1. INTEGRATED THREAT MANAGEMENT BROUGHT TO YOU BY WINDOWS 10 & OFFICE 365
Chris Shalda
Microsoft Solutions Architect
Coretek Services
Chris Barnes
Microsoft Delivery Manager
Coretek Services

2. Chris Shalda Chris Barnes @ShaldaChris @CBarnesConfMgr MCSE MCSE
10 years at Coretek Services
15+ years in IT
Food that I cook
Big juicy steak

7. agenda What is a Modern Threat? Anti-Virus Isn’t Sufficient?!?
How Can We Protect our Organizations?
Bringing All the Intelligence Together

8. What is a modern threat?

9. Common threats
Phishing
Malware
APT (Advanced Persistent Threats)

10. THE ANATOMY OF AN ATTACK:)
Healthy Computer
User Receives
User Lured to Malicious Site
Device Infected with Malware

11. :) Healthy Computer User Receives Email User Lured to Malicious Site
Device Infected with Malware
HelpDesk Logs into Device
Identity Stolen, Attacker Has Increased Privs

12. User Lured to Malicious Site Device Infected with Malware
User Receives
User Lured to Malicious Site
Device Infected with Malware
HelpDesk Logs into Device
Identity Stolen, Attacker Has Increased Privs

14. Anti-virus isn’t sufficient?!?

15. Quote about Antivirus In today’s world
Robert O’Callahan – Former Mozilla Developer:
“Antivirus software vendors are terrible; don't buy antivirus software, and uninstall it if you already have it (except, on Windows, for Microsoft’s).”
Key facts:
Many bugs with 3rd party antivirus – cause software issues
Software companies can’t speak out against AV vendors, they need them to play nice
Antivirus is only 1 of many layers of defense for threats today, and a small one
Antivirus, by itself, is terrible protection against zero-day and emerging threats

16. How can we protect our organizations?

17. Defense in depth + Intelligence
Microsoft provides many solutions that work together to provide a tight “net” to protect, detect, respond and remediate
Solutions include:
Office 365 Advanced Threat Protection (ATP)
Windows Defender Advanced Threat Protection (WDATP)
Windows 10 Enterprise E5 only!
Threat Management Dashboard
Microsoft Intelligent Security Graph

18. Microsoft protecting you
3/10/ :01 AM
Microsoft protecting you
INTELLIGENT SECURITY GRAPH
Industry Partners
Antivirus Network
CERTs
Cyber Defense Operations Center
Malware Protection Center
Cyber Hunting Teams
Security Response Center
Digital Crimes Unit
Security Center
Office 365 Advanced Threat Protection
Conditional
Access
Cloud App
Security
Event Management
Information Protection
Key Vault
Windows
Update
Active
Protection Service
SmartScreen
PaaS
IaaS
Identity
Active Directory
Azure Active Directory
Apps and Data
SaaS
Infrastructure
Device
Advanced Threat
Analytics
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19. Reality of end user behavior
If an attacker sends s to 100 people in your company…
23 people will open the …
11 people will open the attachment…
6 will do this in the first hour!
Reference: Verizon 2015 Data Breach Investigations Report

20. Office 365 atp Safe Attachments Safe Links Sandbox detonation
Dynamic delivery
ZAP (Zero-hour Auto Purge)
Safe Links
Rewrite URLs from external recipients
Time of click protection
New features:
URL file detonation
Scans links within Office documents!

21. Live Demo – Office 365 ATP in Action!

22. Windows defender atp Is meant for post-breach analysis and remediation
Requires Windows 10 Enterprise E5 (or SPE E5)
Cloud service
Works with Windows Defender to block bad files based on hash
Windows Defender can run side-by-side with other AV software
Allows for quarantine/isolation of breached devices
Works better together with Office 365 ATP

23. Onboarding

24. Onboarding

25. Onboarding

26. Onboarding

27. Onboarding

28. Live Demo - WDATP

29. Bringing all the intelligence together
This is the next section

30. 3/10/ :01 AM
Threat Intelligence
Proactively detect advanced attacks before they reach your organization
Gain insights drawn from Microsoft’s broad global presence
Systematically protect your organization with dynamic policies
Respond to changing malware threats in real time
Get an integrated view of security through an intuitive interface
© Microsoft Corporation. All rights reserved.

31. Introducing: Microsoft threat intelligence
New portal – brings all the advanced intelligence together
Your environment (Office 365 ATP + WDATP)
Microsoft Intelligent Security Graph

32. Live Demo – Threat Intelligence Dashboard

33. What you can/should do Patch your systems!!! Low hanging fruit:
LAPS (free)
ATA (part of EM+S E3)
Office 365 ATP ($2/user/month retail)
Other solutions to consider:
Office 365 E5 (for threat intelligence)
WDATP (part of Win10 E5 or SPE E5)
Credential Guard (Win10 E3/E5)
EM+S E5

34. Resources Ten Immutable Laws Of Security (Version 2.0) WDATP Portal
WDATP Portal
WDATP – Free Trial Sign-up
WDATP – Ransomware Simulation Playbook
Free eBook: Defending the New Perimeter
Coretek Services Blog – Protect against the next Ransomware Worm

35. Bonus Resources Office 365 Trust/Compliance Resources:
Perform a risk assessment and assess the compliance of Microsoft cloud services
How to assess security, compliance and privacy capabilities in Office 365
365/
Microsoft Office 365 Mapping of Cloud Security Alliance Cloud Control Matrix 3.0.1
NIST Cybersecurity Framework: Tools and References from Microsoft – Protect Function
function-map/

36. Related MMS Sessions Tuesday (today) Wednesday Thursday
3pm – Conditional Access from A to Z
Wednesday
10am – Managing Windows 10 Security: The Changing of the Guard
Thursday
8am – Ensure a Smooth Transition to Office 365 ProPlus
10am – Citrix on Azure, Office 365 ProPlus on Citrix
3pm – Securing your Identity and Protecting Against Breaches, No Matter Which Cloud