Azure Operation Management Suite - security and compliance
•Transferir como PPTX, PDF•
2 gostaram•662 visualizações
Today’s IT Security and Operations teams are tasked with managing highly complex, hybrid-cloud, cross-platform systems which are increasingly vulnerable to a growing number of sophisticated cyber-attacks. With this, IT Operations teams have a requirement to identify any threats to their environment as soon as possible to mitigate damages, as well as continue to cost-effectively meet SLAs.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (20)
Semelhante a Azure Operation Management Suite - security and compliance
Semelhante a Azure Operation Management Suite - security and compliance (20)
Último
Último (20)
Azure Operation Management Suite - security and compliance
- 1. OMS Security Asaf Nakash CTO & P-TSP Azure Microsoft MVP Asaf@cloudvalley.io 054-9700780 Any cloud Any platform Cybersecurity Meetup
- 2. Threats are on the rise Environments are more complex Security talent is scarce
- 3. Why Security within IT Operations? Issue: ‘IT Operations is responsible for managing datacenter infrastructure, applications, and data, including the stability and security of these systems. However, gaining security insights across increasing complex IT environments often requires organizations to cobble together data from multiple security and management systems - I need a solution that provides me with actionable security insights for all my datacenter resources.’ With OMS, • You can enable both IT ops and security professionals to effectively monitor your entire environment for security vulnerabilities and active threats – all within the context of operations management.
- 4. Holistic Security Intelligent Detection Rapid Investigation Detect Security Risks and Threats Across Your Environment
- 6. Holistic Security Posture Issue: ‘Understanding the security posture of my hybrid-cloud environments is time- consuming, especially as these environments are changing rapidly.’ With OMS, • Quickly and easily understand the overall security posture of any environment, all within the context of IT Operations, including: software update assessment, antimalware assessment, and configuration baselines. Furthermore, security log data is readily accessible to streamline security and compliance audit processes.
- 7. AuditOngoing AssessmentCross-Platform • Actionable security insights – network, identity, servers, … • Prioritized notable issues • Central collection of all security data • Export to Excel and PowerBI or via API for reporting • Data retention • Windows and Linux • On premises, Azure, AWS • Microsoft and 3rd party security solutions Holistic Security Posture
- 8. Antimalware and Update Assessments • Missing updates • Antimalware Assessments • Malware reports
- 9. Identity and Access • Failed Logons • Password changes • Current activity
- 10. Baseline Assessment • Over 180 recommended security configurations • Correlation with Microsoft best- practices
- 11. Notable Issues • Included common issues • Customizable • Severity and priority
- 12. Security Audit • Easily accessible security event logs • Searchable, actionable • Exportable via API
- 14. Threat Detection Issue: ‘Cyber attacks are increasingly common and complex. Timely detection of attacks and breaches is critical to defending your environment’ With OMS, • You can leverage the power of Microsoft’s continuously updated security intelligence to detect threats sooner and more accurately – across your entire environment.
- 15. Continuous InnovationSecurity AnalyticsThreat Intelligence • Rule-based detections • Server and network behavioral analytics • Anomaly detections • Ongoing threat monitoring • Validation and tuning • Automatic updates to detection algorithms • Intelligent security graph • Global threat database • Specialized security teams Intelligent Detection
- 16. Threat Intelligence • Microsoft security intelligence and leading intelligence vendors • Detects communication to known malicious IP addresses
- 17. Security Analytics • Behavioral analytics • Event correlation • Continuously updated
- 19. Threat Investigation Issue: ‘Determining the nature and source of a security threat or breach is critical to mitigating damage to the business, but is very difficult without leveraging intelligence from security experts or the tools to cross reference data across security domains, and time is critical’ With OMS, • You can leverage the power of Microsoft’s security intelligence, as well as the tools to search across your environment, to accelerate a comprehensive investigation.
- 20. AutomationThreat IntelligenceSearch • Geo tagging and interactive maps • Threat intelligence reports • OMS automation capabilities• Easy search of all security and operational data Rapid Investigation
- 21. Search • Rapid search across all operations and security data
- 22. Threat Intelligence • Interactive map • Built-in reports with insight into attacker’s know techniques and objectives
- 23. • Repeatable plans • Order sequencing • Customizable checkpoints • Multi-platform support • Community gallery • Partner ecosystem • Ready-made runbooks • Anywhere triggers • Native webhooks Integrated solutions Orchestrated recovery OMS Automation Automated remediation
- 24. DATA CLOUD & DATACENTER APPLICATIONS ENDPOINTS IDENTITYDATA ENDPOINTS (Devices) IDENTITYCLOUD & DATACENTER APPLICATIONS (SaaS) Rights Management Services Information Protection Device Guard Credential Guard Intune Windows Hello Windows Defender & ATP Azure AD Identity Protection Advanced Threat Analytics OMS Security Azure Security Center Cloud App Security Advanced Threat Protection
- 25. © 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Notas do Editor
- Security Challenges: Threats are on the rise 160 million records exposed 229 days between compromise and detection $3 MILLION of cost/business impact per breach a new approach is required Environments are more complex hybrid, multi-cloud, hereogeneous, IaaS+PaaS more than 30 security solutions increasingly distributed and physical networks no longer define the perimeter IT security talent is scarce noisy alerts that have to be triaged, investigated, mitigated lack of security expertise, especially as it relates to the cloud Today’s IT Security and Operations teams are tasked with managing highly complex, hybrid-cloud, cross-platform systems which are increasingly vulnerable to a growing number of sophisticated cyber-attacks. With this, IT Operations teams have a requirement to identify any threats to their environment as soon as possible to mitigate damages, as well as continue to cost-effectively meet SLAs.
- OMS Security provides an effective and easy-to-use cloud solution to detect security threats to an entire IT environment, from on-premises to cloud, and running both Windows and Linux OS. With OMS Security, Microsoft has enabled IT Operations and Security teams to more quickly and easily understand overall security posture and detect and investigate security threats all within the context of IT Operations. OMS customers are able to leverage Microsoft’s own security data and analysis to perform a more intelligent and effective threat detection solution. With this intelligent threat detection, as well as guided investigations of security breaches and easily searchable security audit data, OMS Security enables customers to greatly mitigate damages when an attack takes place, and prevent damages to the business.
- OMS Security provides an effective and easy-to-use cloud solution to detect security vulnerabilities and threats to an entire IT environment, from on-premises to cloud, and running both Windows and Linux OS. With OMS Security, Microsoft has enabled IT Operations and Security teams to more quickly and easily understand overall security posture and detect and investigate security threats all within the context of IT Operations. OMS customers are able to leverage Microsoft’s own security data and analysis to perform a more intelligent and effective threat detection solution. With this intelligent threat detection, as well as guided investigations of security breaches and easily searchable security audit data, OMS Security enables customers to greatly mitigate damages when an attack takes place, and prevent damages to the business.
- With OMS Security and Audit, customers are enabled to quickly and easily understand the overall security posture of their entire environment regardless of platform and from on-prem to cloud. This includes a comprehensive overview status of security updates, anti-malware patches, as well as security threat detection. The holistic approach to security posture enables IT operations to trigger investigation and audit directly, and in a comprehensive manner.
- Update Assessments: Applying the most recent security updates is a security best practice and it should be incorporated in your update management strategy. Microsoft Monitoring Agent service (HealthService.exe) reads update information from monitored computers and then sends this updated information to the OMS service in the cloud for processing. The Microsoft Monitoring Agent service is configured as an automatic service and it should be always running in the target computer. Antimalware Assessment: The new solution will also be able to detect all types of antimalware software using the Windows Security Center APIs. This covers most antimalware software that is running on Windows clients and Windows Servers that enabled their desktop experience. Datacenter and Standard editions of Windows Server 2016 will have Windows Security Center enabled by default. Using this mechanism, the solution will be able to detect the protection status of every antimalware that register its existence using this API which is the common practice by most antimalware vendors.
- Identity and access: Identity should be the control plane for your enterprise, protecting your identity should be your top priority. While in the past there were perimeters around organizations and those perimeters were one of the primary defensive boundaries, nowadays with more data and more apps moving to the cloud the identity becomes the new perimeter. By monitoring your identity activities you will be able to take proactive actions before an incident takes place or reactive actions to stop an attack attempt. The Identity and Access dashboard provides you an overview of your identity state, including the amount of failed attempts to logon, the user’s account that were used during those attempts, accounts that were locked out, accounts with changed or reset password and currently amount of accounts that are logged in.
- Assess the security configuration of your servers compared to standard security configuration baseline OMS Security Baseline automatically checks over 180 configurations of security best practices, and provides details and instructions for remediation of detects security configurations and setting
- Notable Issues: highlights notable security issues. Administrators should be aware of and examine these issues. Some issues are common, such as standard configuration changes that can occur as part of the normal business cadence. Others are rare events that might indicate a malicious activity, such as detecting a security log deletion. OMS Security and Audit solution has lots of built-in notable issues. While they are a good start, many organizations might like to extend and add their own notable issues that represent their specific logic or unique set of priorities
- Like security attacks, Security Audits happen; and they can be very trying on resources of IT Operations and Security teams. As OMS is in born in the cloud, the ability to access, search and correlate data quickly is vital to the audit process. With OMS Security, you will have all of the data required to supply an audit quickly and easily.
- OMS Security provides an effective and easy-to-use cloud solution to detect security threats to an entire IT environment, from on-premises to cloud, and running both Windows and Linux OS. With OMS Security, Microsoft has enabled IT Operations and Security teams to more quickly and easily understand overall security posture and detect and investigate security threats all within the context of IT Operations. OMS customers are able to leverage Microsoft’s own security data and analysis to perform a more intelligent and effective threat detection solution. With this intelligent threat detection, as well as guided investigations of security breaches and easily searchable security audit data, OMS Security enables customers to greatly mitigate damages when an attack takes place, and prevent damages to the business.
- Detection: OMS Security and Audit enables customers to detect threats earlier by leveraging Microsoft security intelligence of behavioral analytics, anomaly detection and fusion (connecting the dots) – all based in data analysis from servers and VMs, network traffic, PaaS services, SaaS, partner solutions, and more. Customers can use things like operational intelligence and knowledge of attack methods used to target specific kinds of resources as well as advanced analytics and integrated threat intelligence to detect security threats sooner and more accurately. Investigation and Recomendation: With the ability to identify threats and understand the scope and repercussions of security threats and attacks, OMS Security enables customers (even non-Security experts) to mitigate the damages of security breaches before they become more wide-spread. OMS customers can use features such as: guided investigations based on advanced statistical and machine learning techniques; visual interactive kill-chain map; rapid investigation using ad hoc search, and visual correlations to determine malicious activities and develop threat context and track attacker steps.
- Microsoft runs the biggest cloud services in the world, enabling us to achieve a unique view of the threat landscape. The insights we derive, informed by trillions of signals from billions of sources, create an intelligent security graph that we use to inform how we protect all endpoints, better detect attacks and accelerate our response. We know, for example, where attacks came from and able to identify malicious IP addresses. Our goal is to enable our customers to benefit from this knowledge to protect their resources. The new threat intelligence section of the Security and Audit solution visualizes the possible attack patterns in several ways: the total number of servers with outbound malicious IP traffic, the malicious threat type and a map that shows where these IPs are coming from. You can interact with the map and click on the IPs for more information. Yellow pushpins on the map indicate incoming traffic from malicious IPs. It is not uncommon for servers that are exposed to the internet to see incoming malicious traffic, but we recommend reviewing these attempts to make sure none of them was successful. These indicators are based on IIS logs, WireData and Windows Firewall logs. Red pushpins on the map indicate outbound traffic from your servers to malicious IP addresses. This is less common and should be carefully examined. It means that someone or something on your servers is contacting suspicious destinations on the internet. This might be the result of a compromised machine communicating to a command and control center or exfiltration of data. Outbound traffic data is based on Windows Firewall and WireData logs. Response/ Mitigation: One of the steps of a security incident response process is to identify the severity of the compromise system(s). In this phase you should perform the following tasks: Determine the nature of the attack Determine the attack point of origin Determine the intent of the attack. Was the attack specifically directed at your organization to acquire specific information, or was it random? Identify the systems that have been compromised Identify the files that have been accessed and determine the sensitivity of those files
- OMS Security provides an effective and easy-to-use cloud solution to detect security threats to an entire IT environment, from on-premises to cloud, and running both Windows and Linux OS. With OMS Security, Microsoft has enabled IT Operations and Security teams to more quickly and easily understand overall security posture and detect and investigate security threats all within the context of IT Operations. OMS customers are able to leverage Microsoft’s own security data and analysis to perform a more intelligent and effective threat detection solution. With this intelligent threat detection, as well as guided investigations of security breaches and easily searchable security audit data, OMS Security enables customers to greatly mitigate damages when an attack takes place, and prevent damages to the business.
- Detection: OMS Security and Audit enables customers to detect threats earlier by leveraging Microsoft security intelligence of behavioral analytics, anomaly detection and fusion (connecting the dots) – all based in data analysis from servers and VMs, network traffic, PaaS services, SaaS, partner solutions, and more. Customers can use things like operational intelligence and knowledge of attack methods used to target specific kinds of resources as well as advanced analytics and integrated threat intelligence to detect security threats sooner and more accurately. Investigation and Recomendation: With the ability to identify threats and understand the scope and repercussions of security threats and attacks, OMS Security enables customers (even non-Security experts) to mitigate the damages of security breaches before they become more wide-spread. OMS customers can use features such as: guided investigations based on advanced statistical and machine learning techniques; visual interactive kill-chain map; rapid investigation using ad hoc search, and visual correlations to determine malicious activities and develop threat context and track attacker steps.
- You can act alerts through pre-defined runbooks or Webhooks, that can be triggered from Azure or locally from your own datacenters You can orchestrate disaster recovery and backups with proper planning and automated scripts customized to your needs You can leverage an ecosystem of partners and third party vendors, in addition to first-party Microsoft provided automation scripts