Presentation is loading. Please wait.

Presentation is loading. Please wait.

Simplifying Hybrid Cloud Protection with Azure Security Center

Published byClement Merritt Modified over 6 years ago

Similar presentations

Presentation on theme: "Simplifying Hybrid Cloud Protection with Azure Security Center"— Presentation transcript:

1 Simplifying Hybrid Cloud Protection with Azure Security Center
6/2/2018 6:15 PM BRK3201 Simplifying Hybrid Cloud Protection with Azure Security Center Sarah Fender—Principal Program Manager © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Cloud adoption is growing
6/2/2018 6:15 PM Cloud adoption is growing Cloud 90% of Fortune 500 use Microsoft Cloud Identity Compute Storage Networking 1: Rightscale: 2017 State of Cloud Survey © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 While cloud is growing, hybrid is the most common approach
6/2/2018 6:15 PM While cloud is growing, hybrid is the most common approach On-premises and Cloud >67% Enterprises adopting hybrid cloud in Identity Compute Storage Networking 1: Rightscale: 2017 State of Cloud Survey © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Hybrid cloud security challenges
6/2/2018 6:15 PM Hybrid cloud security challenges DISTRIBUTED INFRASTRUCTURE Management complexity Rapidly evolving threats © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Security analytics are key
6/2/2018 6:15 PM Security analytics are key COLLECTIVE WISDOM Cloud effect Data, data, data © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Microsoft Azure Security Center
6/2/2018 6:15 PM Microsoft Azure Security Center Unify security management and enable advanced threat protection for hybrid cloud workloads Unified visibility and control Adaptive threat prevention Intelligent detection and response © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 OMS Security & Compliance customers can now use Azure Security Center
Support Azure, on-premises, and other clouds Security data collection, search, and analysis Notable events Advanced threat detection Comprehensive security dashboards Interactive threat intelligence map AZURE SECURITY CENTER BUILT ON CLOUD LOG ANALYTICS PLATFORM Same Infrastructure Azure Security Center now leverages the Log Analytics (OMS) agent and workspaces – providing a scalable log collection and analytics platform Zero Effort Automatically discovers existing workspaces with OMS Security & Compliance and any connected computers - no work is required to start using Azure Security Center

8 Unified visibility and control
6/2/2018 6:15 PM Unified visibility and control Dynamically discover and manage the security of your hybrid cloud workloads in a single cloud-based console © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Manage security across all your hybrid cloud workloads in one console
6/2/2018 6:15 PM NOW HYBRID Manage security across all your hybrid cloud workloads in one console © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Ensure compliance with company or regulatory security requirements
6/2/2018 6:15 PM Ensure compliance with company or regulatory security requirements INTRODUCING CENTRAL POLICY MANAGEMENT Define a security policy for each subscription in Security Center Apply across multiple subscriptions using Azure Management Groups discovery and onboarding Automatically discover new Azure resources, apply policy, and provision the monitoring agent © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Collect, search, and analyze security data from a variety of sources
INTRODUCING Collect, search, and analyze security data from a variety of sources INTEGRATED PARTNERS Connected security solutions running in Azure, eg firewalls and antimalware solutions MICROSOFT SECURITY Azure Active Directory Information Protection Advanced Threat Analytics MANY OTHERS Any security solution that support Common Event Format (CEF)

12 Search and analyze security data using a flexible query language
6/2/2018 6:15 PM INTRODUCING Search and analyze security data using a flexible query language © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 6/2/2018 6:15 PM INTRODUCING Use built-in notable events to monitor specific event types or create your own watchlist © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 6/2/2018 6:15 PM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Adaptive threat prevention
Enable actionable, adaptive protections that identify and mitigate risk to reduce exposure to attacks

16 Identify vulnerabilities with continuous security assessment
6/2/2018 6:15 PM Identify vulnerabilities with continuous security assessment VMs and computers System update status Antimalware protection OS and web server config Disk Encryption Azure services Network Security Groups Firewalls Storage and SQL Encryption SQ Auditing and Threat Detection Web Apps © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 6/2/2018 6:15 PM Remediate security vulnerabilities with prioritized, actionable security recommendations © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Built in cyber defenses help block malicious access and applications
6/2/2018 6:15 PM Built in cyber defenses help block malicious access and applications Just-in-time access Prescriptive application whitelisting © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Brute force attacks commonly target VMs
RDP SSH 100,000 attacks/month On average Azure VMs are the subject to 100,000 brute force attacks targeting management ports, most commonly RDP and SSH ports Easy access Access to VMs requires only local admin credentials, which are easier targets for brute attacks than more carefully managed domain accounts Always open While access to management ports is only required sporadically, these ports are often left open for convenience or by accident

20 6/2/2018 6:15 PM INTRODUCING Limit exposure to brute force attacks with just-in-time access to virtual machines Preview © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Malware is rampant and rapidly evolving
BUILT ON CLOUD LOG ANALYTICS PLATFORM Always evolving Malware is constantly changing - you can no longer rely on antimalware software to detect and remove malicious code from running on your machines Hard to block Application controls can be very effective at blocking malware and unwanted applications, but management of whitelists can be labor-intensive and error prone

22 6/2/2018 6:15 PM INTRODUCING Prescriptive application whitelisting learns application patterns and recommends whitelists Preview © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 6/2/2018 6:15 PM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Intelligent Detection and Response
Use advanced analytics and Microsoft Intelligent Security Graph to rapidly detect and respond to evolving cyber threats

25 Detect threats across the kill chain
INTRODUCING Target and attack Inbound brute force RDP, SSH, SQL attacks and more Application and DDoS attacks (WAF partners) Intrusion detection (NG Firewall partners) Install and exploit In-memory malware and exploit attempts Suspicious process execution Lateral movement Internal reconnaissance Post breach Communication to a known malicious IP (data exfiltration or command and control) Using compromised resources to mount additional attacks (outbound port scanning, brute force RDP/SSH attacks, DDoS, and spam) Windows Defender ATP

26 6/2/2018 6:15 PM Prioritized security alerts provide details about the threat detected and suggests steps to remediate © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 6/2/2018 6:15 PM Alerts that conform to kill chain patterns are fused into a single incident © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 6/2/2018 6:15 PM Gain valuable insights about your attackers with threat intelligence from Microsoft INTRODUCING Interactive map Visualize traffic to/from malicious IPs Analyzes data from your computers and firewalls logs Threat reports Attacker’s known objectives, tactics, and techniques © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 6/2/2018 6:15 PM Explore notable links between alerts, computers, and users to triage alerts, determine the scope, and find the root cause INTRODUCING © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 6/2/2018 6:15 PM INTRODUCING Use predefined or ad hoc queries for deeper examination of security and operational events © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Automate security workflows with Logic Apps integration
6/2/2018 6:15 PM Automate security workflows with Logic Apps integration INTRODUCING CREATE WORKLOWS Design workflows using the Security Center connector and templates Include conditional actions based on alert details RUN & MANAGE Create and edit workflows from Azure Security Center Trigger a workflow from any alert View status and run history COMMON WORKFLOWS Route alerts to a ticketing system Gather additional information Apply additional security controls Ask a user to validate an action Block a suspicious user account Restrict traffic from an IP address © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 6/2/2018 6:15 PM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 6/2/2018 6:15 PM Take actions today Use Security Center to manage security for Azure resources Enable standard tier for advanced threat protection Onboard on-premises and other cloud workloads To learn more, visit azure.microsoft.com/en-us/services/security-center/ © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 Related sessions Wednesday
6/2/2018 6:15 PM Related sessions Wednesday BRK3139: Respond quickly to threats with next-generation security operation, and investigation (10:45 AM), BRK3212: Cloud attacks illustrated: How unique insights from Microsoft help you defend against attacks (4:00 PM) Thursday BRK2396: Protect Azure IaaS deployments using Microsoft Azure Security Center (9:00 AM) Friday BRK3210: Defense against the dark (cloud) arts: Azure security deep dive (Andy Malone, 12:30 PM) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 Please evaluate this session
Tech Ready 15 6/2/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 6/2/2018 6:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Simplifying Hybrid Cloud Protection with Azure Security Center"

Similar presentations

Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.

Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.
Laura E. Hunter Principal Program Manager October 2016

Laura E. Hunter Principal Program Manager October 2016
Deployment Planning Services

Deployment Planning Services
Hybrid Management and Security

Hybrid Management and Security
Successfully migrate existing databases to Azure SQL Database

Successfully migrate existing databases to Azure SQL Database
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Deploy and get started with Microsoft Advanced Threat Analytics

Deploy and get started with Microsoft Advanced Threat Analytics
Enterprise Security in Practice

Enterprise Security in Practice
“Introduction to Azure Security Center”

“Introduction to Azure Security Center”
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.

5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!

How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!
How To Deliver Apps Faster And Secure Them The Microsoft Way

How To Deliver Apps Faster And Secure Them The Microsoft Way
Hybrid Management and Security

Hybrid Management and Security
Microsoft Operations Management Suite Insight and Analytics

Microsoft Operations Management Suite Insight and Analytics
Microsoft Ignite 2016 6/2/2018 6:37 AM BRK2293

Microsoft Ignite /2/2018 6:37 AM BRK2293
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
Configure and Manage Your Hybrid Cloud Environment at Scale

Configure and Manage Your Hybrid Cloud Environment at Scale
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
SaaS Application Deep Dive

SaaS Application Deep Dive

Similar presentations

Ads by Google