Presentation is loading. Please wait.

Presentation is loading. Please wait.

6/3/2018 9:04 PM BRK2374 Stop data exfiltration and advanced threats in Microsoft Office 365 and Azure Jigar Shah, Megha Tamvada Palo Alto Networks © Microsoft.

Published byBlaze Williamson Modified over 6 years ago

Similar presentations

Presentation on theme: "6/3/2018 9:04 PM BRK2374 Stop data exfiltration and advanced threats in Microsoft Office 365 and Azure Jigar Shah, Megha Tamvada Palo Alto Networks © Microsoft."— Presentation transcript:

1 6/3/2018 9:04 PM BRK2374 Stop data exfiltration and advanced threats in Microsoft Office 365 and Azure Jigar Shah, Megha Tamvada Palo Alto Networks © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Expanded Data and Application Locations
Software as a Service(SaaS) Private Cloud (Hyper-V, NSX, KVM, OpenStack) Public Cloud (AWS, Azure)

3 Common Risks MALICIOUS OUTSIDER ACCIDENTAL DATA EXPOSURE MALICIOUS
INSIDER 59% 23% 14% SOURCE OF BREACH DATA – – breachlevelindex.com

4 Common Thread in Security Incidents
6/3/2018 9:04 PM Common Thread in Security Incidents INFECT USER/WORKLOAD INFECT THE DATA CENTER MOVE ACROSS THE NETWORK $ or EXPLOIT KIT CREDENTIAL THEFT, PHISHING ADVERSARY COMMANDS STEAL DATA BUILD BOTNETS HARVEST BITCOIN © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Preventing Successful Attacks
6/3/2018 9:04 PM Preventing Successful Attacks © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Many Required Capabilities
6/3/2018 9:04 PM Many Required Capabilities All applications All users All content Encrypted traffic SaaS Cloud Mobile Enable business apps Block “bad” apps Limit app functions Limit file types Block websites Exploits Malware Command & control Malicious websites Bad domains Stolen credentials Dynamic analysis Static analysis Attack techniques Anomaly detection Analytics © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Approach to Security for Clouds
6/3/2018 9:04 PM Approach to Security for Clouds Diversity of clouds Hyper-V AWS Azure NSX KVM ESXi Cloud scalability Consistent security across the organization Operational/ orchestration integration © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 What about NSG’s and ACLs…
6/3/2018 9:04 PM What about NSG’s and ACLs… Network Security Groups and ACLs are useful, to a point Reduce the attack surface Don’t inspect for malware, C2, bad IPs… Don’t control on a per-application basis Can be cumbersome to manage on a day-to-day basis Recommendations Set baseline policies using NSGs and ACLs, preferably in templates Control management traffic: lock it to your organizations’ IPs Segment inter-subnet, inter-application tier and inter-VNET traffic Set inbound NSG for required ports only: 80, 443… Once you set these, you don’t have to change them too often! VM-Series is complementary to the built-in controls like NSG’s and ACL’s © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Stop Data Exfiltration and Advanced Threats in Azure
6/3/2018 9:04 PM Stop Data Exfiltration and Advanced Threats in Azure Segmentation (subnet, VNET, resource group) Improved security and compliance Inspect all traffic Visibility and control Whitelist applications Control Restrict destinations (east-west, north-south) Block C2, prevent exfiltration and attacks Scale out Elastic, cloud-friendly architectures © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Security Challenges in Public Cloud
6/3/2018 9:04 PM Security Challenges in Public Cloud Deploying the best virtual firewalls is now easy Scaling them, with minimum headaches, is a bit harder How do you: Secure outbound and east-west traffic Centralize security stack across apps Secure inbound web apps © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Inbound: Securing Web Applications, at Scale
6/3/2018 9:04 PM Inbound: Securing Web Applications, at Scale Azure Application Gateway + WAF Web application delivery controller (ADC) Protects web applications against common exploits and vulnerabilities OWASP 3.0 and core rule sets VM-Series Next generation firewall Inbound, outbound, east-west security Complements the WAF Protects all traffic types Inspect reverse traffic for PII data Block malicious files using WildFire Block malicious IP’s updated via EDLs Resource Group VNET Availability Set Web Tier Application Gateway + WAF Internal Azure Load Balancer github.com/PaloAltoNetworks/azure-applicationgateway github.com/jigarshah04/azure-applicationgateway (WAF enabled) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Outbound & East-West Security, at Scale
VM-Series can: Control outbound and east-west traffic by application type and destination Protect against exfiltration, C2, malicious IPs, malware botnets, bitcoin mining… You must configure LB for all applications, each port/protocol: 53, 80, 123, 443… tcp, udp Availability Set Web Tier Internet UDR Azure Load Balancer Untrust Trust DB Tier

13 Centralized Security Stack
6/3/2018 9:04 PM Centralized Security Stack VNET Peering Internet Web Application VNET Private Data Center PANORAMA Security/Services VNET VNET Peering ExpressRoute IPSec VPN Generic Application VNET © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Outbound & East-West Security, at Scale
6/3/2018 9:04 PM Outbound & East-West Security, at Scale Control outbound traffic by application type and destination Protect against exfiltration, C2, malware bot networks, bitcoin mining… Floating IP mode + HA Ports load balancing Availability Set Web Tier Internet UDR Azure Load Balancer Untrust Trust DB Tier © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Demo Controlling outbound and east-west traffic in Azure
6/3/2018 9:04 PM Demo Controlling outbound and east-west traffic in Azure © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 What’s Special Here? User-Defined Routes (UDR) to Azure Load Balancer
6/3/2018 9:04 PM What’s Special Here? User-Defined Routes (UDR) to Azure Load Balancer Azure UDR controls packet routing, cannot bypass the firewall VM-Series firewalls can be scaled out behind Azure Load Balancer Floating IP mode option No destination NAT (DNAT) by internal Azure Load Balancer VM-Series firewall sees actual destination, applies policy, forwards packets Works like a charm for east-west, outbound, nothing fancy needed HA ports load balancing No need to configure individual ports and protocol for each application VM-Series firewall controls the applications, per policy, for all use cases © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Centralized Security Stack
6/3/2018 9:04 PM Centralized Security Stack Floating IP mode + HA Ports load balancing VNET Peering Internet Web Application VNET Private Data Center PANORAMA Security/Services VNET VNET Peering ExpressRoute IPSec VPN Generic Application VNET © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Daisy Chain Security with Operations
6/3/2018 9:04 PM Daisy Chain Security with Operations Found a critical threat in logs: Trigger an Azure Function Make an API call to VM-Series Enable: Action-Oriented Log Forwarding in VM-Series Azure API call: Quarantine the VM Close off the NSG © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Templates Outboun d Inbound: Web Apps Inbound: All apps
6/3/2018 9:04 PM Templates Outboun d Inbound: Web Apps Inbound: All apps github.com/fullscale180/PAN github.com/PaloAltoNetworks live.paloaltonetworks.com  Cloud templates © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Stop data exfiltration and advanced threats in Microsoft Office 365
6/3/2018 9:04 PM Stop data exfiltration and advanced threats in Microsoft Office 365 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 EXPANDED DATA AND APPLICATION LOCATIONS
Software as a Service(SaaS) Public Cloud (AWS, Azure) Private Cloud (NSX, OpenStack)

22 344 KB IMPORTANCE OF VISIBILITY slideshare-uploading PowerPoint
application function PowerPoint file type “Confidential and Proprietary” content 344 KB slideshare application prodmgmt group HTTP protocol file-sharing URL category mjacobsen user SSL protocol canada destination country source IP destination IP TCP/443 destination port

23 ENTERPRISE SECURITY REQUIRES SECURING APPS, USERS AND CONTENT
Next-generation firewall provides full context Application or app function User or role Nature of content Core functionality of PAN-OS from the beginning

24 DISCOVER CLOUD APPS AND ASSESS RISK
SaaS Usage Reporting Interactive SaaS Dashboard

25 Share all files publicly!
SAAS THREATS Malware Propagation Data Exfiltration Share all files publicly! Malicious User External Collaborator

26 SIMPLE HUMAN ERROR Promiscuous Sharing Unintentional Sharing mark
Share With: mark Marketing Mark (CFO) Anyone with the link

27 INLINE PROTECTION No context in the application

28 API BASED PROTECTION Preserves user experience More context
Lot more that content and user activity Monitor security controls 3rd party integrations

29 SECURELY ENABLE O365 WITH APERTURE
WILDFIRE COMPLETE VISIBILITY & CONTROL Prevent data exposure and enforce compliance PREVENT MALWARE Known and unknown malware AUTOMATED REMEDIATION Quarantine assets and notify users instantly RETROACTIVE POLICY Policy applies to past and future events

30 APERTURE DLP POLICIES PCI: Credit Card Number, Magnetic Stripe, IBAN
PII: US SSN, US TIN, Canada SIN, UK UTR/NINO, Australia TIN and Germany TFN Source Code Policy: File Type + Regular expressions Company Confidential Policy: Inspects documents marked as Confidential Regular Expression: Customer Defined uses Java Regex syntax Sensitive Credentials: RSA private keys, SSH Keys Sensitive Documents: Document Classification using Machine Learning

31 ACTIVITY BASED ALERTING/USER ANOMALIES

32 SaaS 3rd Party App Platform
Most SaaS vendors have a third party app platform

33 APERTURE PROTECTION FOR OFFICE 365
SharePoint and OneDrive Exchange Online Yammer

34 THREAT INTELLIGENCE CLOUD
APERTURE FOR EXCHANGE APERTURE Security Threat Prevention and DLP 0-Day Malware detection tied to WildFire Detection of sensitive content and exposure Activity monitoring and anomalies Controls Monitoring Detection of auto-forwarding to untrusted domains Detection of Public Folders Detection of Retention Policy Violations THREAT INTELLIGENCE CLOUD

35 APERTURE FOR SHAREPOINT & ONEDRIVE
Protect against Data exfiltration Detection of sensitive content Activity monitoring and anomalies Monitor SharePoint Sites Users OneDrive Folders Remediate accidental exposure Stop Malware Propagation Detect Malware Quarantine APERTURE THREAT INTELLIGENCE CLOUD

36 THREAT INTELLIGENCE CLOUD
APERTURE FOR YAMMER APERTURE Protect against Data exfiltration Detection of sensitive content Yammer Networks Remediate accidental exposure Stop Malware Propagation Detect Malware THREAT INTELLIGENCE CLOUD

37 THREAT INTELLIGENCE CLOUD
APERTURE FOR IAAS APERTURE Protect against Data exfiltration Detection of sensitive content Yammer Networks Remediate accidental exposure Stop Malware Propagation Detect Malware THREAT INTELLIGENCE CLOUD IAAS

38 CONTINOUS EXPANSION SAAS APP COVERAGE IN PAN-OS AND APERTURE
SANCTIONED APPS UNSANCTIONED APPS 2300+ Apps (SaaS and Non-SaaS Apps) with App-ID Application risk 6 new App-ID every week Custom App-ID URL Filtering (adding 70K URLs/day)

39 Demo

40 A Prevention Platform for Microsoft Environments
In the Cloud Securely enable Office 365 and Azure migrations Protect cloud environments from threats Prevent data loss in Office 365 On the Network Next-generation firewall; appliance or virtualized Securely enable Microsoft applications Prevent known and unknown threats On the Endpoint Enforce policy consistency for all users and devices Prevent known and unknown threats

41 Please evaluate this session
Tech Ready 15 6/3/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42

Download ppt "6/3/2018 9:04 PM BRK2374 Stop data exfiltration and advanced threats in Microsoft Office 365 and Azure Jigar Shah, Megha Tamvada Palo Alto Networks © Microsoft."

Similar presentations

BEN ROBINSON, ACCOUNT EXECUTIVE, PALO ALTO NETWORKS SAFELY ENABLE YOUR SAAS APPLICATIONS.

BEN ROBINSON, ACCOUNT EXECUTIVE, PALO ALTO NETWORKS SAFELY ENABLE YOUR SAAS APPLICATIONS.
Success through People with LinkedIn and O365

Success through People with LinkedIn and O365
Deployment Planning Services

Deployment Planning Services
9/12/2018 6:21 PM BRK2203 Protect and control your sensitive emails with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.

9/12/2018 6:21 PM BRK2203 Protect and control your sensitive s with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.
Virtual desktops in the cloud: Experiences from the field

Virtual desktops in the cloud: Experiences from the field
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Enterprise Security in Practice

Enterprise Security in Practice
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
Nested Virtualization: A game changer in Hyper-V and Azure

Nested Virtualization: A game changer in Hyper-V and Azure
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.

5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
Azure File Sync Setup, configuration and management

Azure File Sync Setup, configuration and management
How To Deliver Apps Faster And Secure Them The Microsoft Way

How To Deliver Apps Faster And Secure Them The Microsoft Way
Cloud Security IS Application-Centric Security

Cloud Security IS Application-Centric Security
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
6/17/2018 10:27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.

6/17/ :27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.
Migrating your IaaS infrastructure from ASM to ARM without downtime

Migrating your IaaS infrastructure from ASM to ARM without downtime
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Modernizing your Remote Access

Modernizing your Remote Access

Similar presentations

Ads by Google