SlideShare uma empresa Scribd logo

Microsoft threat protection + wdatp+ aatp overview

A
Allessandra Negri

Microsoft threat protection + wdatp+ aatp overview

Tecnologia
1 de 98
Baixar para ler offline
The challenge of securing your environment The digital estate offers a very broad surface area that is difficult to secure. Bad actors are using increasingly creative and sophisticated attacks. Integrated, intelligent correlation and action on signals is difficult, time- consuming, and expensive.
User browses to a website Phishing mail Opens attachment Clicks on a URL + Exploitation & Installation Command & Control Brute force account or use stolen account credentials User account is compromised Attacker attempts lateral movement Privileged account compromised Domain compromised Attacker accesses sensitive data Exfiltrate data Maximize Detection Azure AD Identity Protection Identity protection & conditional access Cloud App Security Azure ATP Azure AD Identity Protection Identity protection & conditional access Identity protection Extends protection & conditional access to other cloud apps Microsoft Defender ATP Endpoint Detection, Protection and Response Office ATP Safeguards against malicious threats posed by email messages, links (URLs) and collaboration tools
Each physical datacenter protected with world-class, multi-layered protection Secured with cutting- edge operational security • Restricted access • 24x7 monitoring • Global security experts Global cloud infrastructure with custom hardware and network protection Over 100 datacenters across the planet
MicrosoftSecurity Advantage $1B annual investment in cybersecurity 3500+ global security experts Trillions of diverse signals for unparalleled intelligence
Optimal security, minimal complexity Today’s security is multiple, disjointed, complex products Mail Protection Single Sign On DLP & GDPR Identity Security Apps Security Incident Response Mail Encryption Device Management Endpoint Security Identities Endpoints User Data Cloud Apps Infrastructure Microsoft Threat Protection
Microsoft Intune Office 365 Threat Intelligence/ATP P2 Microsoft Defender Advanced Threat Protection Azure Active Directory Office 365 Advanced Threat Protection P1 Microsoft Cloud App Security Azure Security Center Azure Advanced Threat Protection Windows 10 Identities: Validating, verifying and protecting both user and admin accounts User Data: evaluating email messages and documents for malicious content Endpoints: protecting user devices and signals from sensors Infrastructure: protecting servers, virtual machines, databases and networks across cloud and on- premises locations Cloud Apps: protecting SaaS applications and their associated data stores 1 3 2 5 4 Exchange Online Protection SQL ServerWindows Server Linux
Microsoft Intune Office 365 Threat Intelligence/ATP P2 Microsoft Defender Advanced Threat Protection Azure Active Directory Office 365 Advanced Threat Protection P1 Microsoft Cloud App Security Azure Security Center Azure Advanced Threat Protection Windows 10 1 3 2 5 4 Endpoints: protecting user devices and signals from sensors User Data: evaluating email messages and documents for malicious content SQL ServerExchange Online Protection Windows Server Linux Infrastructure: protecting servers, virtual machines, databases and networks across cloud and on- premises locations Cloud Apps: protecting SaaS applications and their associated data stores Identities: Validating, verifying and protecting both user and admin accounts
Microsoft Intune Office 365 Threat Intelligence/ATP P2 Microsoft Defender Advanced Threat Protection Azure Active Directory Office 365 Advanced Threat Protection P1 Microsoft Cloud App Security Azure Advanced Threat Protection Windows 10 1 3 2 5 4 Endpoints: protecting user devices and signals from sensors Azure Security Center User Data: evaluating email messages and documents for malicious content SQL ServerExchange Online Protection Windows Server Linux Infrastructure: protecting servers, virtual machines, databases and networks across cloud and on- premises locations Cloud Apps: protecting SaaS applications and their associated data stores Identities: Validating, verifying and protecting both user and admin accounts
Microsoft Intune Office 365 Threat Intelligence/ATP P2 Microsoft Defender Advanced Threat Protection Azure Active Directory Office 365 Advanced Threat Protection P1 Azure Security Center Azure Advanced Threat Protection Windows 10 1 3 2 5 4 Endpoints: protecting user devices and signals from sensors User Data: evaluating email messages and documents for malicious content SQL Server Microsoft Cloud App Security Windows Server Linux Exchange Online Protection Infrastructure: protecting servers, virtual machines, databases and networks across cloud and on- premises locations Cloud Apps: protecting SaaS applications and their associated data stores Identities: Validating, verifying and protecting both user and admin accounts
Microsoft Intune Office 365 Threat Intelligence/ATP P2 Microsoft Defender Advanced Threat Protection SQL Server Azure Active Directory Office 365 Advanced Threat Protection P1 Microsoft Cloud App Security Azure Security Center Azure Advanced Threat Protection Windows 10 1 3 2 5 4 Endpoints: protecting user devices and signals from sensors User Data: evaluating email messages and documents for malicious content Exchange Online Protection Infrastructure: protecting servers, virtual machines, databases and networks across cloud and on- premises locations Cloud Apps: protecting SaaS applications and their associated data stores Windows Server Linux Identities: Validating, verifying and protecting both user and admin accounts
Microsoft Intune Office 365 Threat Intelligence/ATP P2 Microsoft Defender Advanced Threat Protection SQL ServerWindows Server Linux Azure Active Directory Office 365 Advanced Threat Protection P1 Microsoft Cloud App Security Azure Security Center Azure Advanced Threat Protection Windows 10 1 3 2 5 4 Endpoints: protecting user devices and signals from sensors User Data: evaluating email messages and documents for malicious content Exchange Online Protection Infrastructure: protecting servers, virtual machines, databases and networks across cloud and on- premises locations Cloud Apps: protecting SaaS applications and their associated data stores Identities: Validating, verifying and protecting both user and admin accounts
Identities Endpoints User Data Cloud Apps Infrastructure Users and admins Devices and sensors Email messages and documents SaaS applications and data stores Servers, virtual machines, databases, networks Intelligent Security Graph 6.5 TRILLION signals per day
Zero Trust Access Control Strategy Never Trust. Always verify.
Corporate Network Geo-location Microsoft Cloud App SecurityMacOS Android iOS Windows Windows Defender ATP Client apps Browser apps Google ID MSA Azure AD ADFS Require MFA Allow/block access Block legacy authentication Force password reset****** Limited access Controls Employee & Partner Users and Roles Trusted & Compliant Devices Physical & Virtual Location Client apps & Auth Method Conditions Machine learning Policies Real time Evaluation Engine Session Risk 3 40TB Effective policy Azure AD conditional access (Zero Trust)
Zero Trust Access Control Conditional Access App Control
Protect sensitive data on-premises and in the cloud Classification and labeling Classify data based on sensitivity and add labels— manually or automatically. Protection Encrypt your sensitive data and define usage rights or add visual markings when needed. Monitoring Use detailed tracking and reporting to see what’s happening with your shared data and maintain control over it. Microsoft Information Protection
Microsoft Threat ProtectionA comprehensive, seamlessly integrated solution providing end-to-end security for your organization. Microsoft 365 Security Center Azure Security Center 3rd party data sources Azure Active Directory Microsoft Defender ATP Office 365 ATP Microsoft Cloud App Security Microsoft Cloud App Security Azure ATP Microsoft Cloud App Security Microsoft Threat Protection automation Microsoft Azure Sentinel Our next generation SIEM Event orchestration Cloud & Hybrid Infrastructure EndpointsIdentities Data & Email Cloud Apps
Built-in. Cloud-powered. ⁞ Embedded into Windows 10 ⁞ World class anti-tampering ⁞ Deep data collection & 6m storage ⁞ Best of breed EPP , EDR ⁞ Support for W7/8, non-Windows ⁞ Integrated config mgmt. ⁞ Vulnerability analysis ⁞ Secure score & CA ⁞ Automation ⁞ Cross suite integrations ⁞ Data separation, RBAC ⁞ Cloud expertise
2 1 3
Vulnerability Management Isn’t Just Scanners Anymore Continuous Discovery Vulnerable applications and configuration via continuous endpoint monitoring to gain immediate situational awareness Prioritize Context-Aware Prioritization Findings by enriching with threat intelligence sources, business context and crowd wisdom to build an accurate risk report Mitigate Surgical Mitigation & Automated Fix Threats by tailoring a surgical mitigation/fix plan based on organizational risk using Microsoft’s security stack, 1st party and 3rd party partners
Network Boundaries SaaS Applications Web Threats and Phishing Anywhere Connectivity
Any Device Anywhere Intelligent
Web Threat Protection URL / IP Allow Block Cloud App Security
Configuration and Reports
Fileless (living-off-the-land) threats Highly sophisticated and human operated Ransomware Legitimate business software used as a weapon Each platform has a unique threat landscape Hardware/firmware attacks are a growing risk Targeted attacks leading to data breaches continue to grow
Behavior Monitoring Memory Scanning Command Line Detection AMSI • File System • Boot/Volume • Registry • Process / DLL’s • Network • Code injection • … • Quick Scan • On system events • Ad-hoc requests by BM • Defeats Polymorphism Especially effective against: • LOLBIN • LOLBAS • Obfuscation Instrumentation of: • Javascript • VBScript • Macro • Powershell • WMI • Dotnet ML + Cloud powered! ML + Cloud powered!
Microsoft Defender ATP Microsoft Intune Azure Information Protection Microsoft Secure Score Azure Security Center Orchestrated protection and remediation Azure AD & Conditional Access Microsoft Cloud App Security Microsoft Office 365 A uniquely integrated endpoint protection platform
Azure Advanced Threat Protection
User Anomalous user behavior Unfamiliar sign-in location Attacker User account is compromised Attacker attempts lateral movement Attacker accesses sensitive data Privileged account compromised Lateral movement attacks Escalation of privileges Account impersonation Attacker steals sensitive data Zero-day / brute-force attack The anatomy of an attack
Detect and investigate advanced attacks involving identities across on-premises, cloud and hybrid environments Azure ATP
Identify advanced persistent threats before they cause damage Abnormal behavior Malicious attacks Security issues and risks
Azure ATP Monitor your on-premises Active Directory with a convenient cloud service Reduce strain and cost in your on- premises environment with analytics done in the cloud Scale your anomalous behavior detections with the power of the cloud Pivot to and remediate a malicious attack in Windows Defender ATP Deploy with ease into your existing infrastructure Benefit from the scale of the cloud Windows Defender ATP
Get a clear, efficient, and convenient feed that surfaces the right things on a timeline Enjoy the power of perspective on the “who-what-when-and how” of your enterprise Benefit from detailed information for next steps Focus on what is important using the simple attack timeline
Azure Advanced Threat Protection
Abnormal resource access Account enumeration Net Session enumeration DNS enumeration SAM-R Enumeration Abnormal working hours Brute force using NTLM, Kerberos, or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request Abnormal VPN Abnormal authentication requests Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash Malicious service creation MS14-068exploit (Forged PAC) MS11-013exploit (Silver PAC) Skeleton key malware Golden ticket Remote execution Malicious replication requests Abnormal Modification of Sensitive Groups Azure Advanced Threat Protection Reconnaissance ! ! ! Compromised Credential Lateral Movement Privilege Escalation Domain Dominance
ATP Architecture Alert notifications Access to console - Workspace Management - Workspace portal Parsed network traffic from DCs Azure ATP Sensor Domain Controller Alert notifications to SIEM Windows Defender ATP Events Windows Event Forwarding Domain Controller Port mirroring Alert notifications to SIEM SIEM Azure ATP Azure ATP Standalone Sensor
Verwendung von Intelligenz für eine einheitliche Identitätsuntersuchung über On-Premises und Cloud-Aktivitäten hinweg Azure ATP Microsoft Cloud App Security Azure AD Identity Protection
Attack timeline Day 1 – 11: Attacker compromises privileged user’s non MFA-enabled account. 1 Day 137 – 143: Attackers create rules on Contoso’s SharePoint and email to automate data exfiltration to a cloud storage solution. 3Day 16 – 218: Attackers perform mailbox searches across Office 365. 2 Day 16 – 163: Attacker uses stolen credentials to VPN into corporate network. 4 Day 163 – 243: Attacker moves laterally throughout organization’s network, compromising privileged credentials 5 COMPROMISED CREDENTIAL EXFILTRATE DATA CONNECTION TO ON-PREM MOVE LATERALLY
Office ATP Windows Defender ATP Office 365 Threat Intelligence Automated Detection, Investigation, & Remediation with Microsoft Threat Protection
• • • • • Security Operations Center (SOC) Azure Sentinel – Cloud Native SIEM and SOAR
Security Operations Center Provide actionable security alerts, raw logs, or both
Securing Privileged Access Office 365 Security Rapid Cyberattacks (Wannacrypt/Petya) https://aka.ms/MCRA Video Recording Strategies Office 365 Dynamics 365 +Monitor Azure Sentinel – Cloud Native SIEM and SOAR SQL Encryption & Data Masking Data Loss Protection Data Governance eDiscovery
Microsoft threat protection + wdatp+ aatp overview

Recomendados

Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud security
David De Vos
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacks
Akram Qureshi
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your Organization
Charles Lim
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigate
Matt Soseman
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
CloudHesive
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. Model
Vishal Sharma
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-Usability
Larry Wilson
 
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraData Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud era
David De Vos
 

Recomendados

Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud security
David De Vos
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacks
Akram Qureshi
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your Organization
Charles Lim
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigate
Matt Soseman
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
CloudHesive
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. Model
Vishal Sharma
 
Best-Practices-Web-Usability
Best-Practices-Web-UsabilityBest-Practices-Web-Usability
Best-Practices-Web-Usability
Larry Wilson
 
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraData Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud era
David De Vos
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls Security
Hari Kumar
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
HTS Hosting
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
Thomas Treml
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
Syed Sabhi Haider
 
CCI2018 - Azure Security Center - Stato dell’arte e roadmap
CCI2018 - Azure Security Center - Stato dell’arte e roadmapCCI2018 - Azure Security Center - Stato dell’arte e roadmap
CCI2018 - Azure Security Center - Stato dell’arte e roadmap
walk2talk srl
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
Matt Soseman
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - Kloudlearn
KloudLearn
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
Mario Worwell
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD
Andrew Bettany
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Microsoft
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
Shankar Subramaniyan
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
1 Modern Security - Keynote
1 Modern Security - Keynote1 Modern Security - Keynote
1 Modern Security - Keynote
Andrew Bettany
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
RightScale
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel
Mighty Guides, Inc.
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
arnaudlh
 
Cloud university intel security
Cloud university intel securityCloud university intel security
Cloud university intel security
Ingram Micro Cloud
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
4 Modern Security - Integrated SecOps and incident response with MTP
4 Modern Security - Integrated SecOps and incident response with MTP4 Modern Security - Integrated SecOps and incident response with MTP
4 Modern Security - Integrated SecOps and incident response with MTP
Andrew Bettany
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
PlatformSecurityManagement
 

Mais conteúdo relacionado

Mais procurados

CCI2018 - Azure Security Center - Stato dell’arte e roadmap
CCI2018 - Azure Security Center - Stato dell’arte e roadmapCCI2018 - Azure Security Center - Stato dell’arte e roadmap
CCI2018 - Azure Security Center - Stato dell’arte e roadmap
walk2talk srl
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
RightScale
 
Cloud university intel security
Cloud university intel securityCloud university intel security
Cloud university intel security
Ingram Micro Cloud
 

Mais procurados (20)

Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls Security
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
 
CCI2018 - Azure Security Center - Stato dell’arte e roadmap
CCI2018 - Azure Security Center - Stato dell’arte e roadmapCCI2018 - Azure Security Center - Stato dell’arte e roadmap
CCI2018 - Azure Security Center - Stato dell’arte e roadmap
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - Kloudlearn
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
1 Modern Security - Keynote
1 Modern Security - Keynote1 Modern Security - Keynote
1 Modern Security - Keynote
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
 
Cloud university intel security
Cloud university intel securityCloud university intel security
Cloud university intel security
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 

Semelhante a Microsoft threat protection + wdatp+ aatp overview

Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
MSAdvAnalytics
 

Semelhante a Microsoft threat protection + wdatp+ aatp overview (20)

4 Modern Security - Integrated SecOps and incident response with MTP
4 Modern Security - Integrated SecOps and incident response with MTP4 Modern Security - Integrated SecOps and incident response with MTP
4 Modern Security - Integrated SecOps and incident response with MTP
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365
 
Secure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat ProtectionSecure Modern Workplace With Microsoft 365 Threat Protection
Secure Modern Workplace With Microsoft 365 Threat Protection
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat Protection
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
 
Sikkerhed & Compliance i en cloud-verden
Sikkerhed & Compliance i en cloud-verdenSikkerhed & Compliance i en cloud-verden
Sikkerhed & Compliance i en cloud-verden
 
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachCisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Mobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaMobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen Sinha
 
SMB Security Product Overview.pptx
SMB Security Product Overview.pptxSMB Security Product Overview.pptx
SMB Security Product Overview.pptx
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conference
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security
 
Secure remote work
Secure remote workSecure remote work
Secure remote work
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Microsoft threat protection + wdatp+ aatp overview

  • 1.
  • 2. The challenge of securing your environment The digital estate offers a very broad surface area that is difficult to secure. Bad actors are using increasingly creative and sophisticated attacks. Integrated, intelligent correlation and action on signals is difficult, time- consuming, and expensive.
  • 3. User browses to a website Phishing mail Opens attachment Clicks on a URL + Exploitation & Installation Command & Control Brute force account or use stolen account credentials User account is compromised Attacker attempts lateral movement Privileged account compromised Domain compromised Attacker accesses sensitive data Exfiltrate data Maximize Detection Azure AD Identity Protection Identity protection & conditional access Cloud App Security Azure ATP Azure AD Identity Protection Identity protection & conditional access Identity protection Extends protection & conditional access to other cloud apps Microsoft Defender ATP Endpoint Detection, Protection and Response Office ATP Safeguards against malicious threats posed by email messages, links (URLs) and collaboration tools
  • 4. Each physical datacenter protected with world-class, multi-layered protection Secured with cutting- edge operational security • Restricted access • 24x7 monitoring • Global security experts Global cloud infrastructure with custom hardware and network protection Over 100 datacenters across the planet
  • 5. MicrosoftSecurity Advantage $1B annual investment in cybersecurity 3500+ global security experts Trillions of diverse signals for unparalleled intelligence
  • 6.
  • 7. Optimal security, minimal complexity Today’s security is multiple, disjointed, complex products Mail Protection Single Sign On DLP & GDPR Identity Security Apps Security Incident Response Mail Encryption Device Management Endpoint Security Identities Endpoints User Data Cloud Apps Infrastructure Microsoft Threat Protection
  • 8. Microsoft Intune Office 365 Threat Intelligence/ATP P2 Microsoft Defender Advanced Threat Protection Azure Active Directory Office 365 Advanced Threat Protection P1 Microsoft Cloud App Security Azure Security Center Azure Advanced Threat Protection Windows 10 Identities: Validating, verifying and protecting both user and admin accounts User Data: evaluating email messages and documents for malicious content Endpoints: protecting user devices and signals from sensors Infrastructure: protecting servers, virtual machines, databases and networks across cloud and on- premises locations Cloud Apps: protecting SaaS applications and their associated data stores 1 3 2 5 4 Exchange Online Protection SQL ServerWindows Server Linux
  • 9. Microsoft Intune Office 365 Threat Intelligence/ATP P2 Microsoft Defender Advanced Threat Protection Azure Active Directory Office 365 Advanced Threat Protection P1 Microsoft Cloud App Security Azure Security Center Azure Advanced Threat Protection Windows 10 1 3 2 5 4 Endpoints: protecting user devices and signals from sensors User Data: evaluating email messages and documents for malicious content SQL ServerExchange Online Protection Windows Server Linux Infrastructure: protecting servers, virtual machines, databases and networks across cloud and on- premises locations Cloud Apps: protecting SaaS applications and their associated data stores Identities: Validating, verifying and protecting both user and admin accounts
  • 10. Microsoft Intune Office 365 Threat Intelligence/ATP P2 Microsoft Defender Advanced Threat Protection Azure Active Directory Office 365 Advanced Threat Protection P1 Microsoft Cloud App Security Azure Advanced Threat Protection Windows 10 1 3 2 5 4 Endpoints: protecting user devices and signals from sensors Azure Security Center User Data: evaluating email messages and documents for malicious content SQL ServerExchange Online Protection Windows Server Linux Infrastructure: protecting servers, virtual machines, databases and networks across cloud and on- premises locations Cloud Apps: protecting SaaS applications and their associated data stores Identities: Validating, verifying and protecting both user and admin accounts
  • 11. Microsoft Intune Office 365 Threat Intelligence/ATP P2 Microsoft Defender Advanced Threat Protection Azure Active Directory Office 365 Advanced Threat Protection P1 Azure Security Center Azure Advanced Threat Protection Windows 10 1 3 2 5 4 Endpoints: protecting user devices and signals from sensors User Data: evaluating email messages and documents for malicious content SQL Server Microsoft Cloud App Security Windows Server Linux Exchange Online Protection Infrastructure: protecting servers, virtual machines, databases and networks across cloud and on- premises locations Cloud Apps: protecting SaaS applications and their associated data stores Identities: Validating, verifying and protecting both user and admin accounts
  • 12. Microsoft Intune Office 365 Threat Intelligence/ATP P2 Microsoft Defender Advanced Threat Protection SQL Server Azure Active Directory Office 365 Advanced Threat Protection P1 Microsoft Cloud App Security Azure Security Center Azure Advanced Threat Protection Windows 10 1 3 2 5 4 Endpoints: protecting user devices and signals from sensors User Data: evaluating email messages and documents for malicious content Exchange Online Protection Infrastructure: protecting servers, virtual machines, databases and networks across cloud and on- premises locations Cloud Apps: protecting SaaS applications and their associated data stores Windows Server Linux Identities: Validating, verifying and protecting both user and admin accounts
  • 13. Microsoft Intune Office 365 Threat Intelligence/ATP P2 Microsoft Defender Advanced Threat Protection SQL ServerWindows Server Linux Azure Active Directory Office 365 Advanced Threat Protection P1 Microsoft Cloud App Security Azure Security Center Azure Advanced Threat Protection Windows 10 1 3 2 5 4 Endpoints: protecting user devices and signals from sensors User Data: evaluating email messages and documents for malicious content Exchange Online Protection Infrastructure: protecting servers, virtual machines, databases and networks across cloud and on- premises locations Cloud Apps: protecting SaaS applications and their associated data stores Identities: Validating, verifying and protecting both user and admin accounts
  • 14. Identities Endpoints User Data Cloud Apps Infrastructure Users and admins Devices and sensors Email messages and documents SaaS applications and data stores Servers, virtual machines, databases, networks Intelligent Security Graph 6.5 TRILLION signals per day
  • 15. Zero Trust Access Control Strategy Never Trust. Always verify.
  • 16. Corporate Network Geo-location Microsoft Cloud App SecurityMacOS Android iOS Windows Windows Defender ATP Client apps Browser apps Google ID MSA Azure AD ADFS Require MFA Allow/block access Block legacy authentication Force password reset****** Limited access Controls Employee & Partner Users and Roles Trusted & Compliant Devices Physical & Virtual Location Client apps & Auth Method Conditions Machine learning Policies Real time Evaluation Engine Session Risk 3 40TB Effective policy Azure AD conditional access (Zero Trust)
  • 17. Zero Trust Access Control Conditional Access App Control
  • 18. Protect sensitive data on-premises and in the cloud Classification and labeling Classify data based on sensitivity and add labels— manually or automatically. Protection Encrypt your sensitive data and define usage rights or add visual markings when needed. Monitoring Use detailed tracking and reporting to see what’s happening with your shared data and maintain control over it. Microsoft Information Protection
  • 19. Microsoft Threat ProtectionA comprehensive, seamlessly integrated solution providing end-to-end security for your organization. Microsoft 365 Security Center Azure Security Center 3rd party data sources Azure Active Directory Microsoft Defender ATP Office 365 ATP Microsoft Cloud App Security Microsoft Cloud App Security Azure ATP Microsoft Cloud App Security Microsoft Threat Protection automation Microsoft Azure Sentinel Our next generation SIEM Event orchestration Cloud & Hybrid Infrastructure EndpointsIdentities Data & Email Cloud Apps
  • 20.
  • 21. Built-in. Cloud-powered. ⁞ Embedded into Windows 10 ⁞ World class anti-tampering ⁞ Deep data collection & 6m storage ⁞ Best of breed EPP , EDR ⁞ Support for W7/8, non-Windows ⁞ Integrated config mgmt. ⁞ Vulnerability analysis ⁞ Secure score & CA ⁞ Automation ⁞ Cross suite integrations ⁞ Data separation, RBAC ⁞ Cloud expertise
  • 22.
  • 23.
  • 24.
  • 25. 2 1 3
  • 26. Vulnerability Management Isn’t Just Scanners Anymore Continuous Discovery Vulnerable applications and configuration via continuous endpoint monitoring to gain immediate situational awareness Prioritize Context-Aware Prioritization Findings by enriching with threat intelligence sources, business context and crowd wisdom to build an accurate risk report Mitigate Surgical Mitigation & Automated Fix Threats by tailoring a surgical mitigation/fix plan based on organizational risk using Microsoft’s security stack, 1st party and 3rd party partners
  • 27.
  • 28.
  • 29. Network Boundaries SaaS Applications Web Threats and Phishing Anywhere Connectivity
  • 31. Web Threat Protection URL / IP Allow Block Cloud App Security
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 38.
  • 39. Fileless (living-off-the-land) threats Highly sophisticated and human operated Ransomware Legitimate business software used as a weapon Each platform has a unique threat landscape Hardware/firmware attacks are a growing risk Targeted attacks leading to data breaches continue to grow
  • 40.
  • 41.
  • 42. Behavior Monitoring Memory Scanning Command Line Detection AMSI • File System • Boot/Volume • Registry • Process / DLL’s • Network • Code injection • … • Quick Scan • On system events • Ad-hoc requests by BM • Defeats Polymorphism Especially effective against: • LOLBIN • LOLBAS • Obfuscation Instrumentation of: • Javascript • VBScript • Macro • Powershell • WMI • Dotnet ML + Cloud powered! ML + Cloud powered!
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55. Microsoft Defender ATP Microsoft Intune Azure Information Protection Microsoft Secure Score Azure Security Center Orchestrated protection and remediation Azure AD & Conditional Access Microsoft Cloud App Security Microsoft Office 365 A uniquely integrated endpoint protection platform
  • 56. Azure Advanced Threat Protection
  • 57. User Anomalous user behavior Unfamiliar sign-in location Attacker User account is compromised Attacker attempts lateral movement Attacker accesses sensitive data Privileged account compromised Lateral movement attacks Escalation of privileges Account impersonation Attacker steals sensitive data Zero-day / brute-force attack The anatomy of an attack
  • 58. Detect and investigate advanced attacks involving identities across on-premises, cloud and hybrid environments Azure ATP
  • 59. Identify advanced persistent threats before they cause damage Abnormal behavior Malicious attacks Security issues and risks
  • 60. Azure ATP Monitor your on-premises Active Directory with a convenient cloud service Reduce strain and cost in your on- premises environment with analytics done in the cloud Scale your anomalous behavior detections with the power of the cloud Pivot to and remediate a malicious attack in Windows Defender ATP Deploy with ease into your existing infrastructure Benefit from the scale of the cloud Windows Defender ATP
  • 61. Get a clear, efficient, and convenient feed that surfaces the right things on a timeline Enjoy the power of perspective on the “who-what-when-and how” of your enterprise Benefit from detailed information for next steps Focus on what is important using the simple attack timeline
  • 62. Azure Advanced Threat Protection
  • 63. Abnormal resource access Account enumeration Net Session enumeration DNS enumeration SAM-R Enumeration Abnormal working hours Brute force using NTLM, Kerberos, or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request Abnormal VPN Abnormal authentication requests Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash Malicious service creation MS14-068exploit (Forged PAC) MS11-013exploit (Silver PAC) Skeleton key malware Golden ticket Remote execution Malicious replication requests Abnormal Modification of Sensitive Groups Azure Advanced Threat Protection Reconnaissance ! ! ! Compromised Credential Lateral Movement Privilege Escalation Domain Dominance
  • 64. ATP Architecture Alert notifications Access to console - Workspace Management - Workspace portal Parsed network traffic from DCs Azure ATP Sensor Domain Controller Alert notifications to SIEM Windows Defender ATP Events Windows Event Forwarding Domain Controller Port mirroring Alert notifications to SIEM SIEM Azure ATP Azure ATP Standalone Sensor
  • 65. Verwendung von Intelligenz für eine einheitliche Identitätsuntersuchung über On-Premises und Cloud-Aktivitäten hinweg Azure ATP Microsoft Cloud App Security Azure AD Identity Protection
  • 66. Attack timeline Day 1 – 11: Attacker compromises privileged user’s non MFA-enabled account. 1 Day 137 – 143: Attackers create rules on Contoso’s SharePoint and email to automate data exfiltration to a cloud storage solution. 3Day 16 – 218: Attackers perform mailbox searches across Office 365. 2 Day 16 – 163: Attacker uses stolen credentials to VPN into corporate network. 4 Day 163 – 243: Attacker moves laterally throughout organization’s network, compromising privileged credentials 5 COMPROMISED CREDENTIAL EXFILTRATE DATA CONNECTION TO ON-PREM MOVE LATERALLY
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.
  • 84. Office ATP Windows Defender ATP Office 365 Threat Intelligence Automated Detection, Investigation, & Remediation with Microsoft Threat Protection
  • 85.
  • 86.
  • 87.
  • 88.
  • 89.
  • 90.
  • 91.
  • 92.
  • 93.
  • 94.
  • 95. • • • • • Security Operations Center (SOC) Azure Sentinel – Cloud Native SIEM and SOAR
  • 96. Security Operations Center Provide actionable security alerts, raw logs, or both
  • 97. Securing Privileged Access Office 365 Security Rapid Cyberattacks (Wannacrypt/Petya) https://aka.ms/MCRA Video Recording Strategies Office 365 Dynamics 365 +Monitor Azure Sentinel – Cloud Native SIEM and SOAR SQL Encryption & Data Masking Data Loss Protection Data Governance eDiscovery