ATTACKERS USING IDENTITY TACTICS
MODERN PERIMETER
(Identity Controls)
Identity Based Security: Zero Trust
Complexity is the enemy of intelligent security
$1.37MOn average that an
organization spends annually
in time wasted responding to
erroneous malware alerts
1.87MGlobal cybersecurity
workforce shortage by 2022
70 35Security products Security vendors
Is the average for companies
with over 1,000 employees
Global Information Security Workforce Study 2017Nick McQuire, VP Enterprise Research CCS Insight. “The Cost of Insecure Endpoints” Ponemon Institute©
Research Report, June 2017
5
73%of accounts are protected
by duplicate passwords,
or the same password
across multiple sites
300% increase in identity-based
attacks over the past year
24-48 HoursThe amount of time it takes an attacker to obtain complete control of the network
81% of breaches are caused by
credential theft
Crippling attacks targeting US cities are on the rise
7
Reduces compromise by over 99%
Strengthen Credentials
Authentication
Multi-factor Ban common
passwords
Modernize
password
policies
Protect
privileged
accounts
Secure identities to reach zero trust
Strengthen
your security posture
with insights and
guidance
Help stop
damaging attacks
with integrated and
automated security
Protect sensitive
information
anywhere it lives
Threat
Protection
Identity & Access
Management
Information
Protection
Security
Management
Intelligent security for the modern workplace Unify enterprise security and user productivity
Holistic security across your digital landscape
Implement risk-based identity security
Users with leaked credentials
Sign-ins from anonymous IP addresses
Impossible travel to atypical locations
Sign-ins from infected devices
Sign-ins from IP addresses with suspicious activity
Sign-ins from unfamiliar locations
New risk alerts are added as new threats emerge
CorporateNetwork
Geo-location
Cloud Access Security BrokerMacOS
Android
iOS
Windows
Endpoint Security
Client apps
Browser apps
Guests
MSA
Azure AD
ADFS
RequireMFA
Allow/block
Block legacyauthentication
Forcepasswordreset******
Limitedaccess
Controls
Employee & PartnerUsers and Roles
Trusted &Compliant Devices
Physical &Virtual Location
Client apps &Auth Method
Conditions
Machinelearning
Policies
Real timeEvaluationEngine
SessionRisk
3
40TB
Effectivepolicy
Conditional Access Controls
Social Media Human Resources
Provide oversight for which users have access to what resources
Prompt users to ensure their access is limited to the resources they need
Apply to employees and guest users
User Administrator UserAdministrator privileges expire after
a specified interval
Enforce on-demand, just-in-time
administrative access when needed
Ensure policies are met with alerts,
audit reports and access reviews
Microsoft strongly recommends enabling MFA for all admins in your organization, especially subscription owners & tenant admins.
Discover, restrict, and monitor privileged identities
Managed apps
Personal apps
Personal apps
Managed appsCorporate data
Personaldata
Multi-identity policy
Personal apps
Managed apps
Copy Paste Save
Save to
personal storage
Paste to
personal
app
Email attachment
Mobile Application Management Policies can be applied to devices managed by:
Any MDM Provider
BYOD Devices (No MDM)
Get anomalous usage alerts, new app and trending apps alerts.
On-going analytics
Discover cloud apps in use across your networks and sensitive data they store.
Discovery of cloud apps and data
Comprehensive risk scoring utilizing more than 70 risk factors including regulatory certifications & compliance standards
Understand the risk
Gain visibility into top users, traffic data, app categories, and IP addresses
Understand usage patters
Integrates with your SIEM, Identity and Access Management, DLP and Information Protection solutions
ControlDiscover Protect
• Unusual file share activity
• Unusual file download
• Unusual file deletion activity
• Ransomware activity
• Activity by a terminated employee
Indicators of a
compromised session
Malicious use
of an end-user
account
Threat delivery
and persistence
!
!
!
Malicious use of
a privileged user
• Activity from suspicious IP addresses
• Activity from anonymous IP addresses
• Activity from an infrequent country
• Impossible travel between sessions
• Logon attempt from a suspicious user agent
• Malware implanted in cloud apps
• Malicious OAuth application
• Multiple failed login attempts to app
• Suspicious inbox rules (delete, forward)
• Unusual impersonated activity
• Unusual administrative activity
• Unusual multiple delete VM activity
LabelDiscover Classify
Sensitivity Retention
Data growing at exponential rate
→ Encryption
→ Restrict Access
→ Watermark
→ Header/Footer
→ Retention
→ Deletion
→ Records Management
→ Archiving
→ Sensitive data discovery
→ Data at risk
→ Policy violations
→ Policy recommendations
→ Proactive alerts
Comprehensive policies to protect and govern your most important data – throughout its lifecycle
Unified approach to discover, classify & label
Automatically apply policy-based actions
Proactive monitoring to identify risks
Broad coverage across locations
Apply label
Unified approach
Monitor
Monitor
CONFIDENTIAL
What is a sensitivity label?
Tag that is customizable,
in cleartext,
and persistent.
In files and emails, the label is persisted
as document metadata
In SharePoint Online, the label is
persisted as container metadata
The label becomes the basis for applying and
enforcing data protection policies
Helps you manage sensitive data stored
on-premise prior to migrating to Office 365
or other cloud services
Use discover mode to identify and report
on files containing sensitive data
Use enforce mode to automatically classify,
label and protect files with sensitive data
FINANCE
CONFIDENTIAL
Persistent tags that travel with the document
Labels are metadata written to documents
Labels are in clear text so that other systems such as a DLP
engines can read it
Labels can contain visual markers such as a header, footer,
or watermark
Labels can contain encryption to restrict access to the file
or govern allowable file actions in access is granted
(Example: Read Only – Expiration of Access etc)
Scan & detect sensitive data based on policy
Classify and label data based on sensitivity
Apply protection actions, including encryption,
access restrictions
Track and Report
Thank You
Michael Hobbs
Microsoft Security Solutions
Email: [email protected]
LinkedIn: linkedin.com/in/mihobbs13