Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Reference Architecture

Published byImogene Bailey Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity Reference Architecture"— Presentation transcript:

1 Cybersecurity Reference Architecture
Software as a Service Office 365 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) Security Operations Center (SOC) ASM Vulnerability Management Incident Response Security Development Lifecycle (SDL) Investigation and Recovery Internet of Things Lockbox Logs & Analytics Active Threat Detection Unmanaged & Mobile Clients Identity & Access Information Protection Managed Security Provider UEBA ATA Hunting Teams Enterprise Threat Detection Azure Active Directory Analytics Cloud App Security OMS SIEM PADS Conditional Access Intune MDM/MAM Azure AD Identity Protection Office 365 DLP Extranet SIEM Integration On Premises Datacenter(s) Express Route Microsoft Azure Edge DLP Security Appliances Azure Information Protection (AIP) Classify Label Protect Report NGFW Colocation Azure AD PIM SSL Proxy Office 365 ATP Gateway Anti-malware Multi-Factor Authentication IPS Azure Security Center Threat Protection Threat Detection Windows Server 2016 Security Shielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V Containers, Nano server, … VPN Hello for Business Classification Labels Azure Key Vault Enterprise Servers Hold Your Own Key (HYOK) Azure App Gateway MIM PAM Shielded VMs Sensitive Workloads Azure Antimalware ATA VMs VMs Active Directory Network Security Groups Domain Controllers ESAE Admin Forest VPN Structured Data & 3rd party Apps Privileged Access Workstations (PAWs) Endpoint DLP SQL Encryption & Firewall $ Managed Clients Certification Authority (PKI) Windows Info Protection Legacy Windows Windows 10 Windows 10 Security Secure Boot Device Guard Application Guard Credential Guard Windows Hello Device Health Attestation Remote Credential Guard Disk & Storage Encryption Mac OS WEF EDR - Windows Defender ATP IoT DDoS attack mitigation Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) EPP - Windows Defender Backup and Site Recovery System Center Configuration Manager + Intune Last updated March 2017 – latest at

2 Cybersecurity Reference Architecture
Mark Simos Sachin Gupta Enterprise Cybersecurity Group

3 Cybersecurity Reference Architecture
Software as a Service Office 365 Security Operations Center (SOC) Vulnerability Management Incident Response Logs & Analytics Information Protection Unmanaged & Mobile Clients Identity & Access Active Threat Detection Managed Security Provider UEBA Hunting Teams Azure Active Directory Analytics SIEM Extranet On Premises Datacenter(s) Components Network Edge Defenses Operations, Identity, & Info Protection Functions Enterprise Servers & VMs SaaS adoption (sanctioned or Shadow IT) Identity Systems including Active Directory Mix of managed & unmanaged devices Endpoint and Edge DLP Highly Sensitive Assets SIEM & Analytics Advanced Detection & Response DLP NGFW SSL Proxy IPS Intranet Enterprise Servers Sensitive Workloads VMs VMs Active Directory Domain Controllers Endpoint DLP $ Managed Clients Certification Authority (PKI) Legacy Windows Windows 10 Mac OS IoT

4 SECURE MODERN ENTERPRISE
A secure modern enterprise is resilient to threats Aligned to business objectives and current threat environment SECURE MODERN ENTERPRISE Identity Embraces identity as primary security perimeter and protects identity systems, admins, and credentials as top priorities Apps and Data Aligns security investments with business priorities including identifying and securing communications, data, and applications Identity Apps and Data Infrastructure Devices Infrastructure  Operates on modern platform and uses cloud intelligence to detect and remediate both vulnerabilities and attacks Devices Accesses assets from trusted devices with hardware security assurances, great user experience, and advanced threat detection Secure Platform (secure by design)

5 SECURE MODERN ENTERPRISE
Getting started Secure the Pillars Continue building a secure modern enterprise by adopting leading edge technology and approaches: Threat Detection – Integrate leading edge intelligence and Managed detection and response (MDR) capabilities Identity and Access Management – continue reducing risk to business critical identities and assets Information Protection– Discover, protect, and monitor your critical data Cloud Adoption – Chart a secure path into a cloud- enabled enterprise Device & Datacenter Security – Hardware protections for Devices, Credentials, Servers, and Applications App/Dev Security – Secure your development practices and digital transformation components SECURE MODERN ENTERPRISE Starts Deployment of the SPA roadmap Build the Security Foundation Start the journey by getting in front of current attacks Critical Mitigations – Critical attack protections Attack Detection – Hunt for hidden persistent adversaries and implement critical attack detection Roadmap and planning – Share Microsoft insight on current attacks and strategies, build a tailored roadmap to defend your organization’s business value and mission Identity Apps and Data Infrastructure Devices Secure the Pillars Build Security Foundation – Critical Attack Defenses Secure Platform (secure by design)

6 Cybersecurity Reference Architecture
Software as a Service Office 365 Security Operations Center (SOC) Vulnerability Management Incident Response Investigation and Recovery Logs & Analytics Information Protection Identity & Access Active Threat Detection Unmanaged & Mobile Clients Managed Security Provider UEBA ATA Hunting Teams Enterprise Threat Detection Azure Active Directory Analytics SIEM Extranet On Premises Datacenter(s) Major Incident Credential Theft Mitigations Prevention Privileged Access Workstations Administrative Forest (ESAE) Privileged Access Management Detection Advanced Threat Analytics ETD Managed Detection and Response (MDR) Response Incident Response DLP NGFW SSL Proxy IPS Intranet Enterprise Servers MIM PAM Sensitive Workloads ATA VMs VMs Active Directory Admin Forest Domain Controllers Privileged Access Workstations Endpoint DLP $ Managed Clients Certification Authority (PKI) Legacy Windows Windows 10 Mac OS IoT Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR)

7 The Evolving Security Perimeter
Shadow IT Network perimeter repels and detects classic attacks …but is reliably defeated by Phishing Credential theft Data has moved out of the network and its protections You must establish an Identity security perimeter Strong Authentication Monitoring and enforcement of access policies Threat monitoring using telemetry & intelligence Persistent Threats Approved Cloud Services Office 365 Identity Perimeter Network Perimeter Unmanaged Devices $ $ $ $ $ $ $ $ Resources $ $ $

8 Risks to an Identity Perimeter
Shadow IT SaaS Applications Data Apps Risky Use of Approved SaaS Apps Unprotected Sensitive Data Phishing Credential Theft & Abuse Identity Infrastructure Devices Unmanaged Devices

9 Identity Perimeter – Identity Systems
Challenges Phishing reliably gains foothold in environment Credential Theft allows traversal within environment Microsoft Approach Time of click (vs. time of send) protection and attachment detonation Integrated Intelligence, Reporting, Policy enforcement Securing Privileged Access (SPA) roadmap to protect Active Directory and existing infrastructure Office 365 ATP Gateway Anti-malware Phishing Credential Theft & Abuse Identity Azure AD Identity Protection Conditional Access Advanced Threat Analytics MIM PAM ATA Enterprise Threat Detection Admin Forest Investigation and Recovery Privileged Access Workstations

10 Cybersecurity Reference Architecture
Software as a Service Office 365 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) Security Operations Center (SOC) Incident Response Security Development Lifecycle (SDL) Vulnerability Management Investigation and Recovery Internet of Things Logs & Analytics Unmanaged & Mobile Clients Identity & Access Information Protection Active Threat Detection Managed Security Provider UEBA ATA Hunting Teams Enterprise Threat Detection Azure Active Directory Analytics OMS SIEM PADS Azure AD Identity Protection Extranet SIEM Integration On Premises Datacenter(s) Express Route Microsoft Azure Edge DLP Security Appliances NGFW Colocation Azure AD PIM SSL Proxy Office 365 ATP Gateway Anti-malware Multi-Factor Authentication IPS Azure Security Center Threat Protection Threat Detection VPN Hello for Business Azure Key Vault Enterprise Servers Azure App Gateway MIM PAM Azure Antimalware ATA VMs VMs Active Directory Network Security Groups Domain Controllers ESAE Admin Forest VPN Privileged Access Workstations (PAWs) Endpoint DLP SQL Encryption & Firewall $ Managed Clients Certification Authority (PKI) Legacy Windows Windows 10 Sensitive Workloads Disk & Storage Encryption Mac OS WEF IoT DDoS attack mitigation Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Backup and Site Recovery

11 Identity Perimeter - Apps
Challenges Shadow IT - Unsanctioned cloud services storing and processing your sensitive data SaaS Management – Challenging to consistently manage many Software as a Service (SaaS) Shadow IT SaaS Applications Apps Risky Use of Approved SaaS Apps Microsoft Approach Enable Full Security Lifecycle Discover SaaS Usage Investigate current risk posture Take Control to enforce policy on SaaS tenants and data Alert and take automatic action on policy violations (e.g. remove public access to sensitive document) Cloud App Security Phishing Credential Theft & Abuse Identity

12 Cybersecurity Reference Architecture
Software as a Service Office 365 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) Security Operations Center (SOC) Vulnerability Management Incident Response Security Development Lifecycle (SDL) Investigation and Recovery Internet of Things Logs & Analytics Unmanaged & Mobile Clients Identity & Access Information Protection Active Threat Detection Managed Security Provider UEBA ATA Hunting Teams Enterprise Threat Detection Azure Active Directory Analytics Cloud App Security OMS SIEM PADS Azure AD Identity Protection Extranet SIEM Integration On Premises Datacenter(s) Express Route Microsoft Azure Edge DLP Security Appliances NGFW Colocation Azure AD PIM SSL Proxy Office 365 ATP Gateway Anti-malware Multi-Factor Authentication IPS Azure Security Center Threat Protection Threat Detection VPN Hello for Business Azure Key Vault Enterprise Servers Azure App Gateway MIM PAM Azure Antimalware ATA VMs VMs Active Directory Network Security Groups Domain Controllers ESAE Admin Forest VPN Privileged Access Workstations (PAWs) Endpoint DLP SQL Encryption & Firewall Managed Clients Certification Authority (PKI) $ Legacy Windows Windows 10 Sensitive Workloads Disk & Storage Encryption Mac OS WEF IoT DDoS attack mitigation Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Backup and Site Recovery

13 Identity Perimeter - Data
Challenges Limited visibility and control of sensitive data Data classification is large and challenging project Data Microsoft Approach Protect data anywhere it goes Bring or Hold your own Key Support most popular formats Integration with Existing DLP Unprotected Sensitive Data Azure Information Protection (AIP) Classify Label Protect Report Identity Classification Labels Hold Your Own Key (HYOK) Credential Theft & Abuse Edge DLP Endpoint DLP

14 Cybersecurity Reference Architecture
Software as a Service Office 365 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) Security Operations Center (SOC) Security Development Lifecycle (SDL) ASM Vulnerability Management Incident Response Investigation and Recovery Internet of Things Lockbox Logs & Analytics Identity & Access Information Protection Active Threat Detection Unmanaged & Mobile Clients Managed Security Provider UEBA ATA Hunting Teams Enterprise Threat Detection Azure Active Directory Analytics Cloud App Security OMS SIEM PADS Conditional Access Azure AD Identity Protection Office 365 DLP Extranet SIEM Integration On Premises Datacenter(s) Express Route Microsoft Azure Edge DLP Security Appliances Azure Information Protection (AIP) Classify Label Protect Report NGFW Colocation Azure AD PIM SSL Proxy Office 365 ATP Gateway Anti-malware Multi-Factor Authentication IPS Azure Security Center Threat Protection Threat Detection VPN Hello for Business Classification Labels Azure Key Vault Enterprise Servers Hold Your Own Key (HYOK) Azure App Gateway MIM PAM Azure Antimalware ATA VMs VMs Active Directory Network Security Groups Domain Controllers ESAE Admin Forest VPN Structured Data & 3rd party Apps Privileged Access Workstations (PAWs) Endpoint DLP SQL Encryption & Firewall $ Managed Clients Certification Authority (PKI) Legacy Windows Windows 10 Sensitive Workloads Disk & Storage Encryption Mac OS WEF IoT DDoS attack mitigation Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Backup and Site Recovery

15 Identity Perimeter – Devices
Challenges Provide secure PCs and devices for sensitive data Manage & protect data on non-corporate devices Identity Devices Microsoft Approach Provide a great user experience, strong Hardware- based security, and advanced detection + response capabilities Mobile Device Management and Mobile App Management of popular devices via Intune Policy enforcement via Conditional Access Windows 10 Unmanaged Devices Windows 10 Conditional Access Intune MDM/MAM

16 Cybersecurity Reference Architecture
Software as a Service Office 365 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) Security Operations Center (SOC) Incident Response Security Development Lifecycle (SDL) ASM Vulnerability Management Investigation and Recovery Internet of Things Lockbox Logs & Analytics Unmanaged & Mobile Clients Identity & Access Information Protection Active Threat Detection Managed Security Provider UEBA ATA Hunting Teams Enterprise Threat Detection Azure Active Directory Analytics Cloud App Security OMS SIEM PADS Conditional Access Intune MDM/MAM Azure AD Identity Protection Office 365 DLP Extranet SIEM Integration On Premises Datacenter(s) Express Route Microsoft Azure Edge DLP Security Appliances Azure Information Protection (AIP) Classify Label Protect Report NGFW Colocation Azure AD PIM SSL Proxy Office 365 ATP Gateway Anti-malware Multi-Factor Authentication IPS Azure Security Center Threat Protection Threat Detection VPN Hello for Business Classification Labels Azure Key Vault Enterprise Servers Hold Your Own Key (HYOK) Azure App Gateway MIM PAM Azure Antimalware ATA VMs VMs Active Directory Network Security Groups Domain Controllers ESAE Admin Forest VPN Structured Data & 3rd party Apps Privileged Access Workstations (PAWs) Endpoint DLP SQL Encryption & Firewall $ Managed Clients Certification Authority (PKI) Legacy Windows Windows 10 Sensitive Workloads Disk & Storage Encryption Mac OS WEF IoT DDoS attack mitigation Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Backup and Site Recovery

17 Microsoft Threat Detection Deep insight across your environment
Powered by the Intelligent Security Graph Microsoft Threat Detection Deep insight across your environment Azure Security Center Threat Protection Threat Detection Security Appliances Cloud App Security Information Azure AD Identity Protection Cloud Infrastructure Identity OMS Operations Management Suite SIEM Office 365 ATP Gateway Anti-malware EDR - Windows Defender ATP ATA Advanced Threat Analytics Private Cloud & On-Premises Infrastructure Professional Services Enterprise Threat Detection PADS Investigation and Recovery Hunt for threats and persistent adversaries in your environment Respond to Threats with seasoned professionals and deep expertise Detect Threats with managed detection and response (MDR) service

18 Cybersecurity Reference Architecture
Software as a Service Office 365 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) Security Operations Center (SOC) ASM Vulnerability Management Incident Response Security Development Lifecycle (SDL) Investigation and Recovery Internet of Things Lockbox Logs & Analytics Unmanaged & Mobile Clients Identity & Access Information Protection Active Threat Detection Managed Security Provider UEBA ATA Hunting Teams Enterprise Threat Detection Azure Active Directory Analytics Cloud App Security OMS SIEM PADS Conditional Access Intune MDM/MAM Azure AD Identity Protection Office 365 DLP Extranet SIEM Integration On Premises Datacenter(s) Express Route Microsoft Azure Edge DLP Security Appliances Azure Information Protection (AIP) Classify Label Protect Report NGFW Colocation Azure AD PIM SSL Proxy Office 365 ATP Gateway Anti-malware Hover over each item in presentation mode to see description Click to go to a webpage Multi-Factor Authentication IPS Azure Security Center Threat Protection Threat Detection Windows Server 2016 Security Shielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V Containers, Nano server, … VPN Hello for Business Classification Labels Azure Key Vault Enterprise Servers Hold Your Own Key (HYOK) Azure App Gateway MIM PAM Shielded VMs Sensitive Workloads Azure Antimalware ATA VMs VMs Active Directory Network Security Groups Domain Controllers ESAE Admin Forest VPN Structured Data & 3rd party Apps Privileged Access Workstations (PAWs) Endpoint DLP SQL Encryption & Firewall $ Managed Clients Certification Authority (PKI) Windows Info Protection Legacy Windows Windows 10 Windows 10 Security Secure Boot Device Guard Application Guard Credential Guard Windows Hello Device Health Attestation Remote Credential Guard Disk & Storage Encryption Mac OS WEF EDR - Windows Defender ATP IoT DDoS attack mitigation Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) EPP - Windows Defender Backup and Site Recovery System Center Configuration Manager + Intune

19 Cybersecurity Reference Architecture
Office 365 Security Operations Center (SOC) Threat Protection and Monitoring Incident Response and Recovery Services Visibility across your enterprise assets Integration with your existing SIEM Identity & Access Information Protection Azure Active Directory Discover & Secure SaaS usage Analytics & Reporting Conditional Access Multi-factor Authentication Privileged Access Management Data Protection Full Lifecycle Protections (Classify, Protect, Report, Revoke) Critical Formats DLP integration Extranet On Premises Datacenter(s) Microsoft Azure Express Route Partnerships Firewall, Proxy Data Loss Prevention (DLP) Intrusion Prevention (IPS) Security Appliances Advanced Protection Colocation Advanced Threat Protection and Detection Datacenter and Virtualization Security Critical Protections for Privileged Identities | Private Cloud Fabric | Workloads Internet Facing Workloads Enterprise Servers Built-in Security Business Critical Workloads …and more Active Directory Privileged Access Workstations (PAWs) $ Protection from DDoS, Disasters, & Ransomware Unmanaged & Mobile Clients Mobile Device & App Management (MDM/MAM) Managed Clients Internet of Things Mac OS Legacy Windows Nearly all customer breaches involve credential theft (Microsoft Incident Response team) Windows 10 Security Hardware based protections Powerful detection and investigation capabilities Compliance Last updated March 2017 – latest at

20

Download ppt "Cybersecurity Reference Architecture"

Similar presentations

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows Infra @MaccaMSOz.

Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.

FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.
Employees use multiple devices Employees use both corporate and personal applications Data is stored in various locations Cybersecurity is a top concern.

Employees use multiple devices Employees use both corporate and personal applications Data is stored in various locations Cybersecurity is a top concern.
ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.

ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.

Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
Go mobile. Stay in control. Craig Morris EMPOWER ENTERPRISE MOBILITY.

Go mobile. Stay in control. Craig Morris EMPOWER ENTERPRISE MOBILITY.
DATS Portfolio. PARTNERS & Solutions END TO END DATA CENTER SOLUTIONS Building a robust, resilient IT infrastructure. Lenovo System x combines unbeatable.

DATS Portfolio. PARTNERS & Solutions END TO END DATA CENTER SOLUTIONS Building a robust, resilient IT infrastructure. Lenovo System x combines unbeatable.
Clouding with Microsoft Azure

Clouding with Microsoft Azure
Microsoft Cloud App Security

Microsoft Cloud App Security
Microsoft 365 Security and Compliance: Training and Resources

Microsoft 365 Security and Compliance: Training and Resources
The time to address enterprise mobility is now

The time to address enterprise mobility is now
Deployment Planning Services

Deployment Planning Services
Windows 10 Enterprise Subscriptions in CSP

Windows 10 Enterprise Subscriptions in CSP

Similar presentations

Ads by Google