Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Ignite /16/2017 4:54 PM

Published bySpencer Norris Modified over 9 years ago

Similar presentations

Presentation on theme: "Microsoft Ignite /16/2017 4:54 PM"— Presentation transcript:

1 Microsoft Ignite 2015 4/16/2017 4:54 PM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 BRK3870 How to protect your corporate from advanced attacks: Microsoft Advanced Threat Analytics Preview Demi Albuz Benny Lakunishok

3 75%+ $500B $3.5M 200+ Sobering statistics
4/16/2017 4:54 PM Sobering statistics 200+ The median # of days that attackers reside within a victim’s network before detection 75%+ of all network intrusions are due to compromised user credentials $500B The total potential cost of cybercrime to the global economy $3.5M The average cost of a data breach to a company The frequency and sophistication of cybersecurity attacks are getting worse. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Changing nature of cybersecurity attacks
4/16/2017 4:54 PM Changing nature of cybersecurity attacks Today’s cyber attackers are: Compromising user credentials in the vast majority of attacks Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Costing significant financial loss, impact to brand reputation, loss of confidential data and executive jobs © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Changing nature of cybersecurity attacks
4/16/2017 4:54 PM Changing nature of cybersecurity attacks Today’s cyber attackers are: Compromising user credentials in the vast majority of attacks Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Costing significant financial loss, impact to brand reputation, loss of confidential data and executive jobs © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Changing nature of cybersecurity attacks
4/16/2017 4:54 PM Changing nature of cybersecurity attacks Today’s cyber attackers are: Compromising user credentials in the vast majority of attacks Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Costing significant financial loss, impact to brand reputation, loss of confidential data and executive jobs © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Changing nature of cybersecurity attacks
4/16/2017 4:54 PM Changing nature of cybersecurity attacks Today’s cyber attackers are: Compromising user credentials in the vast majority of attacks Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Costing significant financial loss, impact to brand reputation, loss of confidential data and executive jobs © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 The problem Traditional IT security solutions are typically: Complex
4/16/2017 4:54 PM The problem Traditional IT security solutions are typically: Complex Prone to false positives Designed to protect the perimeter Initial setup, fine-tuning, creating rules, and thresholds/baselines can take a long time. You receive too many reports in a day with several false positives that require valuable time you don’t have. When user credentials are stolen and attackers are in the network, your current defenses provide limited protection. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Introducing Microsoft Advanced Threat Analytics
4/16/2017 4:54 PM Introducing Microsoft Advanced Threat Analytics An on-premises solution to identify advanced security attacks before they cause damage Comparison: Microsoft Advanced Threat Analytics brings this concept to IT and users of a particular organization Credit card companies monitor cardholders’ behavior If there is any abnormal activity, they will notify the cardholder to verify charge attachment © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Introducing Microsoft Advanced Threat Analytics
4/16/2017 4:54 PM Introducing Microsoft Advanced Threat Analytics An on-premises solution to identify advanced security attacks before they cause damage Behavioral Analytics Detection for known attacks and issues Advanced Threat Detection © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Microsoft Advanced Threat Analytics Benefits
4/16/2017 4:54 PM Microsoft Advanced Threat Analytics Benefits An on-premises solution to identify advanced security attacks before they cause damage Detect threats fast with Behavioral Analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives Behavioral Analytics Detection for known attacks and issues Advanced Threat Detection No need to create rules or policies, deploy agents, or monitor a flood of security reports. The intelligence needed is ready to analyze and is continuously learning. ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly evolving enterprise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who, what, when, and how” of your enterprise. It also provides recommendations for next steps Alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Why Microsoft Advanced Threat Analytics?
4/16/2017 4:54 PM Why Microsoft Advanced Threat Analytics? It is fast It learns and adapts It provides clear information Red flags are raised only when needed No need to create rules, thresholds, or baselines. ATA detects suspicious activity fast, leveraging Active Directory traffic and SIEM logs. Self-learning behavioral analytics consistently learns and identifies abnormal behavior. Functional, clear, and actionable attack timeline, showing the who, what, when, and how in near real time. ATA compares the entity’s behavior to its profile, but also to the other users, so red flags are raised only when verified. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Key features Mobility support Integration to SIEM Seamless deployment
4/16/2017 4:54 PM Key features Mobility support Integration to SIEM Seamless deployment Witnesses all authentication and authorization to the organizational resources within the corporate perimeter or on mobile devices Analyzes events from SIEM to enrich the attack timeline Works seamlessly with SIEM Provides options to forward security alerts to your SIEM or to send s to specific people Utilizes port mirroring to allow seamless deployment alongside AD Non-intrusive, does not affect existing network topology © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 How Microsoft Advanced Threat Analytics works
4/16/2017 4:54 PM How Microsoft Advanced Threat Analytics works 1 Analyze After installation: Simple, non-intrusive port mirroring configuration copies all AD-related traffic Remains invisible to the attackers Analyzes all Active Directory network traffic Collects relevant events from SIEM and information from Active Directory (titles, group memberships, and more) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 How Microsoft Advanced Threat Analytics works
4/16/2017 4:54 PM How Microsoft Advanced Threat Analytics works 2 Learn ATA: Automatically starts learning and profiling entity behavior Identifies normal behavior for entities Learns continuously to update the activities of the users, devices, and resources What is entity? Entity represents users, devices, or resources © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 How Microsoft Advanced Threat Analytics works
4/16/2017 4:54 PM How Microsoft Advanced Threat Analytics works 3 Detect Microsoft Advanced Threat Analytics: Looks for abnormal behavior and identifies suspicious activities Only raises red flags if abnormal activities are contextually aggregated Leverages world-class security research to detect security risks and attacks in near real time based on attackers Tactics, Techniques and Procedures (TTPs) ATA not only compares the entity’s behavior to its own, but also to the behavior of entities in its interaction path. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 How Microsoft Advanced Threat Analytics works
4/16/2017 4:54 PM How Microsoft Advanced Threat Analytics works Security issues and risks Broken trust Weak protocols Known protocol vulnerabilities Malicious attacks Pass-the-Ticket (PtT) Pass-the-Hash (PtH) Overpass-the-Hash Forged PAC (MS14-068) Golden Ticket Skeleton key malware Reconnaissance BruteForce Abnormal Behavior Anomalous logins Remote execution Suspicious activity Unknown threats Password sharing Lateral movement © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 4/16/2017 4:54 PM Topology © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Topology Topology - Gateway
4/16/2017 4:54 PM Topology Topology - Gateway Captures and analyzes DC network traffic via port mirroring Listens to multiple DCs from a single Gateway Receives events from SIEM Retrieves data about entities from the domain Performs resolution of network entities Transfers relevant data to the ATA Center © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Topology Topology - Center Manages ATA Gateway configuration settings
4/16/2017 4:54 PM Topology Topology - Center Manages ATA Gateway configuration settings Receives data from ATA Gateways and stores in the database Detects suspicious activity and abnormal behavior (machine learning) Provides Web Management Interface Supports multiple Gateways © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 4/16/2017 4:54 PM Demo © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Summary Taking User Behavioral Analytics (UBA) to the next level
4/16/2017 4:54 PM Summary Taking User Behavioral Analytics (UBA) to the next level Microsoft ATA protects your organization in a simple way Learn more and try at: © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 4/16/2017 4:54 PM Q&A © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Microsoft Mobility Quest
Liked what you saw? Experience it and win Visit our booth Check out our solutions Complete our missions ….You are entered to win!

25 Microsoft Cloud Security for Enterprise Architects
4/16/2017 4:54 PM Microsoft Cloud Security for Enterprise Architects Systematic approach to securing your identities, data, and applications in the cloud Visio version PDF version © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Microsoft’s Enterprise Cloud Roadmap
4/16/2017 4:54 PM Microsoft’s Enterprise Cloud Roadmap Resources for IT decision makers Map of Microsoft SaaS, PaaS, IaaS, and private cloud offerings Identity architecture Security architecture Deployment and integration options for Exchange, Lync, and SharePoint Azure architecture blueprints Cloud design patterns Design stencils © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Please evaluate this session
4/16/2017 4:54 PM Please evaluate this session Your feedback is important to us! Visit Myignite at or download and use the Ignite Mobile App with the QR code above. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28

29 4/16/2017 4:54 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 4/16/2017 4:54 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 4/16/2017 4:54 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 4/16/2017 4:54 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 4/16/2017 4:54 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Ignite /16/2017 4:54 PM"

Similar presentations

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.

1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
Security Planning and Administrative Delegation Lesson 6.

Security Planning and Administrative Delegation Lesson 6.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
$3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76%

$3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76%
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher.

Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher.

Similar presentations

Ads by Google