Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Ignite /18/2019 7:21 AM

Published byStephen Pitts Modified over 5 years ago

Similar presentations

Presentation on theme: "Microsoft Ignite /18/2019 7:21 AM"— Presentation transcript:

1 Microsoft Ignite 2016 1/18/2019 7:21 AM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Anatomy of an attack: Defending yourself in the Office 365 Cloud
1/18/2019 7:21 AM Anatomy of an attack: Defending yourself in the Office 365 Cloud Brandon Koeller Principal Program Manager Lead © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Agenda Takeaways Attack stages Recon Initial breach
1/18/2019 7:21 AM Agenda Takeaways Attack stages Recon Initial breach Elevation of privilege Entrenchment Exfiltration Wrap-up © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Takeaways How will an attacker try to get my data?
1/18/2019 7:21 AM Takeaways How will an attacker try to get my data? What can I do to protect myself in the O365 Cloud? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Elevation of Privilege
1/18/2019 7:21 AM Attack stages Recon Initial Breach Elevation of Privilege Entrenchment Exfiltration © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Attack: Recon Who is my target? Is the target company in O365?
1/18/2019 7:21 AM Attack: Recon Who is my target? Is the target company in O365? What data am I looking to acquire? Which user account do I need to acquire? Demo: Maltego Teeth Demo: Google Dorking © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 1/18/2019 7:21 AM Defend: Recon How do you prevent someone from discovering information about you and your company? You can’t. Think like an attacker and recon yourself! Google Dorking. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Attack: Initial breach
1/18/2019 7:21 AM Attack: Initial breach Password spray Brute force Social engineering, phishing Password re-use Demo: Mailsniper password spray with guessed usernames © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Defend: Initial breach
1/18/2019 7:21 AM Defend: Initial breach Best defense is a good offense. Attack yourself. MFA Disabling Basic Auth Failed Logon Policies Phishing protections Demo: Threat Finder © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Attack: Elevation of privilege
1/18/2019 7:21 AM Attack: Elevation of privilege Enumerate directory Find admins Password spray until you win Demo: Directory enum, admin role enum, mailsniper password spray admins © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Defend: Elevation of privilege
1/18/2019 7:21 AM Defend: Elevation of privilege MFA Least privilege Just in time access Alt accounts Demo: Monitoring admin activity © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Attack: Entrenchment Creating alt accounts Impersonation
1/18/2019 7:21 AM Attack: Entrenchment Creating alt accounts Impersonation Delegate permissions Demo: Injecting mail forwarding rules, delegates, impersonation, forms © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Defend: Entrenchment Monitoring is the key.
1/18/2019 7:21 AM Defend: Entrenchment Monitoring is the key. Prevent mail forwarding rules via secure score. Demo: Mail forwarding rules prevention via secure score Demo: Get-AllTenantRulesAndForms.ps1 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Attack: Exfiltration Accounts are access
1/18/2019 7:21 AM Attack: Exfiltration Accounts are access Exfiltration mostly by smash and grab (after lengthy recon) Demo: Impersonation, global mail search via Mailsniper © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 1/18/2019 7:21 AM Defend: Exfiltration Protect your highest sensitivity data with data classification, DLP, IRM, etc. Monitor for things like cross-mailbox search queries. Monitor for gateway mechanisms like impersonation. Demo: Cloud App Security © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Wrap-up Data and visibility is key.
1/18/2019 7:21 AM Wrap-up Data and visibility is key. Enable your audit data feed. Risks spread across hybrid and multi-cloud. Threat scenarios are generic, protections are specific. Cloud services still leave you with core security accountabilities. Plan, implement, test. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 1/18/2019 7:21 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Ignite /18/2019 7:21 AM"

Similar presentations

Protect communications Conditions Actions Exceptions Conditions Actions Exceptions.

Protect communications Conditions Actions Exceptions Conditions Actions Exceptions.
Reduce Risk Across Hybrid IT

Reduce Risk Across Hybrid IT
Reduce Risk Across Hybrid IT

Reduce Risk Across Hybrid IT
LOCAL CLOUDINESS Dino Buljubašić Rijad Smajlović

LOCAL CLOUDINESS Dino Buljubašić Rijad Smajlović
A Hitchhiker's Guide to Azure Active Directory

A Hitchhiker's Guide to Azure Active Directory
Stay Ahead of Cyberattacks with Office 365 Threat Intelligence

Stay Ahead of Cyberattacks with Office 365 Threat Intelligence
“Introduction to Azure Security Center”

“Introduction to Azure Security Center”
Identity & Access Management for a cloud-first, mobile-first world

Identity & Access Management for a cloud-first, mobile-first world
Journey to Microsoft Secure Cloud

Journey to Microsoft Secure Cloud
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
SaaS Application Deep Dive

SaaS Application Deep Dive
Azure AD for the client management guy (or gal!)

Azure AD for the client management guy (or gal!)
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Microsoft 2016 6/20/2018 9:26 AM BRK1037 Win the IT security battle: automate password changes, privileged access & Minimize Cyber Losses Christopher.

Microsoft /20/2018 9:26 AM BRK1037 Win the IT security battle: automate password changes, privileged access & Minimize Cyber Losses Christopher.
Microsoft 2016 6/20/2018 9:26 AM THR2063 Automate password changes for Windows Services, Administrator, Root Accounts & SSH Keys Jonathan Sander Lieberman.

Microsoft /20/2018 9:26 AM THR2063 Automate password changes for Windows Services, Administrator, Root Accounts & SSH Keys Jonathan Sander Lieberman.
6/22/2018 11:39 PM BRK3137 Secure Office 365 like a cybersecurity pro: Top priorities for the first 30 days, 90 days and beyond Mark Simos, Matt Kemelhar.

6/22/ :39 PM BRK3137 Secure Office 365 like a cybersecurity pro: Top priorities for the first 30 days, 90 days and beyond Mark Simos, Matt Kemelhar.
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Microsoft 2016 7/1/2018 5:38 PM Send secure email to anyone with the power of Office 365 and  Azure Information Protection Gagan Gulati Ian Hameroff.

Microsoft /1/2018 5:38 PM Send secure to anyone with the power of Office 365 and  Azure Information Protection Gagan Gulati Ian Hameroff.
Understanding Multi-Geo Capabilities in Office 365

Understanding Multi-Geo Capabilities in Office 365
Protect sensitive information with Office 365 DLP

Protect sensitive information with Office 365 DLP

Similar presentations

Ads by Google