Microsoft Ignite /16/2017 4:54 PM

Slides:

Advertisements

Similar presentations

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Advertisements

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

The Most Analytical and Comprehensive Defense Network in a Box.

Security for Today’s Threat Landscape Kat Pelak 1.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

IBM Security Network Protection (XGS)

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Did You Hear That Alarm? The impacts of hitting the information security snooze button.

1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.

The Most Analytical and Comprehensive Defense Network in a Box.

Honeypot and Intrusion Detection System

Security Planning and Administrative Delegation Lesson 6.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

$3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76%

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher.

Ali Alhamdan, PhD National Information Center Ministry of Interior

Wireless Intrusion Prevention System

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Advanced Persistent Threats (APT) Sasha Browning.

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

Marin Frankovic Datacenter TSP

Threat Management Service October Crypteia Networks 2 Awards PCCW Global acquired Crypteia Networks in 2014 Crypteia Networks was founded as a Security-as-a-

FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Manage and secure identities in a cloud and mobile world

Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.

Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.

IS3220 Information Technology Infrastructure Security

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Enterprise Mobility Suite: Simplify security, stay productive Protect data and empower workers Unsecured company data can cost millions in lost research,

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

Why SIEM – Why Security Intelligence??

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

Go mobile. Stay in control. Craig Morris EMPOWER ENTERPRISE MOBILITY.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.

Life on the Edge Alex Weinert 2016 Redmond Summit | Identity Without Boundaries 5/26/2016 Group Program Manager

Nuts and Bolts of ATA Chris Lloyd 2016 Redmond Summit | Identity Without Boundaries May 24, 2016 Senior Architect

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

Microsoft Advanced Threat Analytics

Identity-driven security

Proactive Incident Response

Protect your Digital Enterprise

Microsoft Inspire 10/25/2017 8:31 PM

SIEM Rotem Mesika System security engineering

Network security Vlasov Illia

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Microsoft Advanced Threat Analytics

Deployment Planning Services

Deploy and get started with Microsoft Advanced Threat Analytics

Emanuele Bianchi | EMEA Security GBB

Plan and deploy Microsoft Advanced Threat Analytics the right way

Building an effective ATA solution

Microsoft Advanced Threat Analytics

Joe, Larry, Josh, Susan, Mary, & Ken

Forensics Week 11.

Download Cisco Exam Dumps - Valid Cisco Question Answers - Dumpsprofessor.com

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Shifting from “Incident” to “Continuous” Response

12/1/ :04 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Protecting your data with Azure AD

Cybersecurity Simplified: Phishing

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

Microsoft Ignite 2015 4/16/2017 4:54 PM © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

BRK3870 How to protect your corporate from advanced attacks: Microsoft Advanced Threat Analytics Preview Demi Albuz Benny Lakunishok

75%+ $500B $3.5M 200+ Sobering statistics 4/16/2017 4:54 PM Sobering statistics 200+ The median # of days that attackers reside within a victim’s network before detection 75%+ of all network intrusions are due to compromised user credentials $500B The total potential cost of cybercrime to the global economy $3.5M The average cost of a data breach to a company The frequency and sophistication of cybersecurity attacks are getting worse. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Changing nature of cybersecurity attacks 4/16/2017 4:54 PM Changing nature of cybersecurity attacks Today’s cyber attackers are: Compromising user credentials in the vast majority of attacks Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Costing significant financial loss, impact to brand reputation, loss of confidential data and executive jobs © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Changing nature of cybersecurity attacks 4/16/2017 4:54 PM Changing nature of cybersecurity attacks Today’s cyber attackers are: Compromising user credentials in the vast majority of attacks Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Costing significant financial loss, impact to brand reputation, loss of confidential data and executive jobs © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Changing nature of cybersecurity attacks 4/16/2017 4:54 PM Changing nature of cybersecurity attacks Today’s cyber attackers are: Compromising user credentials in the vast majority of attacks Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Costing significant financial loss, impact to brand reputation, loss of confidential data and executive jobs © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Changing nature of cybersecurity attacks 4/16/2017 4:54 PM Changing nature of cybersecurity attacks Today’s cyber attackers are: Compromising user credentials in the vast majority of attacks Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Costing significant financial loss, impact to brand reputation, loss of confidential data and executive jobs © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

The problem Traditional IT security solutions are typically: Complex 4/16/2017 4:54 PM The problem Traditional IT security solutions are typically: Complex Prone to false positives Designed to protect the perimeter Initial setup, fine-tuning, creating rules, and thresholds/baselines can take a long time. You receive too many reports in a day with several false positives that require valuable time you don’t have. When user credentials are stolen and attackers are in the network, your current defenses provide limited protection. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Introducing Microsoft Advanced Threat Analytics 4/16/2017 4:54 PM Introducing Microsoft Advanced Threat Analytics An on-premises solution to identify advanced security attacks before they cause damage Comparison: Microsoft Advanced Threat Analytics brings this concept to IT and users of a particular organization Credit card companies monitor cardholders’ behavior If there is any abnormal activity, they will notify the cardholder to verify charge Email attachment © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Introducing Microsoft Advanced Threat Analytics 4/16/2017 4:54 PM Introducing Microsoft Advanced Threat Analytics An on-premises solution to identify advanced security attacks before they cause damage Behavioral Analytics Detection for known attacks and issues Advanced Threat Detection © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Advanced Threat Analytics Benefits 4/16/2017 4:54 PM Microsoft Advanced Threat Analytics Benefits An on-premises solution to identify advanced security attacks before they cause damage Detect threats fast with Behavioral Analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives Behavioral Analytics Detection for known attacks and issues Advanced Threat Detection No need to create rules or policies, deploy agents, or monitor a flood of security reports. The intelligence needed is ready to analyze and is continuously learning. ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly evolving enterprise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who, what, when, and how” of your enterprise. It also provides recommendations for next steps Alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Why Microsoft Advanced Threat Analytics? 4/16/2017 4:54 PM Why Microsoft Advanced Threat Analytics? It is fast It learns and adapts It provides clear information Red flags are raised only when needed No need to create rules, thresholds, or baselines. ATA detects suspicious activity fast, leveraging Active Directory traffic and SIEM logs. Self-learning behavioral analytics consistently learns and identifies abnormal behavior. Functional, clear, and actionable attack timeline, showing the who, what, when, and how in near real time. ATA compares the entity’s behavior to its profile, but also to the other users, so red flags are raised only when verified. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Key features Mobility support Integration to SIEM Seamless deployment 4/16/2017 4:54 PM Key features Mobility support Integration to SIEM Seamless deployment Witnesses all authentication and authorization to the organizational resources within the corporate perimeter or on mobile devices Analyzes events from SIEM to enrich the attack timeline Works seamlessly with SIEM Provides options to forward security alerts to your SIEM or to send emails to specific people Utilizes port mirroring to allow seamless deployment alongside AD Non-intrusive, does not affect existing network topology © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

How Microsoft Advanced Threat Analytics works 4/16/2017 4:54 PM How Microsoft Advanced Threat Analytics works 1 Analyze After installation: Simple, non-intrusive port mirroring configuration copies all AD-related traffic Remains invisible to the attackers Analyzes all Active Directory network traffic Collects relevant events from SIEM and information from Active Directory (titles, group memberships, and more) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

How Microsoft Advanced Threat Analytics works 4/16/2017 4:54 PM How Microsoft Advanced Threat Analytics works 2 Learn ATA: Automatically starts learning and profiling entity behavior Identifies normal behavior for entities Learns continuously to update the activities of the users, devices, and resources What is entity? Entity represents users, devices, or resources © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

How Microsoft Advanced Threat Analytics works 4/16/2017 4:54 PM How Microsoft Advanced Threat Analytics works 3 Detect Microsoft Advanced Threat Analytics: Looks for abnormal behavior and identifies suspicious activities Only raises red flags if abnormal activities are contextually aggregated Leverages world-class security research to detect security risks and attacks in near real time based on attackers Tactics, Techniques and Procedures (TTPs) ATA not only compares the entity’s behavior to its own, but also to the behavior of entities in its interaction path. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

How Microsoft Advanced Threat Analytics works 4/16/2017 4:54 PM How Microsoft Advanced Threat Analytics works Security issues and risks Broken trust Weak protocols Known protocol vulnerabilities Malicious attacks Pass-the-Ticket (PtT) Pass-the-Hash (PtH) Overpass-the-Hash Forged PAC (MS14-068) Golden Ticket Skeleton key malware Reconnaissance BruteForce Abnormal Behavior Anomalous logins Remote execution Suspicious activity Unknown threats Password sharing Lateral movement © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/16/2017 4:54 PM Topology © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Topology Topology - Gateway 4/16/2017 4:54 PM Topology Topology - Gateway Captures and analyzes DC network traffic via port mirroring Listens to multiple DCs from a single Gateway Receives events from SIEM Retrieves data about entities from the domain Performs resolution of network entities Transfers relevant data to the ATA Center © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Topology Topology - Center Manages ATA Gateway configuration settings 4/16/2017 4:54 PM Topology Topology - Center Manages ATA Gateway configuration settings Receives data from ATA Gateways and stores in the database Detects suspicious activity and abnormal behavior (machine learning) Provides Web Management Interface Supports multiple Gateways © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/16/2017 4:54 PM Demo © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Summary Taking User Behavioral Analytics (UBA) to the next level 4/16/2017 4:54 PM Summary Taking User Behavioral Analytics (UBA) to the next level Microsoft ATA protects your organization in a simple way Learn more and try at: www.microsoft.com/ata © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/16/2017 4:54 PM Q&A © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Mobility Quest Liked what you saw? Experience it and win Visit our booth Check out our solutions Complete our missions ….You are entered to win! www.msmobilityquest.com

Microsoft Cloud Security for Enterprise Architects 4/16/2017 4:54 PM Microsoft Cloud Security for Enterprise Architects Systematic approach to securing your identities, data, and applications in the cloud Visio version PDF version © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft’s Enterprise Cloud Roadmap 4/16/2017 4:54 PM Microsoft’s Enterprise Cloud Roadmap Resources for IT decision makers http://aka.ms/CloudArchitecture Map of Microsoft SaaS, PaaS, IaaS, and private cloud offerings Identity architecture Security architecture Deployment and integration options for Exchange, Lync, and SharePoint Azure architecture blueprints Cloud design patterns Design stencils © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session 4/16/2017 4:54 PM Please evaluate this session Your feedback is important to us! Visit Myignite at http://myignite.microsoft.com or download and use the Ignite Mobile App with the QR code above. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/16/2017 4:54 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/16/2017 4:54 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/16/2017 4:54 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/16/2017 4:54 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/16/2017 4:54 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.