Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stay Ahead of Cyberattacks with Office 365 Threat Intelligence

Published byElfreda Whitehead Modified over 6 years ago

Similar presentations

Presentation on theme: "Stay Ahead of Cyberattacks with Office 365 Threat Intelligence"— Presentation transcript:

1 Stay Ahead of Cyberattacks with Office 365 Threat Intelligence
5/20/ :35 AM BRK3126 Stay Ahead of Cyberattacks with Office 365 Threat Intelligence Phil Newman, Stu Clark, and John Engels Program Managers on Office 365 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Office 365 Information Protection Areas of Focus
Identity & access management Office 365 Information Protection Areas of Focus Threat protection Intelligence powered insights Reduce total cost of ownership Protection beyond Office 365 Platform Information protection Security management Compliance solutions

3 Evolution of the threat landscape Proactive defense
5/20/ :35 AM Evolution of the threat landscape Proactive defense Efficient investigation and response People-centric detections & cloud intelligence Broadening out Office 365 visibility © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Evolution of the threat landscape
5/20/ :35 AM Evolution of the threat landscape © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 82,000 225 $4 million A LANSCAPE OF GROWING AND COSTLY THREATS
cyber incidents impacting global organizations1 225 Organizations impacted DAILY1 $4 million cost per breach

6 The Threat Landscape Grows Because Attackers Have the Edge
209 Hours spent hacking one system1 Who to target in attacks… What type of attack to launch… When to launch an attack… Hackers How often to attack… Unprepared and reactive Who is attacking them… What type of attacks are happening… When attackers strike… Analysts How often do attacks occur…

7 Ransom payment from user ($$) Database exfiltration ($$$$)
Microsoft Ignite 2016 5/20/ :35 AM Attack Progression Ransom payment from user ($$) Database exfiltration ($$$$) Stolen credentials ($) Steal OneDrive for Business files ($$) Phish URL click Explore SPO to find files Spear-phish Phish mail Insider sells data ($$$$) Commodity Targeted Advanced Persistent Threat Attack Severity (business impact) © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Ultimately helping you reduce your IT Burden and Costs
Before breach During breach Post breach Reputation loss/ Brand damage Litigation costs Time to discovery Lost business/Sales Business disruption Staffing Infected assets Security products Maintenance Level of Cost

9 Behind the attack Attacker
5/20/ :35 AM Behind the attack Attacker Goal: Get a large wire transfers from the victim company Plan: Infiltrate corporate accounts, move around in the org, learn about internal process, use impersonation and social engineering to get someone in finance to push out the transfer © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Behind the attack Attacker Jack Phish 5/20/2018 11:35 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Behind the attack Attacker Jack Approves vendor payments up to $25k
5/20/ :35 AM Behind the attack Attacker Jack Approves vendor payments up to $25k Jill Manages vendor payments Bob © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Behind the attack Attacker Jack Jill Jill Phish Bob Bob
5/20/ :35 AM Behind the attack Attacker Jack Jill Jill Phish Bob Bob © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Behind the attack Attacker Jack Jill Jill Phish Bob Bob
5/20/ :35 AM Behind the attack Attacker Jack Jill Jill Phish Bob Bob © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Behind the attack Attacker Jack Jill Bob 5/20/2018 11:35 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Behind the attack Attacker Jack
5/20/ :35 AM Behind the attack Attacker Jack Jill Bob Approves transfers using an automated workflow Creates the payment requests that Jill approves Tuesdays © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Behind the attack Attacker Payment request (as Bob) Jack Jill
5/20/ :35 AM Behind the attack Attacker Jack Payment request (as Bob) Jill Bob Suppress notifications with inbox rule Approve request and trigger automated payment (as Jill) Repeat every Tuesday © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Proactive defense 5/20/2018 11:35 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Ensuring you have end to end capabilities
5/20/ :35 AM Ensuring you have end to end capabilities Identify Threats across your users, from current threats Explore Relationships learn who is exposing you TAKE ACTIONS TO IMPROVE SECURITY POSTURE Simulate Attacks run benign realistic attacks, before being the victim of one © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 What makes a good attack?
5/20/ :35 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Phish Autopsy – not all Phish are equal
5/20/ :35 AM Open relays, or compromised mailboxes make for easy foot-ins. Believable spoofed sender, increases success exponentially. CID tags!, part of the message itself, does not appear as attachment. URL obfuscation compounds the problem. Attackers not afraid to spend for believability. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 What if you could do that yourself?
5/20/ :35 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Demo Attack simulator 5/20/2018 11:35 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Efficient investigation and response
5/20/ :35 AM Efficient investigation and response © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Threat Intelligence Enables You to Gain Perspective of the Threat Landscape
Mail Metadata Malware Phish Spoof Machine infections TI Sources GeoIP Threat indicators Information Activity Audit activities Click trace DLP hits Insight/Analysis Recommendations/ Cyber-Defense

25 Office 365 Threat Intelligence is built on breadth & depth of signal
1+ billion Windows devices updated 200+ global cloud consumer and commercial services 450 billion monthly authentications 18+ billion Bing web pages scanned 400 billion s analyzed each month Very few organizations benefit from such a large customer install base

26 Signals are shared across our integrated platforms and services
1 billion Windows devices updated 450 billion Microsoft Azure user authentications 400 billion Office s analyzed Strengthening each platform and service through information sharing

27 Demo Phishing attack response Investigating risky activity
5/20/ :35 AM Demo Phishing attack response Investigating risky activity © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 People-centric detections & cloud intelligence
5/20/ :35 AM People-centric detections & cloud intelligence © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 How do you know your business is targeted?
5/20/ :35 AM How do you know your business is targeted? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Threat Intelligence identifies when you are at risk
5/20/ :35 AM Threat Intelligence identifies when you are at risk Global impact of campaign Your company © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Demos Tracking attacks 5/20/2018 11:35 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Finding patterns out of attacks
5/20/ :35 AM Finding patterns out of attacks Directors Phoenix Finance © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 People-centric Analysis
5/20/ :35 AM People-centric Analysis Threat Intelligence integrates with Azure Active Directory for richer analysis, insights, and investigations Targeted attack analysis on: Group Title Location Classification/Tag Enriched user data for investigation: Group Title Location Classification/Tag UPN User’s name © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 Demos Targeted attack detection Protecting VIP users
5/20/ :35 AM Demos Targeted attack detection Protecting VIP users © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 Broadening out Office 365 visibility
5/20/ :35 AM Broadening out Office 365 visibility © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Enriching Office 365 Security Intelligence Coverage
Enriched Service Coverage for Intelligence + & Enriched Data Coverage for Intelligence Phish/malicious URLs Risky content activity Admin activity Data Classification Risky user activity User Classification Malware Spam +

37 Demos SPO ATP malware/content activity 5/20/2018 11:35 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 Analysis and Insights are powered by Microsoft Machine learning & AI
Continuously enhanced security through integration and signal strength Powerful machine learning algorithms to help mitigate phishing campaigns Security insights based on threat patterns and user behavior

39 Office 365 Threat Intelligence
Broad Visibility Rich Insights Proactive Defense & Response Billions of data points from Office, Windows, and Azure customers + 3rd parties Intuitive dashboards with drill-down capabilities AI to enable adaptive security policies and best practices

40 To hear more on new Office 365 Information Protection features…
5/20/ :35 AM To hear more on new Office 365 Information Protection features… BRK3082 – Anti-phishing with Office 365 Advanced Threat Protection Today at 4:00 in W304 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

41 Please evaluate this session
Tech Ready 15 5/20/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 Thank You Phil, John, and Stu 5/20/2018 11:35 AM Icons from icons8.com
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

43

Download ppt "Stay Ahead of Cyberattacks with Office 365 Threat Intelligence"

Similar presentations

Success through People with LinkedIn and O365

Success through People with LinkedIn and O365
9/12/2018 6:21 PM BRK2203 Protect and control your sensitive emails with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.

9/12/2018 6:21 PM BRK2203 Protect and control your sensitive s with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.
Successfully migrate existing databases to Azure SQL Database

Successfully migrate existing databases to Azure SQL Database
How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!

How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!
Cloud Security IS Application-Centric Security

Cloud Security IS Application-Centric Security
THR2099 What to do BEFORE all hell breaks loose: Building a modern cybersecurity strategy.

THR2099 What to do BEFORE all hell breaks loose: Building a modern cybersecurity strategy.
Microsoft 2016 6/4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,
6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee Welly.Lee@microsoft.com.

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Actiance Governance for Microsoft

Actiance Governance for Microsoft
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Office 365 Groups Governance and Compliance

Office 365 Groups Governance and Compliance
Do more with Microsoft Word and Office 365

Do more with Microsoft Word and Office 365
Decoding audit events in Microsoft Office 365

Decoding audit events in Microsoft Office 365
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
What a Real, Functioning DevOps Team Looks Like

What a Real, Functioning DevOps Team Looks Like
Protect sensitive information with Office 365 DLP

Protect sensitive information with Office 365 DLP
8/6/2018 3:21 AM THR2261 Groups, and Teams and Sites, Oh My! The Ultimate Office 365 Groups Teardown John Peluso SVP Product Strategy, AvePoint Inc. Microsoft.

8/6/2018 3:21 AM THR2261 Groups, and Teams and Sites, Oh My! The Ultimate Office 365 Groups Teardown John Peluso SVP Product Strategy, AvePoint Inc. Microsoft.

Similar presentations

Ads by Google