Presentation is loading. Please wait.

Presentation is loading. Please wait.

$3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76%

Published byAugustine Todd Modified over 9 years ago

Similar presentations

Presentation on theme: "$3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76%"— Presentation transcript:

1

2 $3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76% of all network intrusions are due to compromised user credentials $500B The total potential cost of cybercrime to the global economy

3 Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs Compromising user credentials in the vast majority of attacks Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Today’s cyber attackers are:

4 Using legitimate IT tools rather than malware – harder to detect Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs Compromising user credentials in the vast majority of attacks Staying in the network an average of eight months before detection Today’s cyber attackers are:

5 Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs Compromising user credentials in the vast majority of attacks Today’s cyber attackers are:

6 Compromising user credentials in the vast majority of attacks Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs Today’s cyber attackers are:

7 Traditional IT security tools are typically: Designed to protect the perimeter ComplexProne to false positives When user credentials are stolen and attackers are in the network, your current defenses provide limited protection. Initial setup, fine-tuning, creating rules and thresholds/baselines can take a long time. You receive too many reports in a day with several false positives that require valuable time you don’t have.

8 An on-premises platform to identify advanced security attacks before they cause damage  Credit card companies monitor cardholders’ behavior.  If there is any abnormal activity, they will notify the cardholder to verify charge. Microsoft Advanced Threat Analytics brings this concept to IT and users of a particular organization Comparison :

9 Behavior al Analytics Detection for known attacks and issues Advanced Threat Detection An on-premises platform to identify advanced security attacks before they cause damage

10 Detect threats fast with Behavioral Analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives Prioritize and plan for next steps No need for creating rules, fine-tuning or monitoring a flood of security reports, the intelligence needed is ready to analyze and self-learning. ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who-what-when-and how” of your enterprise. Alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path. For each suspicious activity or known attack identified, ATA provides recommendations for the investigation and remediation.

11 Analyze 1 After installation: Simple non-intrusive port mirroring configuration copies all AD-related traffic Remains invisible to the attackers Analyzes all Active Directory traffic Collects relevant events from SIEM and other sources

12 ATA: Automatically starts learning and profiling entity behavior Identifies normal behavior for entities Learns continuously to update the activities of the users, devices, and resources Learn 2 What is entity? Entity represents users, devices, or resources

13 Detect 3 Microsoft Advanced Threat Analytics: Looks for abnormal behavior and identifies suspicious activities Only raises red flags if abnormal activities are contextually aggregated Leverages world-class security research to detect known attacks and security issues (regional or global) ATA not only compares the entity’s behavior to its own, but also to the behavior of entities in its interaction path.

14 Alert 4 ATA reports all suspicious activities on a simple, functional, actionable attack timeline ATA identifies Who? What? When? How? For each suspicious activity, ATA provides recommendations for the investigation and remediation. ?

15 Abnormal Behavior  Anomalous logins  Remote execution  Suspicious activity Security issues and risks  Broken trust  Weak protocols  Known protocol vulnerabilities Malicious attacks  Pass-the-Ticket (PtT)  Pass-the-Hash (PtH)  Overpass-the-Hash  Forged PAC (MS14- 068)  Golden Ticket  Skeleton key malware  Reconnaissance  BruteForce  Unknown threats  Password sharing  Lateral movement

16  Witnesses all authentication and authorization to the organizational resources within the corporate perimeter or on mobile devices Mobility supportIntegration to SIEMSeamless deployment  Works seamlessly with SIEM  Provides options to forward security alerts to your SIEM or to send emails to specific people  Functions as an appliance hardware or virtual  Utilizes port mirroring to allow seamless deployment alongside AD  Does not affect existing network topology Key features

17 Topology

18 Captures and analyzes DC network traffic via port mirroring Listens to multiple DCs from a single Gateway Receives events from SIEM Retrieves data about entities from the domain Performs resolution of network entities Transfers relevant data to the ATA Center

19 Manages ATA Gateway configuration settings Receives data from ATA Gateways and stores in the database Detects suspicious activity and abnormal behavior (machine learning) Provides Web Management Interface Supports multiple Gateways

20 Configure port mirroring Create domain read only user Identify VPN / DA networks Optional – Create ATA honeytoken user Optional – Deploy certificates

21  After Aug 1, 2015, existing ECAL customers with active SA, will automatically get license rights to ATA.  After Aug 1, 2015, all existing EMS/ECS customers will automatically get rights to ATA through their subscription term, including true-ups, at current agreement price.  Customers making new EMS/ECS purchases after Aug 1, 2015, should be quoted new EMS/ECS pricing taking effect after Aug 1.  Standalone ATA option is for customers who can not purchase ECALs or EMS/ECS, or need to mix & match licenses based on user-type.  Sample price: Open NL L&SA 2yr ERP ~$160/user. Included in ECAL Suite ATA license included in both per-user and per-device ECAL Suites starting Aug 1, 2015 Included in EMS & ECS ATA per-user license included with EMS and ECS subscriptions, starting Aug 1, 2015 Available as standalone SKU Per-user or per-OSE Client Management License  ATA is licensed, standalone, as a Client Management License, with per-user and per-OSE options.  Best way to get ATA is via one of 3 Microsoft license suites: Enterprise CAL, EMS, or ECS  Server software is free (no server license required)  ATA will be available in nearly all Microsoft Volume Licensing channels and programs

22 How many licenses does my customer need to buy to use ATA? Customer configures ATA to monitor domain controllers. # of licenses needed = # of users or end-user devices contained in the forests or domains being managed by those domain controllers. ATA is not configurable at a user-level, by design. What RSD does ATA revenue fall in? As part of ECAL CnE CAL Suites – ECAL As part EMS/ECS Enterprise Mobility Services Standalone ATA Identity and Access Is there any relation between ATA & Systems Center client products, since they share a licensing model? No, ATA is a completely separate, unrelated software product. Customer is buying EMS for some users, but wants ATA for entire org. Do they need to buy EMS for everyone? No, ATA can be licensed through one of three license suites (ECAL, EMS, ECS), or via standalone user licenses. Customer can mix & match as needed.

23

Download ppt "$3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76%"

Similar presentations

XProtect ® Professional Efficient solutions for mid-sized installations.

XProtect ® Professional Efficient solutions for mid-sized installations.
XProtect ® Express Integration made easy. With support for up to 48 cameras, XProtect Express is easy and affordable IP video surveillance software with.

XProtect ® Express Integration made easy. With support for up to 48 cameras, XProtect Express is easy and affordable IP video surveillance software with.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,

(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
XPand your capabilities with Citrix ® MetaFrame XP ™ for Windows ®, Feature Release 2.

XPand your capabilities with Citrix ® MetaFrame XP ™ for Windows ®, Feature Release 2.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
Security Planning and Administrative Delegation Lesson 6.

Security Planning and Administrative Delegation Lesson 6.

Similar presentations

Ads by Google