Identity Driven Security

Slides:



Advertisements
Similar presentations
Travel and Expense Management Scenario Overview
Advertisements

Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.
Travel and Expense Management Scenario Overview
Working with SharePoint Document Libraries. What are document libraries? Document libraries are collections of files that you can share with team members.
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
Perimeters and Unicorns: Two Things That Only Exist in IT Fairyland Gary Paluch, CISSP, Sr. Sales Engineer.
Ankur Kothari Microsoft Corporation. In-Place Archive with secondary quota Access documents with SkyDrive Pro Site Mailboxes enable better collaboration.
FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.
Intelligence Persona Dashboard Project
1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Complete Cloud Security Anyone, anywhere, any app, any device.
Emdeon Office Batch Management Services This document provides detailed information on Batch Import Services and other Batch features.
Microsoft Ignite /1/ :41 PM BRK3249
Office 365 Advanced Security Management
Microsoft Cloud App Security
SQL Database Management
SharePoint 101 – An Overview of SharePoint 2010, 2013 and Office 365
Core ELN Training: Office Web Apps (OWA)
The time to address enterprise mobility is now
Deployment Planning Services
Cloud App Security vs. O365 Advanced Security Management
Software Application Overview
Hybrid Management and Security
Azure Information Protection Strategy and Roadmap
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Deployment Planning Services
SaaS Application Deep Dive
Configuring Windows 10 for Your Studio
OFFICE 365 Introducing Advanced Security Management 9/11/2018
Respond to Advanced Threats with Risk Based Policies and Monitoring
Protect sensitive information with Office 365 DLP
9/4/2018 6:45 PM Secure your Office 365 environment with best practices recommended for political campaigns Ethan Chumley Campaign Technology Advisor Civic.
Security managed from the cloud.
Extending classification ,labeling , and protection to 3rd party applications Kartik Microsoft Tony Digital Guardian Amit Cohen.
The utility belt for managing security and compliance in Office 365
Introducing Version 9 for Security Suite and SAINT Cloud
Understanding best practices in classifying sensitive data
Microsoft Ignite /18/2018 9:42 AM
Azure Information Protection
Azure Information Protection
Prevent Costly Data Leaks from Microsoft Office 365
Cloud Connect Seamlessly
Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.

Healthcare Cloud Security Stack for Microsoft Azure
11/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Azure Information Protection
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Azure Information Protection
Azure Information Protection
Azure Information Protection
Azure Information Protection
Azure Information Protection
Everything Windows User Group Meeting, Aug 2016
Residency director & Faculty Training
Healthcare Cloud Security Stack for Microsoft Azure
Information Social Access Mapping: Who is doing what with data?
Office 365 Reporting Dashboard - Overview
Microsoft Virtual Academy
Using the Cloud App Marketplace Monitoring cloud app migrations
SPO Demos to Business Value Discussion Pillar Mapping
IN THE PAST, THE FIREWALL WAS THE SECURITY PERIMETER devicesdata users apps On-premises.
Protecting your data with Azure AD
4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Cases Admin Training.
Microsoft Data Insights Summit
<offer name> with Microsoft 365 Business Secure Deployment
Microsoft Data Insights Summit
Presentation transcript:

Identity Driven Security Cloud App Security With more than 80 percent of employees admitting to using non-approved SaaS apps for their jobs, how can you maintain visibility, control, and protection of your cloud apps? With this fast transition to cloud apps, we know you may be concerned about storing corporate data in the cloud and how to make it accessible to users anywhere without comprehensive visibility, auditing, or controls. Legacy security solutions are not designed to protect data in SaaS applications. Traditional network security solutions, such as firewalls and IPS, don’t offer visibility into the transactions that are unique to each application and traffic off-premises, including how data is being used and stored. Classic controls fail to provide protection for cloud apps as they monitor only a small subset of cloud traffic and have limited understanding of app-level activities. We have your solution: Microsoft Cloud App Security Why Cloud App Security? Shadow IT discovery – no agents required Enchanced threat protection with Microsoft intelligent security graphs Granular controls of your sanctioned apps Builds on broader Microsoft platforms It’s enterprise grade and easy to use It’s deep intergration with Office CLICK STEP(S). Click anywhere on the slide to begin

Here you are presented the Microsoft Cloud App Security console. You have four key menus to choose from: “Discover”, “Investigate”, “Control” and “Alerts” These menus provide you a wide set of capabilities including visibility, comprehensive data controls and threat prevention for your cloud apps. Let’s go ahead and start with the discovery dashboard. CLICK STEP(S) Click the Discover menu.

CLICK STEP(S) Click on Cloud Discovery dashboard.

The Discovery dashboard provides an overview of cloud apps used in your organization with details. CLICK STEP(S) On the right, click on the scroll bar to scroll down.

It also identifies all users and IP addresses accessing the application while also conducting risk assessment and automated risk score for each app. Point Out: Top Users/Top IP Addresses Tile Your users do not need to deploy any additional agents on their devices for Cloud App Security to provide this analysis because we collect information from the firewalls and proxies. CLICK STEP(S) On the right, click on the scroll bar to scroll up.

The dashboard provides an overall understanding of your organization’s cloud app usage. However, to get more detailed information about the apps being used, let’s navigate to Discovered apps. CLICK STEP(S) On the Cloud Discovery navigation bar, click on Discovered apps

Here you see all of the discovered apps in the organization, including a lot of additional data, such as amount of users using the app, the amount of IPs the app is being accessed from or the total number of transactions to name a few. CLICK STEP(S) On the right, click the scroll bar to scroll down.

You also can easily filter based on the name, activity time frame or the risk score associated with the application. Let’s filter for collaboration apps. CLICK STEP(S) On the left, click Collaboration.

You can also have the ability to drill down on a specific app. Let’s review Office 365. CLICK STEP(S) Under the Score column, click on 10 for Office 365.

Cloud App Security not only discovers more than 13,000 cloud applications in use but it also provides an automated risk score by evaluating each discovered service against more than 60 parameters. CLICK STEP(S) On the right, click the scroll bar to scroll down

Here you can see all of the different parameters used for the risk evaluation. Let’s look at an example of a parameter breakdown. CLICK STEP(S) On the bottom right of the slide, click on HTTP security headers.

You can dive into more details for a specific parameter to get a breakdown on the score. You can see the weight of this parameter in this category and which factors are considered for risk assessment. You can interact with this risk assessment by reporting new data or requesting a score update. CLICK STEP(S) On the right, click the scroll bar to scroll up.

CLICK STEP(S) Under the Name column, click on Office 365 to navigate to charts.

Discovering which apps are in use across your organization is just the first step in making sure your sensitive corporate data is protected. CLICK STEP(S) On the right, click on the scroll bar to scroll down.

You also have access to powerful reporting and analytics capabilities for you to gain the complete context of your cloud usage: such as usage patterns, upload/download traffic and top users. Next, let’s see how you can investigate and gain detailed visibility on a file level. To do this we will navigate to the Investigate menu. CLICK STEP(S) On the top navigation bar, click on Investigate to expand the drop down menu.

CLICK STEP(S) Click Files.

The Investigate menu provides you with deep visibility into all activities, files and accounts. Here you can see all files in your cloud environment with an easy and powerful query engine. Let’s set the Access level filter to sort for all public files. CLICK STEP(S) In the middle of the filtering bar, click on the Access Level drop down menu to expand.

CLICK STEP(S) Click Public.

Security vulnerabilities or data leakage are always a concern and it is very easy for an employee to accidentally make a file link public. No one has the time to go through all publically shared files to ensure no sensitive customer or company data has been leaked. However, this can be done easily by navigating to the policies page, where you have the option of creating new policies or monitoring current existing policies for violations. CLICK STEP(S) On the top navigation bar, click on the Control menu to expand.

CLICK STEP(S) Click Policies.

Here you are presented all of the active policies which are monitoring all apps used in your organization. Within the Policy page, we will review 2 different scenarios: Walkthrough the creation of a new policy using a template File level investigation: Authorizing a legitimate file How to take action against suspicious/unauthorized file activity. For the 1st scenario, you will see how simple and straight forward it is to create a new policy. CLICK STEP(S) Click Create Policy.

Cloud App Security provides you a variety of different types of policy types to choose from. Each possessing their own policy specific templates but still allowing you the ability to customize it to your need(s). For today, let’s just focus on a new App Discovery policy. CLICK STEP(S) Click App Discovery Policy.

When creating a new policy, you have the option of using “out of the box” templates or customizing your own policy. Today, we will be using an “out of the box” template. CLICK STEP(S) Click the Policy Template drop down menu.

To reiterate, the primary reason behind the creation of this policy is to target possible “risky” apps. So let’s select the “New Risky App” template. CLICK STEP(S) Click New Risky App.

CLICK STEP(S) Click Apply Template.

Now that the template has been applied, let’s review the policy. Point Out: Policy Description statement and review the criteria described that will generate an alert. CLICK STEP(S) Click scroll bar to scroll down.

Even though an “out of the box” template has been used, you still have the ability to alter any of the values to fit your requirements. Point Out: Create a filter section and note the risk scores being targeted Point out: Trigger a policy match section, showing another set of criteria that will trigger an alert. Now moving onto the 2nd scenario, file level investigation. CLICK STEP(S) Click Cancel.  

For the 2 file investigation sub scenarios you will refer to the PCI compliance policy which identifies sensitive, publicly shared files containing customer credit card numbers. As you can see, the PCI policy is currently detecting 2 files in violation of it’s policy. Point Out: 2 matches on the PCI Compliance policy line. Let’s investigate these violations. CLICK STEP(S) Click on the PCI COMPLIANCE policy.

For the 1st file level investigation scenario, you will see how you can authorize legitimate activity using the Test_file_for_DLP_test.docx. CLICK STEP(S) Click on the Payment schedule and details.xlsx file to minimize.

CLICK STEP(S) Click on the Test_file_for_DLP_test.docx file.

To further investigate, you want to view the hierarchy, which you know shows where this file resides. CLICK STEP(S) Under the File Name, click View Hierarchy.

Viewing the hierarchy, you can now determine that this is a test file as the file is located in a folder labelled “Test Files”. CLICK STEP(S) Click Done to exit.

Since this file is a legitimate test file, you can now proceed to authorize this file. CLICK STEP(S) To the left of the more information icon, click the check mark to authorize this file.

Moving onto the 2nd file level investigation scenario, you will see how Cloud App Security allows you to react and take action against suspicious activity and/or violations. The document that will be used for this scenario is the Payment schedule and details.xlsx spreadsheet. Let’s click on the spreadsheet to expand the file details. CLICK STEP(S) Click on Payment schedule and details.xlsx.

Within the file details, you can see the owner of the file, all the collaborators, when it was created and when it was modified. By looking at the URL, you can see that the files is shared publicly to everyone via SharePoint. Point Out: Shared with everyone section of the URL https://contoso3-my.sharepoint.com/personal/nirg_contoso_com/Documents /Shared with Everyone/Tiderc.txt You can also see that this file contains an Azure Information Protection classification label, specifically the Secret: Finance Only label. Point Out: File Tag: Secret (external), Finance Only (external) To further investigate, let’s see where this file resides, by viewing the file’s hierarchy. CLICK STEP(S) Under the File Name, click View Hierarchy.

You can see that this file is located under one of our customer information folders and should not be shared publicly. CLICK STEP(S) On the far right side, click on the more information icon (3 vertically stacked dots) for the Payment schedule and details.xlsx file.

You can now make an accurate assessment with the given evidence and take action, by either “put in user quarantine” or “make the link private”. CLICK STEP(S) Click Done to exit Hierarchy window.

Deeper visibility and stronger controls are key components of providing enterprise grade security for your applications, but you don’t stop there. Cloud App Security not only provides you discovery and data control features but also a powerful threat detection engine. Let’s see how Cloud App Security helps you detect anomalies and prevent threats. For this let’s navigate to the Alerts menu. CLICK STEP(S) On the top navigation bar, click on Alerts.

The alerts center will generate an alert if any active policies are violated. Let’s investigate a General Anomaly Detection alert. CLICK STEP(S) Click on the 3rd alert, General Anomaly Detection (ricky@contoso.com).

Cloud App Security advanced machine learning heuristics learns how each user interacts with each SaaS app and through behavioral analysis, assesses the risk in each transaction. Here you can see a user who is an administrator performing suspicious activities such as logging in from a new anonymous location and two countries simultaneously within an hour with several failed login attempts. Point Out: ricky@contoso.com is an administrator CLICK STEP(S) On the right, click on the scroll bar to scroll down.

Using the Activity Log, you are presented each action performed by the suspected user. Through this alert, you are also provided the option of remediating the threat or adjusting the policy as needed. Closing remarks: Through Microsoft Cloud App Security, you will have deeper visibility, comprehensive controls, and improved protection for your cloud applications. Cloud App Security is designed to help you extend the visibility, auditing, and control you have on-premises to your cloud applications.