MDATP & Chocolatey - we Belgians love our Chocolate(y')s

•

2 gostaram•782 visualizações

Take advantage of MDATP to have control over software and other vulnerabilities. But even better, implement Chocolatey in MEM Intune to avoid software exploits and keep your exposure score low!

Tecnologia

We Belgians love our chocolate(y’)s
MDATP
&
CHOCOLATEY

Tim Hermie
• Modern Workplace Architect @Synergics
• Technical Trainer | MCT
• Blog: https://www.cloud-boy.be
• Twitter: @_Cloud_boy

Jasper Bernaers
• Modern Workplace Lead @Synergics
• Microsoft Security enthusiast
• Blog: blog.bernaers.be
• Twitter: @Jasper_be

Agenda
• What is MDATP?
• Why MDATP?
• Why Chocolatey?
• What is Chocolatey?
• How do we deploy Chocolatey?
• Key takeaways
• MDATP + Chocolatey = <3

What is MDATP?
• Microsoft Defender Advanced Threat Protection
• Endpoint security management, cross platform
• Optimized for simplicity - ease of use - while providing flexibility
• Security management is extensible through the rich API set
• Both on-prem and cloud connected devices

Modern Web Protection
Any Device Anywhere Intelligent
MDATP is enabling customers to identify and secure the
connected devices in their enterprise, no matter where users
take their devices or how they connect to the internet.

DEMO
MDATP devices overview.
Threat & Vulnerability Management dashboard overview

Software inventory
Security recommendations
Web threat protection
Cloud App Security
Microsoft Defender ATP – Quick Wins

• Responsible for security
monitoring and reducing risk
• Analyze threats, security
incidents and identify
mitigations
• Priority is on quick
remediation on impacted
devices/users
Sec Ops IT Team

DEMO
MDATP Threat and Vulnerability remediation via Microsoft Endpoint Manager
Create security tasks

Why implementing Chocolatey?
• Different installer formats
• Zips and other archive formats
• Software installers are messy
• How are we handling 3rd party software updates?
• Software management is like the Wild West

Software management
may account for
50 – 90 %
of your automation!

But what is Chocolatey?
• Universal approach
• The power of PowerShell!
• Fancy zip files = “packages”
• Auto updating framework that is customizable
• The story of modern automation for Windows

Community based!
• Community package repository
• Https://www.chocolatey.org/packages
• Community feed
• Community maintained
• Everything goes through VirusTotal

PowerShell
• Easy to deploy
• Deploy Chocolatey agent
• Deploy Auto Upgrade
• Deploy applications
• Can be done all together in 1 PowerShell script
• Can be done in multiple PowerShell scripts
• Not much control!

Win32App
• Easy to deploy
• System requirements
• Device restart behavior
• Detection rules
• Dependencies
• Device install status
• Only need to wrap one IntuneWin file for all your Apps
• powershell -ex bypass -file ChocoInstall.ps1 -package wireshark

DEMO
Accept security task and resolve it with:
- Deploying packages with Microsoft Endpoint Manager = Intune
- Automatically update 3rd party apps

Key takeaways up till now
• Implement MDATP (if your budget allows it)
• Use MDATP to check device vulnerabilities
• Integrate Chocolatey for standard apps
• Deploy Chocolatey apps as W32 apps
• Make ur apps auto-updating with Chocolatey
• Make use of the security tasks feature in MEM Intune

DEMO
Software vulnerabilities on machine with Chocolatey apps
Resolve security task

MDATP + Chocolatey = <3
• Auto updating apps = lower security risk
• Auto updating apps = lower exposure score in MDATP
• Auto updating apps = watching more Netflix

Mais conteúdo relacionado

Mais procurados

4 Modern Desktop - Planning a Modern Desktop Deployment

Andrew Bettany

SC conference - Building AppSec Teams

Dinis Cruz

SecDevOps Risk Workflow - v0.6

Dinis Cruz

DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government

DevSecCon

Learn how to become Microsoft 365 Certified Enterprise Administrator Expert, what exams you should pass, and what is the best certification path for your specific job role and skill sets. Microsoft is changing their exams and certification program and there are a lot of new set of certifications and exams that can be confusing to understand at first. I am going to save you time and effort and explain it all to you in this presentation. After completing this presentation, you will have the knowledge necessary to choose your next exams and get your Microsoft 365 Certified Enterprise Administrator Expert badge. In this presentation you are going to learn: - Overview about the new Microsoft certification Program - What are these new Badges (Fundamental, Associate and Expert) - Which exams to take to get the Microsoft 365 Certified Enterprise Administrator Expert badge? - Which certifications match you job role and years of experience.

Microsoft 365 Certification - How to become Enterprise Administrator Expert

Ammar Hasayen

Software Supply Chain Automation Removes Roadblocks to Rugged DevOps

SeniorStoryteller

Supporting Remote Work While Securing, Governing, and Protecting Your Microso...

Chris Bortlik

CSF18 Azure Information Protection - Albert Hoitingh

NCCOMMS

My livestream for Manning "Microservices with Node.js". In this talk: - An introduction to microservices - Live coding: - Building a simple Node.js microservice from scratch - Creating a Dockerfile, then building and running a Docker image Watch the video on YouTube: https://youtu.be/19xbeFkSdpU My book Bootstrapping Microservices is available from Manning: http://bit.ly/2o0aDsP Follow the author on Twitter for news and updates: @codecapers

Microservices with Node.js - Livestreamed for Manning

Ashley Davis

Developing a Rugged Dev Ops Approach to Cloud Security (Updated)

Sebastian Taphanel CISSP-ISSEP

introduction to Azure Sentinel

Robert Crane

The Cloud promises - Global Azure Bootcamp Paris 2019

Alex Danvy

Overcoming Security Challenges in DevOps

Alert Logic

Securing and Scaling SaaS

guest05bda0

Owasp summit 2017

Dinis Cruz

Cloud services have become firmly established in the working day of many companies. Almost everywhere, initiatives or projects are in progress that deal with the workplace of the future. Windows 10, Intune and Azure Active Directory open up new opportunities for cloud-based management, authentication, and administration. Scenarios such as BYOD and COPE let companies think about how users access business resources and apps.

Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...

Alexander Benoit

AppLocker, Windows Information Protection, Device Guard, Windows Defender Application Guard- there are many ways to secure Windows 10. Not all ways are compatible with Enterprise requirements. In the session, we will have a look at what we are able to do and I will add some experiences from the field about what works well and what doesn’t. In addition, we will check how ConfigMgr can support us.

Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...

Alexander Benoit

Azure saturday 2017 - Protecting cloud identities using ems

Ronni Pedersen

Integrating DevOps and Security

Stijn Muylle

During this session we will look into Windows 10 for the Enterprise. Let’s explore the new management capabilities and choices. Let’s understand the Windows 10 deployment infrastructure and mechanisms. Let’s discover new Windows 10 features and improvements. You are eager to learn about Windows 10 and want to gather early-stage info about this exciting Operating System… ? Well you know what to do! See you there!

Windows 10: all you need to know!

Microsoft TechNet - Belgium and Luxembourg

Mais procurados (20)

4 Modern Desktop - Planning a Modern Desktop Deployment

SC conference - Building AppSec Teams

SecDevOps Risk Workflow - v0.6

DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government

Microsoft 365 Certification - How to become Enterprise Administrator Expert

Software Supply Chain Automation Removes Roadblocks to Rugged DevOps

Supporting Remote Work While Securing, Governing, and Protecting Your Microso...

CSF18 Azure Information Protection - Albert Hoitingh

Microservices with Node.js - Livestreamed for Manning

Developing a Rugged Dev Ops Approach to Cloud Security (Updated)

introduction to Azure Sentinel

The Cloud promises - Global Azure Bootcamp Paris 2019

Overcoming Security Challenges in DevOps

Securing and Scaling SaaS

Owasp summit 2017

Experts Live Europe 2017 - Windows 10 and the cloud - why the future needs hy...

Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...

Azure saturday 2017 - Protecting cloud identities using ems

Integrating DevOps and Security

Windows 10: all you need to know!

Semelhante a MDATP & Chocolatey - we Belgians love our Chocolate(y')s

Do any of these apply to you? - "I've used Chocolatey at home and would like to see how I can use it at work." - "We are already using it in the office and want to validate we are 'doing it right'." - "I'm looking for a better way to manage Windows software." - "You had me at chocolate. Now I'm hungry." Great! Chocolatey makes software management on Windows like slicing through butter with a hot knife. Easy! I'm saying it makes Windows software management easy. Okay, that analogy may not translate well everywhere, but we are going to show you how to make things easier and more manageable. Come learn more about how to set up a full environment in a short amount of time and see some tools that will help you master Windows software management.

Chocolatey for Organizations: Easily Manage Software - PowerShell Summit 2019

Rob Reynolds

In this session, we'll go over different aspects of Chocolatey and how you can use Chocolatey in your organization, including using Chocolatey best practices. This will include a sneak peek at our upcoming Chocolatey Central Management system. You can register to see the slides and demos that we will present (without AV) by registering at https://zoom.us/webinar/register/WN_egw7X1PJTFiKbZ4EegSKGw. If you don't have a laptop, sit next to someone that does during the session.

Chocolatey - Software Automation for Windows (and sneak peak of Central Mana...

Rob Reynolds

Automating software management is simple on almost every platform except Windows. Managing software deployments and upgrades typically entails manual, homegrown, or legacy approaches. We've seen more modern approaches to managing systems, sometimes called 'DevOps'. Behind every great modern automation approach out there is a great package manager. Windows has long been left out of the conversation for DevOps due to a lacking solution for package management. Worse, with Windows, over 80% of the management and configuration deals with software installation management. However, over the past 6 years, Chocolatey has become the de facto software management solution for Windows. Hundreds of organizations have turned to Chocolatey due to it is extreme flexibility, common sense approaches, and building on well-known technologies like PowerShell. Chocolatey is a universal approach designed to easily work with all aspects of managing Windows software using a packaging framework that understands both versioning and dependency requirements. Chocolatey packages encapsulate everything required to manage a particular piece of software into one deployment artifact by wrapping installers, executables, zips, and scripts into a compiled package file. Chocolatey integrates with your favorite infrastructure management platforms, including Puppet, Chef, SCCM, and PowerShell DSC. PowerShell Desired State Configuration (DSC) has been gaining traction as a Configuration Management framework. We'll take a closer look at configuring and using Chocolatey with DSC.

Chocolatey + DSC = Software Automation Sweeter - PowerShell Day UK

Rob Reynolds

Traditional approaches to software management on Windows can be manual or inefficient. Chocolatey was designed as a common sense, flexible approach to managing software on Windows, both internal and 3rd party. Chocolatey is a single, unified interface designed to easily work with all aspects of managing Windows software using a packaging framework that understands both versioning and dependency requirements. Chocolatey packages encapsulate everything required to manage a particular piece of software into one deployment artifact by wrapping installers, executables, zips, and scripts into a compiled package file. Configuration management alone without a great package manager will only get you so far. Putting package management with configuration management (Puppet) makes an awesome story for Windows automation! Come learn more about Chocolatey and how we are taking Windows to the next level for automation.

Modern Software Management on Windows with Chocolatey and Puppet

Rob Reynolds

PuppetConf 2017: Modern Software Management on Windows with Chocolatey and Pu...

Puppet

Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...

PranavPatil822557

Webinar Description: Chocolatey is software management automation for Windows, Artifactory is a great solution for all types of internal repositories. Put the two together and you have a sweet solution for managing software on Microsoft Windows systems. Join this webinar to learn how organizations deploy Chocolatey and software with zero internet access managing all aspects of software for Windows, whether 3rd party installers, internal software, zip archives, or configuration of some sort. Chocolatey and Artifactory are an extremely reliable and flexible solution to your Windows software needs. Who should attend: Developers and DevOps engineers who are interested to learn more about Chocolatey and JFrog Artifactory for software management. The Agenda Overview of JFrog Artifactory Overview of Chocolatey Integration & Use Case Demo and Q&A

Chocolatey + Artifactory = A Sweet Solution for Managing Windows

Rob Reynolds

Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...

Puppet

The great cyber security expert Sami Laiho returned as a keynote speaker with the theme of Zero Trust, but this time from the point of view of securing endpoint applications. Sami Laiho is an internationally renowned and recognized specialist in access rights and endpoint security. In this webinar, Laiho and Centero's Juha Haapsaari discussed the Zero Trust model and securing endpoint applications – even in environments of over 100,000 workstations. These are some of the themes we covered: • How to ease your workload with allow-listing. • Is allow-listing difficult? (A hint: it is not.) • Implementing AppLocker to trim down your application portfolio. • Restricting admin rights to control your IT environment. • Managing and updating applications after allow-listing operations. Zero Trust is a new paradigm for cyber security in organizations. Modern IT environments are complex by nature, and both users and devices are constantly on the move. Traditional methods are not sufficient to properly secure this kind of environment, and that’s where Zero Trust comes in.

Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021

Teemu Tiainen

Troubleshooting The Modern Managed Client - Workplace Nijna Summit 2020

Ronni Pedersen

MAUI.pptx

Udaiappa Ramachandran

Azure mobile services

Nicolò Carandini

C days2015

Nuno Loureiro

DevSecCon London 2017: when good containers go bad by Tim Mackey

DevSecCon

System Security on Cloud

Tu Pham

PowerShell, the must have tool for administrators, and the long overlooked security challenge. See Kieran Jacobsen present how PowerShell, with its deep Microsoft platform integration can be utilised by an attack to become a powerful attack tool. Learn how an attacker can move from a compromised workstation to a domain controller using PowerShell and WinRM whilst learning how to defend against these attacks.

Lateral Movement with PowerShell

kieranjacobsen

IBM Multicloud Management on theOpenShift Container Platform

Michael Elder

Automating software management is simple on almost every platform except Windows. Managing software deployments and upgrades typically entails manual, homegrown, or legacy approaches. We’ve seen more modern approaches to managing systems, sometimes called “DevOps”. Behind every great modern automation approach out there is a great package manager. Windows has long been left out of the conversation for DevOps due to a lacking solution for package management. Worse, with Windows, over 80% of the management and configuration deals with software installation management. However over the past 6 years, Chocolatey has become the de facto software management solution for Windows. Hundreds of organizations have turned to Chocolatey due to it’s extreme flexibility, common sense approaches, and building on well-known technologies like PowerShell. Chocolatey is a single, unified interface designed to easily work with all aspects of managing Windows software using a packaging framework that understands both versioning and dependency requirements. Chocolatey packages encapsulate everything required to manage a particular piece of software into one deployment artifact by wrapping installers, executables, zips, and scripts into a compiled package file. Chocolatey integrates with your favorite infrastructure management platforms, including Puppet, Chef, SCCM, and PowerShell DSC.

Modern Software Management on Windows w/Chocolatey - That Conference 2017

Rob Reynolds

Software Engineering - chp8- deployment

Lilia Sfaxi

Ibm bluemix paris_techtalks 2015

IBM_cloud_ecosystem_development_france

Semelhante a MDATP & Chocolatey - we Belgians love our Chocolate(y')s (20)