Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Azure P wer Lunch

Published byDaisy Freeman Modified over 6 years ago

Similar presentations

Presentation on theme: "Microsoft Azure P wer Lunch"— Presentation transcript:

1 Microsoft Azure P wer Lunch
7/6/2018 Microsoft Azure P wer Lunch Today’s Topic: Azure Security Center Date: 11/02/2017 Presented By: Azure Solution Architects from US South Central © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Session Agenda Azure Services Updates Today’s Topic: Q & A
Build 2015 7/6/ :24 AM Session Agenda Azure Services Updates Today’s Topic: Azure Security Center Q & A © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Paresh Sharda – Azure Infra Technology Sales Professional
Build 2015 7/6/ :24 AM Paresh Sharda – Azure Infra Technology Sales Professional 12+ years of experience in working with Enterprise Systems 9+ years in Microsoft Ecosystem as Partner, Vendor, Customer and Employee Extensive experience with integration of Systems of Business and Systems of Interaction Passionate tinkerer who can break(actually tries to fix) any working thing © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Azure Service Updates Subscribe to Azure Updates Build 2015
7/6/ :24 AM Azure Service Updates Subscribe to Azure Updates © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Cloud Presents Unique Security Challenges
7/6/ :24 AM Cloud Presents Unique Security Challenges $ $ $ $ $ $ $ $ $ $ $ $ $ $ Cloud presents unique security challenges: CIOs and CISOs lack visibility and control: management is increasingly distributed and physical networks no longer define the perimeter Cloud environments are more dynamic: resources are being spun up (and down) frequently, it’s not just about VMs – there’s also PaaS to consider Enterprises bring on-premises security issues to the cloud: disconnected point solutions, noisy alerts, and advanced threats CIOs and CISOs lack visibility and control: management is increasingly distributed and physical networks no longer define the perimeter Cloud environments are more dynamic: resources are being spun up (and down) frequently, it’s not just about VMs – there’s also PaaS to consider Enterprises bring on-premises security issues to the cloud: disconnected point solutions, noisy alerts, and advanced threats © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 7/6/ :24 AM Azure Security Center Helps you Prevent, Detect, and Respond to Threats Gain visibility and control Get a central view of the security state of all your Azure resources. At a glance, you could verify that the appropriate security controls are in place. And, you could quickly identify any resources that require attention. Enable secure DevOps Say ‘Yes’ to agility by enabling DevOps with policy-driven recommendations that guide resource owners through the process of implementing required controls – taking the guesswork out of cloud security. Stay ahead of threats Stay ahead of current and emerging threats with an integrated and analytics-driven approach. Detect actual threats earlier and reduce false alarms. Gain visibility and control Enable security at cloud speed Integrate partner solutions Detect cyber attacks © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Gain visibility and control
7/6/ :24 AM Gain visibility and control Provides a unified view of security across all your Azure subscriptions, including vulnerabilities and threats detected Enables you to define security policies for hardening cloud configurations APIs, SIEM connector and Power BI dashboards make it easy to access, integrate, and analyze security information using existing tools and processes © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Align security policies to the needs of your company or workload
7/6/ :24 AM Align security policies to the needs of your company or workload © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 7/6/ :24 AM Monitor the security state of resources – quickly identify vulnerabilities © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Standard Log Connector
7/6/ :24 AM Azure Access security data in near real-time from your SIEM –security alerts, activity logs, VM security events REST APIs (Activity Logs, Security Center Alerts, AAD Logs) Azure Monitor Service (VM Diagnostics) Azure Monitor Eventhub (Service Diagnostics -NSG, Key Vault) Log Analytics/SIEM Azure Log Integration Standard Log Connector (ArcSight, Splunk, etc) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Enable security at cloud speed
7/6/ :24 AM Enable security at cloud speed Continuously assesses the security of your workloads even as they change Creates policy-driven recommendations and guides users through the process of remediating security vulnerabilities Enables rapidly deployment of build-in security controls as well as products and services from security partners (firewalls, endpoint protection, and more) © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 7/6/ :24 AM Prioritized recommendations take the guesswork out of security for resource owners © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 7/6/ :24 AM Prescriptive analytics help you manage advanced security controls like application whitelisting Preview © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 7/6/ :24 AM Limit exposure to brute force attacks with just-in-time RDP and SSH access to virtual machines Preview © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Integrate partner solutions
7/6/ :24 AM Integrate partner solutions Recommends and streamlines provisioning of partner solutions Integrates signals for centralized alerting and advanced detection Enables monitoring and basic management with easy access to advanced configuration using the partner solution Leverages Azure Marketplace for commerce and billing © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 7/6/ :24 AM Easily deploy security solutions from partners and automatically integrate logs © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Monitor and manage partner security solutions
7/6/ :24 AM Monitor and manage partner security solutions © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 7/6/ :24 AM Detect cyber attacks Analyzes security data from your Azure virtual machines, Azure services (like Azure SQL databases), the network, and connected partner solutions Leverages security intelligence and advanced analytics to detect threats more quickly and reduce false positives Creates prioritized security alerts and incidents that provide insight into the attack and recommendations on how to remediate © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 7/6/ :24 AM Prioritized security alerts provide details about the threat detected and suggests steps to remediate © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 7/6/ :24 AM Alerts that conform to kill chain patterns are fused into a single incident © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Use built-in threat intelligence reports to inform your response
7/6/ :24 AM Use built-in threat intelligence reports to inform your response Reports can include: Attacker’s identity or associations (if known) Attackers’ objectives Current and historical (if known) attack campaigns Attackers’ tactics, tools and procedures Associated indicators of attack and compromise such as URLs and file hashes Victimology - Industry and geographic prevalence to help customers determine if they are at risk Mitigation/remediation information Also note that different types of TAS reports focus on different aspects of attacks. Activity Group Reports are deep dives into attackers, their objectives and tactics; Campaign Reports focus on details of specific attack campaigns; and Threat Summary reports may cover all of the items in the above list. Reports give you insights that can inform your response – helping you stop an attack and recover more quickly. It also can helps you understand if this is a widespread attack or if your organization or industry is being targeted specifically. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Advanced detection capabilities
7/6/ :24 AM Advanced detection capabilities Threat intelligence Looks for known malicious actors Examples Network traffic to malicious IP address Malicious process executed Behavioral analytics Looks for known patterns and malicious behaviors Examples Process executed in a suspicious manner Anomaly detection Uses statistical profiling to build historical baselines Alert on deviations that conform to a potential attack vector Example Remote desktop connections to a specific VM typically occur 5 times a day, today there were 100 connection attempts Fusion Combine events and alerts from across the kill chain to map the attack timeline Examples SQL injections (WAF + Azure SQL Logs) Malicious process (Crash dump… and later… suspicious process execution) Breach detection (Brute force attempt… and later… suspicious VM activity) © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Detection throughout the kill chain
7/6/ :24 AM Detection throughout the kill chain Target and attack Inbound brute force RDP, SSH, SQL attacks and more Application and DDoS attacks (WAF partners) Intrusion detection (NG Firewall partners) Install and exploit Known malware signatures (AM/EPP partners) In-memory malware and exploit attempts Suspicious process execution Suspicious PowerShell activity Lateral movement Internal reconnaissance Post breach Communication to a known malicious IP (data exfiltration or command and control) Using compromised resources to mount additional attacks (outbound port scanning, brute force RDP/SSH attacks, DDoS, and spam) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 7/6/ :24 AM Target and attack RDP brute force attack detected using anomaly detection An attacker attempts to log into a VM using a brute force attack. Security Center uses machine learning to understand typical RDP access patterns for this VM and alerts when access attempts exceed the norm. Azure Security Center triggers an alert © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 7/6/ :24 AM Install and Exploit In-memory malware and exploit detected using crash analysis An attacker gains access to a VM and installs malware undetected. A malicious or non-robust program causes a crash. Windows Error Reporting generates a memory crash dump. Security Center collects an ephemeral copy of the crash dump and scans it for evidence of exploits and compromises. Some Real World Examples: Malicious PDF.EXE—Detected Phishing software when only 8% of A/V engines detected it Metasploit injecting Mimikatz into memory via PowerShell—Toolkit for lateral movement RemoteIE—Trojan injected into browser memory and collects/exports data Carberp.K—Trojan that steals banking creds, exports certificates, and contains key logger Azure Security Center triggers an alert © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 7/6/ :24 AM Post Breach Outbound SPAM detected using machine learning and threat intelligence An attacker gains access to a VM and begins to send spam s. Security Center machine learning detects a spike in SMTP traffic. Traffic is correlated with O365 SPAM database to determine if the traffic is likely legitimate or not. Azure Security Center triggers an alert © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 New detection algorithm
7/6/ :24 AM Ongoing Security Research and Innovation Security Research Teams of security researchers and data scientists: Monitor threat intelligence Share signals and analysis across Microsoft security products/services Work with on specialized fields, like forensics and web attack detections Culminates in new detection algorithms, which are validated and tuned Often results in new security insights or threat intelligence that informs security research Security insights New detection algorithm Validation and tuning © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Resources Azure Home Page Azure Blog Azure Updates
Build 2015 7/6/ :24 AM Resources Azure Home Page Azure Blog Azure Updates Azure Security Center Videos & Webinars Pricing & Licensing Blog © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Build 2015 7/6/ :24 AM © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Azure P wer Lunch"

Similar presentations

Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.

Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
Azure Stack Foundation

Azure Stack Foundation
IT Operations Management

IT Operations Management
Laura E. Hunter Principal Program Manager October 2016

Laura E. Hunter Principal Program Manager October 2016
The time to address enterprise mobility is now

The time to address enterprise mobility is now
Deployment Planning Services

Deployment Planning Services
Hybrid Management and Security

Hybrid Management and Security
Data Platform and Analytics Foundational Training

Data Platform and Analytics Foundational Training
Microsoft Azure Deployment Planning Services

Microsoft Azure Deployment Planning Services
Deployment Planning Services

Deployment Planning Services
Learn about Office 365 Secure Score - actionable security analytics

Learn about Office 365 Secure Score - actionable security analytics
Now, let’s implement/trial Windows Defender Advanced Threat Protection

Now, let’s implement/trial Windows Defender Advanced Threat Protection
Enterprise Security in Practice

Enterprise Security in Practice
“Introduction to Azure Security Center”

“Introduction to Azure Security Center”
Hybrid Management and Security

Hybrid Management and Security
Microsoft Operations Management Suite Insight and Analytics

Microsoft Operations Management Suite Insight and Analytics
Simplifying Hybrid Cloud Protection with Azure Security Center

Simplifying Hybrid Cloud Protection with Azure Security Center
Configure and Manage Your Hybrid Cloud Environment at Scale

Configure and Manage Your Hybrid Cloud Environment at Scale
Microsoft Azure: The only consistent Hybrid Cloud

Microsoft Azure: The only consistent Hybrid Cloud

Similar presentations

Ads by Google