Presentation is loading. Please wait.

Presentation is loading. Please wait.

Get control over your datacenter with security monitoring using OMS

Published byJason Wheeler Modified over 6 years ago

Similar presentations

Presentation on theme: "Get control over your datacenter with security monitoring using OMS"— Presentation transcript:

1 Get control over your datacenter with security monitoring using OMS
Microsoft Ignite 2016 5/15/ :58 PM BRK2001 Get control over your datacenter with security monitoring using OMS Meir Mendelovich Principal Program Manager @MMendelovich © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Security challenges for IT Operations
5/15/ :58 PM Security challenges for IT Operations Number of threats is rising Environments are more complex Security talent is scarce © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Microsoft Security Assets
DATA CLOUD & DATACENTER APPLICATIONS ENDPOINTS IDENTITY DATA CLOUD & DATACENTER APPLICATIONS (SaaS) ENDPOINTS (Devices) IDENTITY Rights Management Services Information Protection OMS Security Azure Security Center Cloud App Security Advanced Threat Protection Device Guard Credential Guard Intune Windows Hello Windows Defender & ATP Azure AD Identity Protection Advanced Threat Analytics

4 OMS Security OMS security is a solution that enables you to:
5/15/ :58 PM OMS Security OMS security is a solution that enables you to: Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats Optimized for hybrid datacenters Azure Private AWS On premises © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Use of operations data for Security
5/15/ :58 PM Use of operations data for Security Use of operational data for security Security , not logs Logs, not security © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 OMS Security Analyze and visualize your security posture
5/15/ :58 PM OMS Security Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 OMS Security Analyze and visualize your security posture
5/15/ :58 PM OMS Security Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Out of the box security data collection
Collect data from any machine on any environment Just install the OMS agent and you are ready to go SCOM deployment can direct their logs to OMS Support both Windows, Linux and security solutions Collect Windows security event log, App Locker logs and more. Collect Syslog AuthPriv. AuditD coming soon. Private AWS

9 Connect almost any security solution
OMS Security can collect CEF CEF, Common Event Format supported by most security solutions Collected over Syslog to OMS Linux agent OMS Security can collect Cisco ASA Cisco ASA firewall logs are collected over Syslog and parsed Indexed and normalized Easy to search, visualize and alert Enriching the data Records are cross correlated with Threat Intelligence feed Malicious traffic is tagged with threat details and geo location OMS Logs OMS Linux agent CEF over Syslog Security Solution On-prem / private cloud Any public cloud

10 Cloud power: Endless scale, no maintenance
Scale from a single machine to Terabytes per day Just add more machines and data sources, no need to change anything. Some of our customers are already ingesting Terabytes of data per day for covering tens of thousands of machines Global reach Service provided in four geographies: US, Europe, Asia, Australia. More in the future. Backup and high availability are built in No need to do anything No need to upgrade or update – ever The service is maintained and upgraded for you Agents are auto-updated Private AWS

11 Cloud power: Easy to deploy
Moving from zero to security hero in less than an hour Come and see live demo tomorrow - BRK3328 Wednesday, September 28 10:45am - 12:00pm, Room C112

12 Unlock security data with OMS Log Analytics (1)
Search Fast, integrated search makes it easy to query security data Free text, structured, aggregations, calculations Alerts Send Send WebHook (JSON over HTTP) Open ticket on incident management systems (Service Now, Cherwell, Provance) Run Automation runbooks Export data Export to Excel (CSV file) Visualize and share data using PowerBI Private AWS

13 Unlock security data with OMS Log Analytics (2)
API Read data from OMS and integrate with other systems Write custom ingestion to collect other types of data Custom logs collection Collect any Syslog, Windows event log or file Extract fields from structured or unstructured data Custom dashboards Create your own dashboards based on standard and custom data Share these dashboards Private AWS

14 Demo OMS Security Analyze and visualize your security posture
5/15/ :58 PM OMS Security Demo Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 OMS Security Analyze and visualize your security posture
5/15/ :58 PM OMS Security Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Out-of-the-box security posture assessments
Update View the update and patching status on all your servers Antimalware Discover antimalware software deployed and your current protection state Security Configuration Baseline Assess best practice security configuration rules on all of your computers Identity Snapshot of the identities that access your servers

17 Demo OMS Security Analyze and visualize your security posture
5/15/ :58 PM OMS Security Demo Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Additional OMS Assessments
Active Directory SQL Server DNS Server, DHCP and IP Address (DDI) More to come…

19 Integrated Threat Intelligence
OMS Security comes with Threat Intelligence feed Based on the leading vendors in this market and Microsoft own intelligence No need to purchase anything Log records are cross-correlated and enriched Relevant log records are matched to find traffic involving malicious IP addresses No need for complex integrations Search and visualize threats on maps Records are geo-tagged Full threat report with on the adversary

20 Demo OMS Security Analyze and visualize your security posture
5/15/ :58 PM OMS Security Demo Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 OMS Security Analyze and visualize your security posture
5/15/ :58 PM OMS Security Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Notable Issues Prioritized list of notable security issues requiring your attention – across all security domains Add your own notable issues Turn notable issues into alerts

23 Advanced Detection Analytics
Built-in advanced detection analytics Hundreds of detection rules and patterns based on common security events Behavioral and machine learning tools calibrated for low false-positive Always current, constantly updated Our security research team is constantly analyzing new threats and update the analytics Integrated with Microsoft ATA Microsoft Advanced Threat Analytics (ATA) detections are normalized and presented side-by-side

24 Demo OMS Security Analyze and visualize your security posture
5/15/ :58 PM OMS Security Demo Private AWS Collect, correlate, and act on any security data Analyze and visualize your security posture Gain insights into notable issues and threats © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Vision for Hybrid, Multi-Cloud Workload Protection
5/15/ :58 PM Vision for Hybrid, Multi-Cloud Workload Protection & Azure Security Center OMS Security Security built in to OMS Collection of security data from virtually any source (Azure or AWS, Windows Server or Linux, VMware or OpenStack) Insight into security status (antimalware, system updates) Correlations to detect malicious activities and search for rapid investigation Threat detection using advanced analytics Integrates operational and security management Security built-in to Azure Asset discovery and ongoing security assessment (antimalware, system updates, encryption, virtual network configurations) Actionable security recommendations Security policy for IT governance Integrated management and monitoring of partner security solutions Microsoft Operations Management Suite © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Call to action: Try OMS Security with your servers/desktops Go to and sign-in It takes minutes to get up and running It is free for small deployments Product updates:

27 Operations Management Suite Sessions at #MSIgnite
Microsoft 2016 5/15/ :58 PM Operations Management Suite Sessions at #MSIgnite Day Time Code Room Title Focus Topics Monday 2:15-3:30 BRK1017 C Take your management and security strategy to the cloud with Operations Management Suite (OMS) Top-line breakout Tuesday 9:00-9:45 BRK2198 B206 Protect your data with a modern backup, archive and disaster recovery solution Protection & Recovery 10:45-12:00 BRK3063 C302 Back up born-in-the-cloud and hybrid applications with Operations Management Suite and Azure Backup 12:30-1:45 BRK2001 B Get control over your datacenter with security monitoring using Operations Management Suite Security & Compliance 11:30-12:15 BRK1018 C114 Discover how Manulife and Rackspace manage their hybrid environments today Overview 4:00-5:15 BRK3163 B Manage and troubleshoot infrastructure and application issues using Operations Management Suite Insights & Analytics Wednesday 9:00-10:15 BRK2178 Thomas Murphy Ballroom 1 Dive deep into Operations Management Suite for applications and infrastructure BRK3328 C112 Assess security posture of your datacenter in under one hour using Operations Management Suite BRK2181 Protect every app: transform disaster recovery with Operations Management Suite BRK2180 B213-B214 Monitor Linux in any cloud with Operations Management Suite 4:40-5:15 BRK1000 Discover how Accenture and Time Warner manage hybrid environments today Thursday BRK3042 Migrate and disaster recover Azure workloads using Operations Management Suite 11:30am - 12:15pm BRK2293 Mitigate datacenter security threats with guided investigation using Operations Management Suite BRK2179 C113 Manage your Azure Resources at scale with Operations Management Suite BRK3164 Sidney Marcus Auditorium Automate tasks and gain efficiency for your hybrid environment Automation & Control Friday BRK2095 Uncover system and service issues of any app with Operations Management Suite 10:45-12:00PM BRK2091 A Manage updates across on-premises and clouds for Windows Server & Linux BRK2092 Thomas Murphy Ballroom 2&3 Explore configuration and change management in Operations Management Suite © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 System Center sessions at #MSIgnite
Microsoft 2016 5/15/ :58 PM System Center sessions at #MSIgnite Day Time Code Room Title Focus Topics Monday 2:15-3:30 BRK2204 B Meet Windows Server 2016 and System Center 2016! Top-line breakout Tuesday 9:00-10:15 BRK2159 Georgia Ballroom Take advantage of new capabilities in System Center 2016 4:00-5:15 BRK3166 Thomas Murphy Ballroom 2&3 Manage your software-defined datacenter using System Center 2016 Virtual Machine Manager System Center Thursday BRK3165 Monitor your changing datacenter using Microsoft System Center 2016 Operations Manager Wednesday 12:30pm - 1:45pm BRK 2121 B Monitor and diagnose web apps & services with Application Insights & SCOM Management theater sessions at #MSIgnite Day Time Code Room Title Focus Topics Monday 1:00-1:20 THR3028 Build solutions with Operations Management Suite extensions and integration OMS Tuesday 10:20-10:40 THR3023 Microsoft Theater 1 Witness cloud attacks illustrated: insights from Operations Management Suite and Security Security & Compliance Wednesday THR3029 Learn lessons and notes from the field - Operations Management Suite Site Recovery and Backup Protection & Recovery 2:10-2:30 THR3024 Evolve your automation strategy with Operations Management Suite Automation & Control Thursday 12:05-12:25 THR3022 Evolve your MP experience in System Center Operations Manager 2016 System Center © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Free IT Pro resources To advance your career in cloud technology
Microsoft Ignite 2016 5/15/ :58 PM Free IT Pro resources To advance your career in cloud technology Plan your career path Microsoft IT Pro Career Center Cloud role mapping Expert advice on skills needed Self-paced curriculum by cloud role $300 Azure credits and extended trials Pluralsight 3 month subscription (10 courses) Phone support incident Weekly short videos and insights from Microsoft’s leaders and engineers Connect with community of peers and Microsoft experts Get started with Azure Microsoft IT Pro Cloud Essentials Demos and how-to videos Microsoft Mechanics Connect with peers and experts Microsoft Tech Community © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Please evaluate this session
5/15/ :58 PM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 5/15/ :58 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Get control over your datacenter with security monitoring using OMS"

Similar presentations

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Learn how the cloud is accelerating network transformation

Learn how the cloud is accelerating network transformation
IT Operations Management

IT Operations Management
2/20/2018 7:04 PM BRK1038 Meet Azure Information Protection customers and learn about their success stories Jeffrey Kalfut Strategy & Architecture Manager,

2/20/2018 7:04 PM BRK1038 Meet Azure Information Protection customers and learn about their success stories Jeffrey Kalfut Strategy & Architecture Manager,
BRK1017 Taking your hybrid management and security strategy to the cloud with Operations Management Suite Jeremy Winter and Srini Chandrasekar.

BRK1017 Taking your hybrid management and security strategy to the cloud with Operations Management Suite Jeremy Winter and Srini Chandrasekar.
Hybrid Management and Security

Hybrid Management and Security
Microsoft Ignite 2016 4/30/2018 9:28 PM BRK3174

Microsoft Ignite /30/2018 9:28 PM BRK3174
Microsoft 2016 4/21/2018 3:52 AM BRK3042 Migrate and Disaster Recover Azure workloads using Operations Management Suite Rochak Mittal Principal PM, Site.

Microsoft /21/2018 3:52 AM BRK3042 Migrate and Disaster Recover Azure workloads using Operations Management Suite Rochak Mittal Principal PM, Site.
Deliver business insights with Microsoft Dynamics AX and Power BI

Deliver business insights with Microsoft Dynamics AX and Power BI
Examine information management in Cortana Intelligence

Examine information management in Cortana Intelligence
Develop, debug and deploy containerized applications with Docker

Develop, debug and deploy containerized applications with Docker
Hybrid Management and Security

Hybrid Management and Security
Microsoft Operations Management Suite Insight and Analytics

Microsoft Operations Management Suite Insight and Analytics
Microsoft Ignite 2016 6/2/2018 6:37 AM BRK2293

Microsoft Ignite /2/2018 6:37 AM BRK2293
Microsoft 2016 6/2/2018 3:42 PM BRK3129 Query Big Data using the Expanded T-SQL footprint with PolyBase in SQL Server 2016 Casey Karst Program Manager.

Microsoft /2/2018 3:42 PM BRK3129 Query Big Data using the Expanded T-SQL footprint with PolyBase in SQL Server 2016 Casey Karst Program Manager.
BRK3288-Discover data-driven apps that learn and adapt

BRK3288-Discover data-driven apps that learn and adapt
Microsoft 2016 6/4/2018 11:15 PM THR2219 How Microsoft IT enables modern mobility with Windows 10 security and productivity features Rekha Nair IT Program.

Microsoft /4/ :15 PM THR2219 How Microsoft IT enables modern mobility with Windows 10 security and productivity features Rekha Nair IT Program.
Configure and Manage Your Hybrid Cloud Environment at Scale

Configure and Manage Your Hybrid Cloud Environment at Scale
Conduct a successful pilot deployment of Microsoft Intune

Conduct a successful pilot deployment of Microsoft Intune
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,

Similar presentations

Ads by Google