Analyze the anatomy of advanced attacks

Slides:



Advertisements
Similar presentations
Natural Language Querying Using Q&A. Data & Analytics Self-service BI with the familiarity of Office and the power of the cloud.
Advertisements

04 | Business Analyzer Brian Meier| Senior Lead Program Manager.
Deployment Planning Services
Deliver business insights with Microsoft Dynamics AX and Power BI
Now, let’s implement/trial Windows Defender Advanced Threat Protection
Examine information management in Cortana Intelligence
Deploy and get started with Microsoft Advanced Threat Analytics
“Introduction to Azure Security Center”
How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!
Journey to Microsoft Secure Cloud
Simplifying Hybrid Cloud Protection with Azure Security Center
BRK3288-Discover data-driven apps that learn and adapt
Configure and Manage Your Hybrid Cloud Environment at Scale
Conduct a successful pilot deployment of Microsoft Intune
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Microsoft Ignite /11/2018 1:18 AM BRK4017
Microsoft /17/2018 4:24 AM BRK4012 Dive deep on Skype Web SDK & Skype for Business App SDK - Build apps across Web, IOS & Android Srividhya Chandrasekaran Amit.
Web development productivity with Visual Studio
Microsoft Power BI Transforming your data into actionable insight
Plan and deploy Microsoft Advanced Threat Analytics the right way
Protect Azure IaaS deployments using Azure Security Center
The power of common identity across any cloud
Virtual Machine Diagnostics in Microsoft Azure
Microsoft Ignite /22/2018 3:27 PM BRK2121
Secure Remote Access to on-premises Web Apps using Azure AD
Building an effective ATA solution
Get Started with Common Data Model (CDM) and PowerApps
The utility belt for managing security and compliance in Office 365
Azure API Management Jothi Prakash A
9/12/2018 7:18 AM THR1081 Don’t be the first victim of new malware Turn Windows Defender AV Cloud Protection on! Amitai Senior Program.
9/18/ :06 AM BRK2212 Gain visibility into Network performance and availability with Network monitoring solutions in Azure Vijay Tinnanur Abhishek.
Deploy Windows 10 Mobile for the mobile workforce
Azure PowerShell Aaron Roney Senior Program Manager Cormac McCarthy
Meetup: Use Microsoft Technologies to Real World IoT Scenario
11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Connect /17/2018 5:15 AM
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Azure Do’s and Don’ts
Modern business intelligence
Microsoft Ignite /22/2018 3:58 PM BRK2254
IoT focusing in data analysis, a new world to developers and DBAs
11/29/ :53 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
12/1/ :04 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Modern Windows 10 device 12/2/2018 E3 E3 P E3 P P P P E3 E3 P P P P P
Application Insights Diagnostics Preview
12/6/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Secure once, run anywhere Simplify your security with Sophos
12/25/2018 5:11 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
What’s new in the Fall Creators Update for Windows Defender ATP
Microsoft Ignite /18/2019 7:21 AM
Welcome to Azure Notebooks
Azure Functions & Aurelia Serverless SPAs
Meetup User Experience Design for SharePoint
2/22/2019 1:12 PM The Journey To Provision and Manage a Thousand Machine Cluster for Machine Learning Neil Sant Gat © Microsoft Corporation. All rights.
Microsoft Connect /23/ :38 AM
Microsoft Connect /24/ :10 PM
Ask the Experts: Windows 10 deployment, servicing, and provisioning
Microsoft Connect /25/2019 1:20 PM
Protecting your data with Azure AD
4/3/2019 8:56 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.
4/9/2019 5:05 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.
4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
4/12/2019 5:27 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Azure Networking inside and out
Diagnostics and troubleshooting in Azure App Service Support Center
5/30/2019 2:25 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Power BI – The Circle is Complete
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
“With sync replication and mobile apps, we can access documents posted to OneDrive from our computers or mobile devices, giving us more flexibility to.
Data Policy and AI Erich Andersen
Presentation transcript:

Analyze the anatomy of advanced attacks 12/5/2018 9:08 PM BRK2001 Analyze the anatomy of advanced attacks Benny Lakunishok Product Manager © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

1 Collect Analyze & Learn 2 ATA Center Detect 3 Alert & Investigate 4 12/5/2018 9:08 PM 1 Collect Port Mirroring or Sensor on DC L7 Deep Packet Inspection (DPI) Hybrid data sources 2 Analyze & Learn Self-learning and profiling technology Patented IP resolution mechanism ATA Center Detect 3 Abnormal behavior and suspicious activities Real-breach oriented research Microsoft Intelligence Alert & Investigate 4 ATA Gateway Intuitive Attack timeline Detailed investigation with dedicated entity profile PROXY VPN AD HR APPS ADFS SIEM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12/5/2018 9:08 PM Our story begins © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Mamazon Industry: Commerce and Cloud computing 12/5/2018 9:08 PM Mamazon Industry: Commerce and Cloud computing Publicly traded (450B $) Founded: 1994 HQ: Albuquerque, NM, USA Employee #: ~350,000 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Black Circle Industry: Business Intelligence Privately held 12/5/2018 9:08 PM Black Circle Industry: Business Intelligence Privately held Founded: 2010 HQ: Tel Aviv, Israel Employee #: ~100 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Moogle Industry: Software Publicly traded (650B $) Founded: 1999 12/5/2018 9:08 PM Moogle Industry: Software Publicly traded (650B $) Founded: 1999 HQ: Orlando, FL, USA Employee #: ~50,000 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

The Target https://www.linkedin.com/in/ruth-borat-3bab06146/ 12/5/2018 9:08 PM The Target Ruth Borat Senior Vice President and CFO, Moogle https://www.linkedin.com/in/ruth-borat-3bab06146/ © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12/5/2018 9:08 PM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Attack story step 1 JohnD-Laptop JohnD SAMR Recon 12/5/2018 9:08 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Attack story step 2 JohnD-Laptop JohnD RuthB 12/5/2018 9:08 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Attack story step 3 Failure JohnD-Laptop Success RuthB EdnaF 12/5/2018 9:08 PM Attack story step 3 Failure JohnD-Laptop Success EdnaF RuthB © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12/5/2018 9:08 PM Preview To get access to the preview please contact ATAEVAL@Microsoft.com © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Attack story step 4 EdnaF EdnaF-PC Helpdesk RuthB-Laptop 12/5/2018 9:08 PM Attack story step 4 EdnaF EdnaF-PC Helpdesk RuthB-Laptop © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Attack story step 5 EdnaF-PC HelpDesk AXFR Query 12/5/2018 9:08 PM Attack story step 5 EdnaF-PC HelpDesk AXFR Query TopSecretFinanceServer © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Attack story step 6 RuthB-Laptop Helpdesk EdnaF-PC 12/5/2018 9:08 PM Attack story step 6 Helpdesk RuthB-Laptop EdnaF-PC TopSecretFinanceServer RuthB © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Takeaways Attackers life is easy ATA makes the defenders life easier 12/5/2018 9:08 PM Takeaways Attackers life is easy ATA makes the defenders life easier Proactive defense Azure ATP limited preview: http://aka.ms/azureatp © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Q&A If you have questions please proceed to the Q&A MICROPHONE. 12/5/2018 9:08 PM Q&A If you have questions please proceed to the Q&A MICROPHONE. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.