Presentation is loading. Please wait.

Presentation is loading. Please wait.

Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.

Published byVictor Richard Modified over 9 years ago

Similar presentations

Presentation on theme: "Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors."— Presentation transcript:

1

2

3 Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors and even suppliers getting targeted Software solutionsHardware rooted trust the only way Secure the perimeterAssume breach. Protect at all levels Hoping I don‘t get hacked You will be hacked. Did I successfully mitigate? FamiliarModern Company owned and tightly managed devicesBring your own device, varied management

4 Attestation UEFI Secure BootTPM 2.0 Only signed binaries Single source updates OS Services Trusted Boot App Platform Network security Microsoft Passport Two Factor authentication Windows Hello Mobile Device Management Enterprise Data Protection Device encryption IRM & S/MIME Browser security Store Apps Business Store Portal Cloud Services 01011 01101

5 http://www.uefi.org/specs/

6 Firmware boot loaders OEM UEFI applications Windows boot manager Power On Windows OS boot Windows update OS boot Boot to flashing mode SoC Vendor OEM MSFT

7

8

9 Attestation UEFI Secure BootTPM 2.0 Only signed binaries Single source updates OS Services Trusted Boot App Platform Network security Microsoft Passport Two Factor authentication Windows Hello Mobile Device Management Enterprise Data Protection Device encryption IRM & S/MIME Browser security Store Apps Business Store Portal Cloud Services 01011 01101

10 Least Privilege Chamber (LPC) Trusted Computing Base (TCB) Dynamic Permissions (LPC) Fixed Permissions Chamber Central repository of rules 3-tuple {Principal, Right, Resource} Chamber boundary is security boundary Chambers defined using policy rules Expressed in application manifest Disclosed in Windows Store Defines app’s security boundary on device

11

12 Attestation UEFI Secure BootTPM 2.0 Only signed binaries Single source updates OS Services Trusted Boot App Platform Network security Microsoft Passport Two Factor authentication Windows Hello Mobile Device Management Enterprise Data Protection Device encryption IRM & S/MIME Browser security Store Apps Business Store Portal Cloud Services 01011 01101

13

14

15

16 IDP Active Directory Azure Active Directory Microsoft Account Other IDP’s 1 Create Account or proves identity Create and trust unique key Authentication by validating this signed request 2 3 Resource 4 Authentication token Trusts tokens from IDP User Unlock Windows identity container w/ PIN or Hello Token binding Access Token Relying Party

17

18

19

20

21

22 Attestation UEFI Secure BootTPM 2.0 Only signed binaries Single source updates OS Services Trusted Boot App Platform Network security Microsoft Passport Two Factor authentication Windows Hello Mobile Device Management Enterprise Data Protection Device encryption IRM & S/MIME Browser security Store Apps Business Store Portal Cloud Services 01011 01101

23

24

25 IDP Active Directory Azure Active Directory Microsoft Account Other IDP’s 1 Create Account or proves identity Create and trust unique key 2 MDM 4 Authentication token User Unlock Windows identity container w/ PIN or Hello MDM enrollment EDP Policies Key Management Enterprise allowed apps Network / Storage App data flow management Block or Allow/Audit controls Selective wipe on un-enroll

26 Personal Apps & Data (Unmanaged) Business Apps & Data (Managed) Data exchange is controlled

27 UPDATE ARTWORK Cortana assets from Shane Early Designs Not Final UI

28 Office Early Designs Not Final UI

29 UPDATE ARTWORK Cortana assets from Shane Pasting content from a Fabrikam file to a personal file is discouraged, and if you choose “paste anyway” your action and the content will be logged for IT review. Early Designs Not Final UI

30 One consistent set of MDM capabilities across Mobile, Desktop, and IoT Provisioning Bulk enrollment Simple bootstrap Converged protocol Azure AD Integration Extended set of policies Context based policies Client certificates – Direct install (PFX) Enterprise Wi-Fi profiles VPN profiles Email provisioning MDM Push when user not logged in Kiosk Mode, Start screen configuration and control Curated Windows Store Volume Purchase Program and app distribution License reclaim/re-use Enterprise App management LOB app management App inventory (MDM/Store) App allow/deny list Enterprise data protection Remote Lock, PIN reset, Ring, Find Full device wipe Un-enrollment with alerts Removal of configuration & EDP protected data ENROLLMENT INVENTORY APPLICATION MANAGEMENT DEVICE CONFIGURATION AND SECURITY REMOTE ASSISTANCE UNENROLLMENT Enhanced inventory for compliance decisions

31 Attestation UEFI Secure BootTPM 2.0 Only signed binaries Single source updates OS Services Trusted Boot App Platform Network security Microsoft Passport Two Factor authentication Windows Hello Mobile Device Management Enterprise Data Protection Device encryption IRM & S/MIME Browser security Store Apps Business Store Portal Cloud Services 01011 01101

32

33

34

35 Online with Mobile Device Management

36

37 Attestation UEFI Secure BootTPM 2.0 Only signed binaries Single source updates OS Services Trusted Boot App Platform Network security Microsoft Passport Two Factor authentication Windows Hello Mobile Device Management Enterprise Data Protection Device encryption IRM & S/MIME Browser security Store Apps Business Store Portal Cloud Services 01011 01101

38

39 Microsoft Cloud Enterprise Mobility Suite + Office 365 + Azure AD Simplified and Interated Flexible options Reduced complexity Windows Security Solid identitiesData protection Secured devicesApplication controls Enabled By

40

41

42

Download ppt "Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors."

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
© 2009 VMware Inc. All rights reserved VMware Horizon Mobile Intro - NetHope Deepak Puri Director Mobile Business Development +1 (415) 606-4416

© 2009 VMware Inc. All rights reserved VMware Horizon Mobile Intro - NetHope Deepak Puri Director Mobile Business Development +1 (415)
Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.

Windows 8.1 Device Management With Windows Intune Mark O’Shea MVP Windows Expert – IT Pro 30 June 2014.
Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.

Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.
iOS & other Android devices KNOX EMM (Client) Cloud Service Active Directory integration (Optional) Mobile Device & App Management MDM IAM Samsung Device.

iOS & other Android devices KNOX EMM (Client) Cloud Service Active Directory integration (Optional) Mobile Device & App Management MDM IAM Samsung Device.
Meraki Mobile Device Management

Meraki Mobile Device Management
Enterprise Mobility Platform Microsoft Differentiation Managed Mobile Productivity Layered Protection Hybrid Solutions Office 365DynamicsWorkday.

Enterprise Mobility Platform Microsoft Differentiation Managed Mobile Productivity Layered Protection Hybrid Solutions Office 365DynamicsWorkday.
Build 2015 4/15/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.

Build /15/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.

Protect your data Enable your users Unify Your Environment DevicesAppsData Help organizations enable their users to be productive on the devices they.
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.

SharePoint Server Exchange Server CORPORATE NETWORK Mobile devices PCs Browsers INTERNET DMZ Active Directory Policies Filter EAS Filter web access.
Microsoft Ignite /16/2017 3:58 PM

Microsoft Ignite /16/2017 3:58 PM
Microsoft Ignite /16/2017 3:59 PM

Microsoft Ignite /16/2017 3:59 PM
Microsoft Ignite /16/2017 3:59 PM

Microsoft Ignite /16/2017 3:59 PM
Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.

Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.
GREATER THAN EVER. TODAY, RISK OF DATA FALLING IN THE WRONG HANDS IS QUITE OFTEN THIS RISK IS NOT FROM EXTERNAL ATTACKERS. IT COMES FROM WITHIN.

GREATER THAN EVER. TODAY, RISK OF DATA FALLING IN THE WRONG HANDS IS QUITE OFTEN THIS RISK IS NOT FROM EXTERNAL ATTACKERS. IT COMES FROM WITHIN.
Build 2015 4/16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.

Build /16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.

Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.
Sessions about to start – Get your rig on!. Ash de Zylva.

Sessions about to start – Get your rig on!. Ash de Zylva.

Similar presentations

Ads by Google