ATTACKERS USING IDENTITY TACTICS

MODERN PERIMETER

(Identity Controls)

Identity Based Security: Zero Trust

Complexity is the enemy of intelligent security

$1.37MOn average that an

organization spends annually

in time wasted responding to

erroneous malware alerts

1.87MGlobal cybersecurity

workforce shortage by 2022

70 35Security products Security vendors

Is the average for companies

with over 1,000 employees

Global Information Security Workforce Study 2017Nick McQuire, VP Enterprise Research CCS Insight. “The Cost of Insecure Endpoints” Ponemon Institute©

Research Report, June 2017

5

73%of accounts are protected

by duplicate passwords,

or the same password

across multiple sites

300% increase in identity-based

attacks over the past year

24-48 HoursThe amount of time it takes an attacker to obtain complete control of the network

81% of breaches are caused by

credential theft

Crippling attacks targeting US cities are on the rise

Password-less

Authenticator

App

FIDO2 Security KeysBiometrics

7

Reduces compromise by over 99%

Strengthen Credentials

Authentication

Multi-factor Ban common

passwords

Modernize

password

policies

Protect

privileged

accounts

Secure identities to reach zero trust

Strengthen

your security posture

with insights and

guidance

Help stop

damaging attacks

with integrated and

automated security

Protect sensitive

information

anywhere it lives

Threat

Protection

Identity & Access

Management

Information

Protection

Security

Management

Intelligent security for the modern workplace Unify enterprise security and user productivity

Holistic security across your digital landscape

Jon Smith Laptop

Jon Smith Laptop

Utilize intelligence to drive zero trust policies

Implement risk-based identity security

Users with leaked credentials

Sign-ins from anonymous IP addresses

Impossible travel to atypical locations

Sign-ins from infected devices

Sign-ins from IP addresses with suspicious activity

Sign-ins from unfamiliar locations

New risk alerts are added as new threats emerge

CorporateNetwork

Geo-location

Cloud Access Security BrokerMacOS

Android

iOS

Windows

Endpoint Security

Client apps

Browser apps

Guests

MSA

Azure AD

ADFS

RequireMFA

Allow/block

Block legacyauthentication

Forcepasswordreset******

Limitedaccess

Controls

Employee & PartnerUsers and Roles

Trusted &Compliant Devices

Physical &Virtual Location

Client apps &Auth Method

Conditions

Machinelearning

Policies

Real timeEvaluationEngine

SessionRisk

3

40TB

Effectivepolicy

Conditional Access Controls

Social Media Human Resources

Provide oversight for which users have access to what resources

Prompt users to ensure their access is limited to the resources they need

Apply to employees and guest users

User Administrator UserAdministrator privileges expire after

a specified interval

Enforce on-demand, just-in-time

administrative access when needed

Ensure policies are met with alerts,

audit reports and access reviews

Microsoft strongly recommends enabling MFA for all admins in your organization, especially subscription owners & tenant admins.

Discover, restrict, and monitor privileged identities

Managed apps

Personal apps

Personal apps

Managed appsCorporate data

Personaldata

Multi-identity policy

Personal apps

Managed apps

Copy Paste Save

Save to

personal storage

Paste to

personal

app

Email attachment

Mobile Application Management Policies can be applied to devices managed by:

Any MDM Provider

BYOD Devices (No MDM)

Block on download

Block on download

Get anomalous usage alerts, new app and trending apps alerts.

On-going analytics

Discover cloud apps in use across your networks and sensitive data they store.

Discovery of cloud apps and data

Comprehensive risk scoring utilizing more than 70 risk factors including regulatory certifications & compliance standards

Understand the risk

Gain visibility into top users, traffic data, app categories, and IP addresses

Understand usage patters

Integrates with your SIEM, Identity and Access Management, DLP and Information Protection solutions

ControlDiscover Protect

• Unusual file share activity

• Unusual file download

• Unusual file deletion activity

• Ransomware activity

• Activity by a terminated employee

Indicators of a

compromised session

Malicious use

of an end-user

account

Threat delivery

and persistence

!

!

!

Malicious use of

a privileged user

• Activity from suspicious IP addresses

• Activity from anonymous IP addresses

• Activity from an infrequent country

• Impossible travel between sessions

• Logon attempt from a suspicious user agent

• Malware implanted in cloud apps

• Malicious OAuth application

• Multiple failed login attempts to app

• Suspicious inbox rules (delete, forward)

• Unusual impersonated activity

• Unusual administrative activity

• Unusual multiple delete VM activity

LabelDiscover Classify

Sensitivity Retention

Data growing at exponential rate

→ Encryption

→ Restrict Access

→ Watermark

→ Header/Footer

→ Retention

→ Deletion

→ Records Management

→ Archiving

→ Sensitive data discovery

→ Data at risk

→ Policy violations

→ Policy recommendations

→ Proactive alerts

Comprehensive policies to protect and govern your most important data – throughout its lifecycle

Unified approach to discover, classify & label

Automatically apply policy-based actions

Proactive monitoring to identify risks

Broad coverage across locations

Apply label

Unified approach

Monitor

Monitor

CONFIDENTIAL

What is a sensitivity label?

Tag that is customizable,

in cleartext,

and persistent.

In files and emails, the label is persisted

as document metadata

In SharePoint Online, the label is

persisted as container metadata

The label becomes the basis for applying and

enforcing data protection policies

Helps you manage sensitive data stored

on-premise prior to migrating to Office 365

or other cloud services

Use discover mode to identify and report

on files containing sensitive data

Use enforce mode to automatically classify,

label and protect files with sensitive data

FINANCE

CONFIDENTIAL

Persistent tags that travel with the document

Labels are metadata written to documents

Labels are in clear text so that other systems such as a DLP

engines can read it

Labels can contain visual markers such as a header, footer,

or watermark

Labels can contain encryption to restrict access to the file

or govern allowable file actions in access is granted

(Example: Read Only – Expiration of Access etc)

Bring controls directly into user experience

Scan & detect sensitive data based on policy

Classify and label data based on sensitivity

Apply protection actions, including encryption,

access restrictions

Track and Report

Thank You

Michael Hobbs

Microsoft Security Solutions

Email: mihobbs@microsoft.com

LinkedIn: linkedin.com/in/mihobbs13