure your cloud content

Designing Bots that Fit Your Organization

Ask the Experts: Windows 10 deployment and servicing

Passwordless Service Accounts

Digital Transformation: Putting the Jigsaw Together

WCF and .NET Framework Microservices in Containers

Diagnostics and troubleshooting in Azure App Service Support Center

Optimizing your content for search and discovery

Presentation transcript:

THR2099 What to do BEFORE all hell breaks loose: Building a modern cybersecurity strategy

What to do BEFORE all hell breaks loose: Building a modern cybersecurity strategy

90+% 30% 12% of security incidents/breaches involve phishing. of recipients open phishing messages. click on attachments. 12% Verizon 2016 Data Breach Investigations Report Verizon 2017 Data Breach Investigations Report

Targeted attacks, global impact Top 20 countries based on #s of affected organizations a day after the initial attack. Symantec

The future? Weaponized malware. Sophisticated tools intended for national cyber espionage and warfare are now available to any cyber criminal. Pharmaceutical companies Oil plants Hospitals Hospitals Shipping companies Banks Food conglomerates Logistics companies Telecom companies Factories Government departments Airlines Metro systems Power plants Supermarkets Law firms

The present? The struggle is already real. More than 4,000 ransomware attacks per day since Jan. 2016, a 300% increase over 2015 (U.S. Department of Justice) And in the past year? 49% 72% of security professionals experienced a WannaCry-like event. 20% experienced 3 such events. experienced 6 such events. Farsight Security

Problems we hear from our customers $ RISING COSTS OF OVERSIGHT AND COMPLIANCE GAPS AND NEW THREATS IMPACT SECURITY RISKS RESOURCE SHORTAGE IN SECURITY TEAMS COMPLIANCE ISSUES OR DELAYS DUE TO COMPLEXITY

Feedback from a survey of 100 CIO/CSOs “We have to tear down the traditional view of what an IT operations entity is and what a security entity is.”

Bridge the gap between Security and IT Operations

“IT wants things to work smoothly, while security wants security. Feedback from a survey of 100 CIO/CSOs “IT wants things to work smoothly, while security wants security. At the endpoint, they have to work together to maintain both.”

Focused strategies lead to strategic IT success. Provide defense in depth. Integrate the environment to discover the breadth of risk. Provide tech that reduces the attack surface. Analyze data for insight into issues. Take action to solve problems. Balance security with user needs. Learn about users and discover their needs. Provide security without interfering with jobs. Silently provide service through upgrades and risk evasion. Increase productivity with the right tools.

CIS Critical Security Controls Prioritized list of actions Comply with industry and gov’t security requirements Based on experience with actual attacks Block initial compromises, detect compromised devices

The first 5 controls CIS, US-CERT, ASD, and other authorities prioritize these five elements of cyber hygiene to significantly reduce security threats. Inventory of Authorized and Unauthorized Devices Inventory of Authorized and Unauthorized Software Secure Configuration Continuous Vulnerability Assessment and Remediation Controlled Use of Administrative Privileges

85% Organizations can prevent up to of Windows intrusion threats by implementing four key disciplines 1 2 3 4 Patch Operating Systems Patch Applications Application Control Privilege Management Advanced Reporting \ Critical Insights

Our defense-in-depth solutions Patch & Vulnerability Management Application Control & Privilege Management Endpoint Security Secure Program Management Patch and secure the OSes and 3rd-party apps that you can. Prevent all other apps from running while practicing the principles of least privilege. Add advanced anti-malware and AV capabilities, device control, and global policy for all devices. Marry security capabilities with workflows and asset management processes to complete a secure lifecycle. Patch management Vulnerability management Application control Privilege management Device control Antivirus/antimalware Threat alerting Asset management Service management Secure configuration management Discovery

with no additional infrastructure or training 3rd PARTY PATCH APPS EASILY IN SCCM with no additional infrastructure or training

Patch Your Data Center Without the #@!$ complexity!

TRUSTED OWNERSHIP for manageable application control

Advanced Dashboard Reporting Get the critical insights that matter!

Visit Ivanti at Booth #801

Please evaluate this session Tech Ready 15 6/2/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.