Presentation is loading. Please wait.

Presentation is loading. Please wait.

Contain and Isolate Ransomware with Citrix and Microsoft

Published byAlaina Martin Modified over 6 years ago

Similar presentations

Presentation on theme: "Contain and Isolate Ransomware with Citrix and Microsoft"— Presentation transcript:

1 Contain and Isolate Ransomware with Citrix and Microsoft
6/12/2018 9:26 PM THR3086 Contain and Isolate Ransomware with Citrix and Microsoft Florin Lazurca Citrix Technical Security Strategist © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 The world is under attack.
74% 80% see need for new security framework worry about data breaches Cyber Security The world is under attack. 49% $1 trillion feel they can reduce risk of DDoS or ransomware attacks spent on cyber security by 2021

3 Credit: Symantec

4

5 6/12/2018 9:26 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 WannaCry: 230k Hosts infected
NotPetya: 15k servers, 50k endpoints at one organization

7 To Pay or Not to Pay? Tactically – may be the only viable option
Paying or not paying the ransom incurs a cost Rewards criminal activity Strengthens the incentive for such attacks throughout the industry No guarantee of recovery - “boneidleware” and “leakerware” Paying should not be Plan A

8 3-2-1 Rule Have at least three copies of your data
6/12/2018 9:26 PM 3-2-1 Rule Have at least three copies of your data Store the copies on two different media Keep one backup copy offsite © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 How Microsoft Helps

10 Hyper-V 2016 Security Capabilities
Secure Boot vTPM BitLocker Virtualization Based Security Credential Guard Device Guard - Code Integrity

11 Virtual Secure Mode Features
Credential Guard Protects against “Pass-the-HASH like” attacks Leverages nested Hyper-V and vTPM (VSM) Device Guard Provides a “White List” of valid code for execution

12 Hyper-V enhancements – Shielded VMs
Security value based upon separation of admin responsibility – hypervisor vs. workloads

13 How Citrix Helps

14 Citrix Secure Digital Workspace
Software-Defined Perimeter Unified Experience “BYO” Identity Single Sign-on Contextual Access Unified Endpoint Mgmt. App Ops Users Secure IT Contextual Performance Legacy/ Custom Apps Content Control Security & Performance Analytics

15 Strategic Approach Publish virtualized, sandboxed, and hardened browsers Shield web app users and keep sensitive data off the endpoint Publish clients to prevent -borne ransomware Protect mobile devices using: containerization, encryption, blacklists and whitelists, and device compliance checks Protect data with an enterprise grade file sync and sharing service, enabling quick recovery

16 It's time to isolate your users from the internet cesspool with remote browsing Gartner published: 30 September 2016 ID: G Analyst(s): Neil MacDonald

17 Internet Separation Threat Mitigation
Resource Location On-premises Internet SaaS Confidential Browser Intranet Internet NetScaler Secure Web Gateway Web filtering SmartAccess & Federation NetScaler Gateway XenApp Web App Firewall Hypervisor Intranet

18 Virtualized, sandboxed, hardened email client
Resource Location On-premises Internet SaaS Secure Outlook NetScaler Secure Web Gateway Web filtering SmartAccess & Federation NetScaler Gateway XenApp Web App Firewall Hypervisor Intranet

19 Containerize mobile data and apps
NetScaler Data XenMobile ShareFile

20 Security-driven design
Network XenApp Farms Apps Data XenApp Sensitive Data Desktops Application 1 XenApp Sensitive Data NetScaler Application 2 Thin Clients XenApp Common Data Branch/Call Center Kiosks Various Applications Common Data Common Data Service Management Monitoring Analytics Automation Provisioning Devices

21 Protect data with an enterprise grade file sync and sharing service

22 Encrypted file by ransomware
How ShareFile can help Ransomware Use Cases How ShareFile helps Encrypted file by ransomware Ransomware Detection ShareFile versioning helps store history even if the file is renamed ShareFile supports recovery from ransomware after the endpoint device is remediated (Powershell script) Configure sync on file format (registry) ShareFile Desktop App (no file sync) ICAP integration popular Malware and Antivirus solutions for on premises storage API integration with cloud security platforms that offers Multiple AV engines Malware sandboxing solutions Predictive and AI detection Macro and embedded malicious code detection

23 Hardening Best Practices
Educate end users Don’t run applications or desktops in administrator mode Disable macros and active content Move from blacklisting to whitelisting Sandbox the client and browser Harden the OS and critical applications

24 Please evaluate this session
Tech Ready 15 6/12/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25

Download ppt "Contain and Isolate Ransomware with Citrix and Microsoft"

Similar presentations

Successfully migrate existing databases to Azure SQL Database

Successfully migrate existing databases to Azure SQL Database
Measuring end user experience in virtual desktops

Measuring end user experience in virtual desktops
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Enterprise Security in Practice

Enterprise Security in Practice
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.

5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!

How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!
Azure on Steroids: Full Automation with PowerShell

Azure on Steroids: Full Automation with PowerShell
Cloud Security IS Application-Centric Security

Cloud Security IS Application-Centric Security
Use any Amazon S3 application with Azure Blob Storage

Use any Amazon S3 application with Azure Blob Storage
6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee Welly.Lee@microsoft.com.

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Developing Hybrid Apps on Microsoft Azure Stack

Developing Hybrid Apps on Microsoft Azure Stack
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
What a Real, Functioning DevOps Team Looks Like

What a Real, Functioning DevOps Team Looks Like
Virtual Machine Diagnostics in Microsoft Azure

Virtual Machine Diagnostics in Microsoft Azure
Protect sensitive information with Office 365 DLP

Protect sensitive information with Office 365 DLP

Similar presentations

Ads by Google