Microsoft Azure P wer Lunch

Slides:



Advertisements
Similar presentations
Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.
Advertisements

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
Azure Stack Foundation
IT Operations Management
Laura E. Hunter Principal Program Manager October 2016
The time to address enterprise mobility is now
Deployment Planning Services
Hybrid Management and Security
Data Platform and Analytics Foundational Training
Microsoft Azure Deployment Planning Services
Deployment Planning Services
Learn about Office 365 Secure Score - actionable security analytics
Now, let’s implement/trial Windows Defender Advanced Threat Protection
Enterprise Security in Practice
“Introduction to Azure Security Center”
Hybrid Management and Security
Microsoft Operations Management Suite Insight and Analytics
Simplifying Hybrid Cloud Protection with Azure Security Center
Configure and Manage Your Hybrid Cloud Environment at Scale
Microsoft Azure: The only consistent Hybrid Cloud
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
SaaS Application Deep Dive
Use Azure Security Center to prevent, detect, and respond to threats
Protect Azure IaaS deployments using Azure Security Center
Microsoft Azure P wer Lunch
Protect sensitive information with Office 365 DLP
Threat Management Gateway
Microsoft Azure Deployment Planning Services
Configuration Management with Azure Automation DSC
Opalis and Service Manager: IT Automation & Compliance
IT Operations Management
Microsoft Azure P wer Lunch
Automated Response with Windows Defender ATP
Microsoft Azure P wer Lunch
Microsoft Azure Deployment Planning Services
Microsoft Azure P wer Lunch
Security for your digital transformation
Prevent Costly Data Leaks from Microsoft Office 365
Microsoft Azure P wer Lunch
Microsoft Azure P wer Lunch
Healthcare Cloud Security Stack for Microsoft Azure
Microsoft Azure P wer Lunch
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Virtual Academy
Ed oms team OMS: Log Analytics Ed oms team.
Microsoft Build /24/2018 2:25 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
12/1/ :04 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
12/5/2018 2:50 AM How to secure your front door with real-time risk assessments of your logons Jan Ketil Skanke COO and Principal Cloud Architect CloudWay.
Microsoft Virtual Academy
TechEd /7/ :16 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Microsoft Virtual Academy
Building an Integrated Security System Microsoft Forefront code name “Stirling” Ravi Sankar Technology Evangelist | Microsoft
What’s new in the Fall Creators Update for Windows Defender ATP
Healthcare Cloud Security Stack for Microsoft Azure
Microsoft Virtual Academy
M6: Advanced Identity Management topics for Office 365
Виктор Хаджийски Катедра “Металургия на желязото и металолеене”
Шитманов Дархан Қаражанұлы Тарих пәнінің
*AZs available across US, Europe and Asia
Route web traffic using Azure CLI
Day 2, Session 2 Connecting System Center to the Public Cloud
Microsoft Virtual Academy
Microsoft Virtual Academy
Microsoft Data Insights Summit
Office 365 Development July 2014.
7/28/ :33 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.
Microsoft Data Insights Summit
What's new in Project Pro for Office365 and Sync to SharePoint Online
Azure DevOps Integration
Day 1, Session 4 Building Your Service Catalog
Presentation transcript:

Microsoft Azure P wer Lunch 7/6/2018 Microsoft Azure P wer Lunch Today’s Topic: Azure Security Center Date: 11/02/2017 Presented By: Azure Solution Architects from US South Central © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Session Agenda Azure Services Updates Today’s Topic: Q & A Build 2015 7/6/2018 10:24 AM Session Agenda Azure Services Updates Today’s Topic: Azure Security Center Q & A © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Paresh Sharda – Azure Infra Technology Sales Professional Build 2015 7/6/2018 10:24 AM Paresh Sharda – Azure Infra Technology Sales Professional 12+ years of experience in working with Enterprise Systems 9+ years in Microsoft Ecosystem as Partner, Vendor, Customer and Employee Extensive experience with integration of Systems of Business and Systems of Interaction Passionate tinkerer who can break(actually tries to fix) any working thing © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Service Updates Subscribe to Azure Updates Build 2015 7/6/2018 10:24 AM Azure Service Updates Subscribe to Azure Updates © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Cloud Presents Unique Security Challenges 7/6/2018 10:24 AM Cloud Presents Unique Security Challenges $ $ $ $ $ $ $ $ $ $ $ $ $ $ Cloud presents unique security challenges: CIOs and CISOs lack visibility and control: management is increasingly distributed and physical networks no longer define the perimeter Cloud environments are more dynamic: resources are being spun up (and down) frequently, it’s not just about VMs – there’s also PaaS to consider Enterprises bring on-premises security issues to the cloud: disconnected point solutions, noisy alerts, and advanced threats CIOs and CISOs lack visibility and control: management is increasingly distributed and physical networks no longer define the perimeter Cloud environments are more dynamic: resources are being spun up (and down) frequently, it’s not just about VMs – there’s also PaaS to consider Enterprises bring on-premises security issues to the cloud: disconnected point solutions, noisy alerts, and advanced threats © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/6/2018 10:24 AM Azure Security Center Helps you Prevent, Detect, and Respond to Threats Gain visibility and control Get a central view of the security state of all your Azure resources. At a glance, you could verify that the appropriate security controls are in place. And, you could quickly identify any resources that require attention.   Enable secure DevOps Say ‘Yes’ to agility by enabling DevOps with policy-driven recommendations that guide resource owners through the process of implementing required controls – taking the guesswork out of cloud security. Stay ahead of threats Stay ahead of current and emerging threats with an integrated and analytics-driven approach. Detect actual threats earlier and reduce false alarms. Gain visibility and control Enable security at cloud speed Integrate partner solutions Detect cyber attacks © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Gain visibility and control 7/6/2018 10:24 AM Gain visibility and control Provides a unified view of security across all your Azure subscriptions, including vulnerabilities and threats detected Enables you to define security policies for hardening cloud configurations APIs, SIEM connector and Power BI dashboards make it easy to access, integrate, and analyze security information using existing tools and processes © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Align security policies to the needs of your company or workload 7/6/2018 10:24 AM Align security policies to the needs of your company or workload © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/6/2018 10:24 AM Monitor the security state of resources – quickly identify vulnerabilities © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Standard Log Connector 7/6/2018 10:24 AM Azure Access security data in near real-time from your SIEM –security alerts, activity logs, VM security events REST APIs (Activity Logs, Security Center Alerts, AAD Logs) Azure Monitor Service (VM Diagnostics) Azure Monitor Eventhub (Service Diagnostics -NSG, Key Vault) Log Analytics/SIEM Azure Log Integration Standard Log Connector (ArcSight, Splunk, etc) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Enable security at cloud speed 7/6/2018 10:24 AM Enable security at cloud speed Continuously assesses the security of your workloads even as they change Creates policy-driven recommendations and guides users through the process of remediating security vulnerabilities Enables rapidly deployment of build-in security controls as well as products and services from security partners (firewalls, endpoint protection, and more) © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/6/2018 10:24 AM Prioritized recommendations take the guesswork out of security for resource owners © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/6/2018 10:24 AM Prescriptive analytics help you manage advanced security controls like application whitelisting Preview © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/6/2018 10:24 AM Limit exposure to brute force attacks with just-in-time RDP and SSH access to virtual machines Preview © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Integrate partner solutions 7/6/2018 10:24 AM Integrate partner solutions Recommends and streamlines provisioning of partner solutions Integrates signals for centralized alerting and advanced detection Enables monitoring and basic management with easy access to advanced configuration using the partner solution Leverages Azure Marketplace for commerce and billing © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/6/2018 10:24 AM Easily deploy security solutions from partners and automatically integrate logs © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Monitor and manage partner security solutions 7/6/2018 10:24 AM Monitor and manage partner security solutions © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/6/2018 10:24 AM Detect cyber attacks Analyzes security data from your Azure virtual machines, Azure services (like Azure SQL databases), the network, and connected partner solutions Leverages security intelligence and advanced analytics to detect threats more quickly and reduce false positives Creates prioritized security alerts and incidents that provide insight into the attack and recommendations on how to remediate © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/6/2018 10:24 AM Prioritized security alerts provide details about the threat detected and suggests steps to remediate © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/6/2018 10:24 AM Alerts that conform to kill chain patterns are fused into a single incident © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Use built-in threat intelligence reports to inform your response 7/6/2018 10:24 AM Use built-in threat intelligence reports to inform your response Reports can include: Attacker’s identity or associations (if known) Attackers’ objectives Current and historical (if known) attack campaigns Attackers’ tactics, tools and procedures Associated indicators of attack and compromise such as URLs and file hashes Victimology - Industry and geographic prevalence to help customers determine if they are at risk Mitigation/remediation information Also note that different types of TAS reports focus on different aspects of attacks. Activity Group Reports are deep dives into attackers, their objectives and tactics; Campaign Reports focus on details of specific attack campaigns; and Threat Summary reports may cover all of the items in the above list. Reports give you insights that can inform your response – helping you stop an attack and recover more quickly. It also can helps you understand if this is a widespread attack or if your organization or industry is being targeted specifically.   © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Advanced detection capabilities 7/6/2018 10:24 AM Advanced detection capabilities Threat intelligence Looks for known malicious actors Examples Network traffic to malicious IP address Malicious process executed Behavioral analytics Looks for known patterns and malicious behaviors Examples Process executed in a suspicious manner Anomaly detection Uses statistical profiling to build historical baselines Alert on deviations that conform to a potential attack vector Example Remote desktop connections to a specific VM typically occur 5 times a day, today there were 100 connection attempts Fusion Combine events and alerts from across the kill chain to map the attack timeline Examples SQL injections (WAF + Azure SQL Logs) Malicious process (Crash dump… and later… suspicious process execution) Breach detection (Brute force attempt… and later… suspicious VM activity) © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Detection throughout the kill chain 7/6/2018 10:24 AM Detection throughout the kill chain Target and attack Inbound brute force RDP, SSH, SQL attacks and more Application and DDoS attacks (WAF partners) Intrusion detection (NG Firewall partners) Install and exploit Known malware signatures (AM/EPP partners) In-memory malware and exploit attempts Suspicious process execution Suspicious PowerShell activity Lateral movement Internal reconnaissance Post breach Communication to a known malicious IP (data exfiltration or command and control) Using compromised resources to mount additional attacks (outbound port scanning, brute force RDP/SSH attacks, DDoS, and spam) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/6/2018 10:24 AM Target and attack RDP brute force attack detected using anomaly detection An attacker attempts to log into a VM using a brute force attack. Security Center uses machine learning to understand typical RDP access patterns for this VM and alerts when access attempts exceed the norm. Azure Security Center triggers an alert © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/6/2018 10:24 AM Install and Exploit In-memory malware and exploit detected using crash analysis An attacker gains access to a VM and installs malware undetected. A malicious or non-robust program causes a crash. Windows Error Reporting generates a memory crash dump. Security Center collects an ephemeral copy of the crash dump and scans it for evidence of exploits and compromises. Some Real World Examples: Malicious PDF.EXE—Detected Phishing software when only 8% of A/V engines detected it Metasploit injecting Mimikatz into memory via PowerShell—Toolkit for lateral movement RemoteIE—Trojan injected into browser memory and collects/exports data Carberp.K—Trojan that steals banking creds, exports certificates, and contains key logger Azure Security Center triggers an alert © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/6/2018 10:24 AM Post Breach Outbound SPAM detected using machine learning and threat intelligence An attacker gains access to a VM and begins to send spam emails. Security Center machine learning detects a spike in SMTP traffic. Traffic is correlated with O365 SPAM database to determine if the traffic is likely legitimate or not. Azure Security Center triggers an alert © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

New detection algorithm 7/6/2018 10:24 AM Ongoing Security Research and Innovation Security Research Teams of security researchers and data scientists: Monitor threat intelligence Share signals and analysis across Microsoft security products/services Work with on specialized fields, like forensics and web attack detections Culminates in new detection algorithms, which are validated and tuned Often results in new security insights or threat intelligence that informs security research Security insights New detection algorithm Validation and tuning © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Resources Azure Home Page Azure Blog Azure Updates Build 2015 7/6/2018 10:24 AM Resources Azure Home Page Azure Blog Azure Updates Azure Security Center Videos & Webinars Pricing & Licensing Blog © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Build 2015 7/6/2018 10:24 AM © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.