Colin Brown Solution Architect & Chief Security Advisor

Microsoft Enterprise Services, UK

colbrown@microsoft.com

The Evolving Landscape

Q&A, contacts and close.

Why Security and Identity are so important

The Microsoft Commitment to Cybersecurity

Understanding Cyberattacks

What All Customers Need to Do

Take Action

Agenda

Cloud Mobility

The reason most cloud

projects fail to start is

because of Security

The reason most in flight cloud projects fail is because of Identity

Estimated shortfall of 1.5million by 2019

1 million new cybersecurity job openings in 2016

Unavailable or expensive to recruit

Customers will not be able to build their own teams and will be driven to service providers

Average cost of recovery from a single incident is $3.5million

This can rise to > $100million

Incidents are now a near certainty for everyone

“Assume breach” is the new security posture

People lose their jobs

Target’s CEO in the US

This is a boardroom level conversation

If you are not having it, someone else is

Securing the MSIT EnvironmentAn innovative digital foundation for our company

Microsoft Experience & CredentialsSecond decade of perspective & progress

Satya Nadella KeynoteEnterprise security in a mobile-first, cloud-first world, November 2015

http://news.microsoft.com/security2015/

OUR NEWSECURITY POSTURE

!

DETECTusing targeted signals, behavioral monitoring, and machine learning

RESPONDclosing the gap between discovery and action

PROTECTacross all endpoints, from sensors to the datacenter

Satya Nadella Keynote

OUR UNIQUE PERSPECTIVE

300B user authentications each month

1B Windows devices updated

200B emails analyzed for spam and malware

Capabilities are embedded into our products and cloud services

OUR SECURITY PLATFORM

CTIP Report: Company Y

Capabilities are embedded into offerings from Microsoft Enterprise Services.

• Microsoft Security Risk Assessment (MSRA)

• Microsoft Threat Detection Services (MTDS)

• Persistent Adversary Detection Services (PADS)

Satya Nadella Keynote

• Protect Microsoft’s cloud infrastructure, customer-facing cloud services, products and devices, and internal resources 24 x 7 x 365

• Unite personnel, technology, and analytics in a central hub

• Provide world-class security protection, detection, and response

• More than 50 Security Experts and Data Scientists

• Connected to >3500 Security Professionals across Microsoft

• Tight partnerships with Microsoft Research and the Security Development Lifecycle (SDL) team

Satya Nadella KeynoteCyber Defence Operations Center (CDOC)

Digital Crimes Unit and Malware Lab

DEFENCE

IN DEPTH

ASSUME BREACH

Understanding Cyber AttacksTypical attack stages

What is a Typical Attack Profile?

What is a Typical Attack Profile?

What is a Typical Attack Profile?

What is a Typical Attack Profile?

What is a Typical Attack Profile?

What is a Typical Attack Profile?

What is a Typical Attack Profile?

What is a Typical Attack Profile?

24-48hours

What is a Typical Attack Profile?When you assume breach, you need to detect & respond ASAP

First HostCompromised

CYBERTHREATS

Domain AdminCompromised

DATA LOSS (Attacker Undetected) 7-10 months

Breach Discovered

What is a Typical Attack Profile?

What All Customers Need to Do Roadmap to improve your cybersecurity position

?

Security Navigator – Know Your Position

Identity strategy

Technical appraisal of the security of Active Directory

Extent of environmental compromise and data exfiltration

Tactical recovery of compromise

Identity & Security assessment and strategy

Cybersecurity strategic recommendations

What All Customers Need to Do Roadmap to improve your cybersecurity position

?

Protect, Detect & Respond Cybersecurity, Identity & Security Solutions and Services

Respond

Detect

Protect

Cloud App

Security.

Azure AD

Identity

Protection.

Incident

Response

Secure &

Resilient AD

Program ––

SLAM

Cyb

erse

curity

Arch

itect E

ng

ag

em

en

t

Microsoft

Threat

Detection

Services

Incident

Recovery:

Tactical &

Strategic

Enhanced

Security Admin

Environment

EMS

Onboarding

Assistance

Azure AD

Implementation

Services

EMET

Reporting

Service

Design Services,

ADFS, FIM/MIM,

BitLocker, PKI,

DirectAccess,

Azure

Advanced Threat

Analytics

Implementation

Services Security

Incident

Response

Workshop

Secu

rity A

ssessm

en

t

Iden

tity A

ssessm

en

t

Secu

re D

evelo

pm

en

t Lifecy

cle A

ssessm

en

t

Users | Devices | Applications | Data

Azure AD RMS

Implementation

Services

Persistent

Adversary

Detection

Service

ASSUME BREACH

Colin Brown

Solution Architect

Cybersecurity, Identity & Security

Microsoft Enterprise Services

+44-1189-095627

+44-7814-285280

colbrown@microsoft.com