Microsoft 365 Security und Azure Security, Einhaltung von Compliance-Anforderungen unter Berücksichtigung des neuen Schweizer Datenschutzgesetze, Best Practices bei der Einführung und dem Betrieb von Sicherheitslösungen
Microsoft 365 provides holistic security across these four aspects of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Secure identities to reach zero trust
Threat Protection
Help stop damaging attacks with integrated and automated security
Information Protection
Protect sensitive information anywhere it lives
Security Management
Strengthen your security posture with insights and guidance
This is the slide deck used on my webinar session titled " Fundamentals of Microsoft 365 security , Identity and Compliance" .You can find the recording of this webinar here : https://youtu.be/akrEnqK6Dsc
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptxMatthew Levy
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.
In today's cybersecurity galaxy, the landscape has become increasingly sophisticated with cybercriminal activities. We need to work together in new ways to protect the cybersecurity of the planet.
In this session Matthew will discuss
• The threats we need to defend against
• The things in our galaxy that need protecting
• The Defender suite from Microsoft
• The Zero Trust architecture
You will learn 5 basic things you should be doing to protect yourself, and that you are not alone in this galaxy because you can leverage the Defender products from Microsoft to defend you're world.
This strategy brief outlines how the Microsoft Cyber Defense Operations Center (CDOC) brings together security experts and data scientists from across the company to form a unified and coordinated defense against the evolving threat landscape—to protect Microsoft’s cloud infrastructure and services, products and devices, and our Microsoft corporate resources.
Protect your hybrid workforce across the attack chainDavid J Rosenthal
Security is one of the most important considerations for SMBs. In fact, 77% of SMBs in a recent survey consider security a top feature when purchasing new PCs.1
Last year alone, 67% of SMBs experienced a security breach that cost, on average, 3.3% of their revenue.1 That’s a big risk to both profitability and reputation, and it shows how critical strong security protections are for businesses.
The good news is that 69% of SMBs in a recent survey agreed that new Windows 10 Pro devices offered better security and data protection than older devices.1
Research shows that modern devices help business owners by preventing identity attacks, minimizing phishing, and reducing the risk of malware attacks. These are all common ways that bad actors steal business data, steal personal information, or hold our devices hostage in exchange for huge amounts of ransom money.
And with modern PCs, most security functions can happen in the cloud, without interrupting worker productivity.
Microsoft 365 provides holistic security across these four aspects of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Secure identities to reach zero trust
Threat Protection
Help stop damaging attacks with integrated and automated security
Information Protection
Protect sensitive information anywhere it lives
Security Management
Strengthen your security posture with insights and guidance
This is the slide deck used on my webinar session titled " Fundamentals of Microsoft 365 security , Identity and Compliance" .You can find the recording of this webinar here : https://youtu.be/akrEnqK6Dsc
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptxMatthew Levy
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.
In today's cybersecurity galaxy, the landscape has become increasingly sophisticated with cybercriminal activities. We need to work together in new ways to protect the cybersecurity of the planet.
In this session Matthew will discuss
• The threats we need to defend against
• The things in our galaxy that need protecting
• The Defender suite from Microsoft
• The Zero Trust architecture
You will learn 5 basic things you should be doing to protect yourself, and that you are not alone in this galaxy because you can leverage the Defender products from Microsoft to defend you're world.
This strategy brief outlines how the Microsoft Cyber Defense Operations Center (CDOC) brings together security experts and data scientists from across the company to form a unified and coordinated defense against the evolving threat landscape—to protect Microsoft’s cloud infrastructure and services, products and devices, and our Microsoft corporate resources.
Protect your hybrid workforce across the attack chainDavid J Rosenthal
Security is one of the most important considerations for SMBs. In fact, 77% of SMBs in a recent survey consider security a top feature when purchasing new PCs.1
Last year alone, 67% of SMBs experienced a security breach that cost, on average, 3.3% of their revenue.1 That’s a big risk to both profitability and reputation, and it shows how critical strong security protections are for businesses.
The good news is that 69% of SMBs in a recent survey agreed that new Windows 10 Pro devices offered better security and data protection than older devices.1
Research shows that modern devices help business owners by preventing identity attacks, minimizing phishing, and reducing the risk of malware attacks. These are all common ways that bad actors steal business data, steal personal information, or hold our devices hostage in exchange for huge amounts of ransom money.
And with modern PCs, most security functions can happen in the cloud, without interrupting worker productivity.
In deze sessie geeft Martin Vliem een overzicht van uitdagingen en trends rondom informatiebeveiliging [security] [ cybersecurity] in relatie tot de digitale transformatie onderliggend aan Het Nieuwe Werken. Hij licht de belangrijkste bedreigingen toe, gaat in op de risico’s en illustreert hoe organisaties een betere balans kunnen vinden tussen productiviteit en beveiliging.
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
As cyber attacks have matured and become more complex over the last number of years, the objective of most attacks has not changed: compromise and collect user credentials. This session will explore the changing cybersecurity landscape and how managing identity – both in the enterprise as well as across 3rd party applications - is becoming job #1 in managing your organization’s risk.
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
As the volume and sophistication of attacks has increased, it has become even more critical for organizations to be able to rapidly and accurately identify malicious attack vectors and payloads at time of delivery. This session will explore Microsoft’s unique approach to dealing with this problem and also how we approach tracing and deconstructing a successful attack in order to prevent its’ next iteration.
Platform + Intelligence + Partners
This new understanding has led us to build new solutions for our customers. It informs our entire approach across three critical elements:
Building a platform that looks holistically across all the critical end-points we talked about – building security into our platform as well as providing security tools and technologies to you
Acting on the Intelligence that comes from our security-related signals and insights – helps you and us to detect threats more quickly
Fostering a vibrant ecosystem of partners who help us raise the bar across the industry – we know we’re not your only security vendor, and we want to work with the industry and take a holistic approach to technology
Microsoft 365 provides holistic security that is aligned to these four pillars of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 E5 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Protect users’ identities and control access to valuable resources based on user risk level
Information Protection
Ensure documents and emails are seen only by authorized people
Threat Protection
Protect against advanced threats and recover quickly when attacked
Security Management
Gain visibility and control over security tools
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansDavid J Rosenthal
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected
here's where Microsoft has invested, across these areas: identity and access management, apps and data security, network security, threat protection, and security management.
We’ve put a tremendous amount of investment into these areas and the way it shows up is across a pretty broad array of product areas and features.
Our Identity and Access Management tools enable you to take an identity-based approach to security, and establish truly conditional access policies
Our App and Data Security help you protect your apps and your data as it moves around—both inside and outside your organization
Azure includes a robust networking infrastructure with built-in security controls for your application and service connectivity.
Our Threat Protection capabilities are built in and fully integrated, so you can strengthen both pre-breach protection with deep capabilities across e-mail, collaboration services, and end points including hardware based protection; and post-breach detection that includes memory and kernel based protection and response with automation.
And our Security Management tools give you the visibility and more importantly the guidance to manage policy centrally
The crown jewels of any IT environment is the valuable information you manage. This session will explore techniques and Microsoft technologies that can ensure documents are well-managed, secured, and only available to approved individuals in your organization. We will also look at advanced ediscovery and data governance approaches and technologies that can support these.
Office 365 environments are very attractive targets for attackers. So, it's never been more important to understand how its security structure works, and how to best configure it.
In this in-depth session, we'll run through real-time attack scenarios and examine common attack vectors. And then we'll explore the various defense capabilities of Office 365, the MS Graph API, and Azure AD. We'll deep-dive into external sharing, authentication options, third-party application security (what apps should and shouldn't be able to do), and even some do's and don'ts regarding Azure AD endpoints and authorization mechanisms.
You'll walk away with a solid understanding of how to use the Office 365 defense tools at your disposal, such as the Attack Simulator and Threat Intelligence, as well as how they relate to real-world attacks.
Cloud Security Issues and Challenge.pptxinfosec train
Cloud computing has reformed the way businesses operate these days. Today, the cloud is being adopted by an increasing number of enterprises.
https://www.infosectrain.com/courses/certified-cloud-security-engineer-training-course/
Cloudbrew 2019 - Threat hunting with the Microsoft CloudTom Janetscheck
With the release of Azure Sentinel, Microsoft has shifted some features from Azure Security Center to their new threat hunting solution. But how do all the security tools Microsoft offers nowadays integrate with each other? How can you find a way through this security jungle? And how do you make sure to have the right tools in place when it comes to protecting your IT environments and hunting threats?
Join cloud security expert and Microsoft MVP Tom Janetscheck for this demo-rich session to get all these questions answered and to learn how to protect your resources easily and efficiently.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
More Related Content
Similar to Webinar Mastering Microsoft Security von Baggenstos
In deze sessie geeft Martin Vliem een overzicht van uitdagingen en trends rondom informatiebeveiliging [security] [ cybersecurity] in relatie tot de digitale transformatie onderliggend aan Het Nieuwe Werken. Hij licht de belangrijkste bedreigingen toe, gaat in op de risico’s en illustreert hoe organisaties een betere balans kunnen vinden tussen productiviteit en beveiliging.
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
As cyber attacks have matured and become more complex over the last number of years, the objective of most attacks has not changed: compromise and collect user credentials. This session will explore the changing cybersecurity landscape and how managing identity – both in the enterprise as well as across 3rd party applications - is becoming job #1 in managing your organization’s risk.
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
As the volume and sophistication of attacks has increased, it has become even more critical for organizations to be able to rapidly and accurately identify malicious attack vectors and payloads at time of delivery. This session will explore Microsoft’s unique approach to dealing with this problem and also how we approach tracing and deconstructing a successful attack in order to prevent its’ next iteration.
Platform + Intelligence + Partners
This new understanding has led us to build new solutions for our customers. It informs our entire approach across three critical elements:
Building a platform that looks holistically across all the critical end-points we talked about – building security into our platform as well as providing security tools and technologies to you
Acting on the Intelligence that comes from our security-related signals and insights – helps you and us to detect threats more quickly
Fostering a vibrant ecosystem of partners who help us raise the bar across the industry – we know we’re not your only security vendor, and we want to work with the industry and take a holistic approach to technology
Microsoft 365 provides holistic security that is aligned to these four pillars of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 E5 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Protect users’ identities and control access to valuable resources based on user risk level
Information Protection
Ensure documents and emails are seen only by authorized people
Threat Protection
Protect against advanced threats and recover quickly when attacked
Security Management
Gain visibility and control over security tools
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansDavid J Rosenthal
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected
here's where Microsoft has invested, across these areas: identity and access management, apps and data security, network security, threat protection, and security management.
We’ve put a tremendous amount of investment into these areas and the way it shows up is across a pretty broad array of product areas and features.
Our Identity and Access Management tools enable you to take an identity-based approach to security, and establish truly conditional access policies
Our App and Data Security help you protect your apps and your data as it moves around—both inside and outside your organization
Azure includes a robust networking infrastructure with built-in security controls for your application and service connectivity.
Our Threat Protection capabilities are built in and fully integrated, so you can strengthen both pre-breach protection with deep capabilities across e-mail, collaboration services, and end points including hardware based protection; and post-breach detection that includes memory and kernel based protection and response with automation.
And our Security Management tools give you the visibility and more importantly the guidance to manage policy centrally
The crown jewels of any IT environment is the valuable information you manage. This session will explore techniques and Microsoft technologies that can ensure documents are well-managed, secured, and only available to approved individuals in your organization. We will also look at advanced ediscovery and data governance approaches and technologies that can support these.
Office 365 environments are very attractive targets for attackers. So, it's never been more important to understand how its security structure works, and how to best configure it.
In this in-depth session, we'll run through real-time attack scenarios and examine common attack vectors. And then we'll explore the various defense capabilities of Office 365, the MS Graph API, and Azure AD. We'll deep-dive into external sharing, authentication options, third-party application security (what apps should and shouldn't be able to do), and even some do's and don'ts regarding Azure AD endpoints and authorization mechanisms.
You'll walk away with a solid understanding of how to use the Office 365 defense tools at your disposal, such as the Attack Simulator and Threat Intelligence, as well as how they relate to real-world attacks.
Cloud Security Issues and Challenge.pptxinfosec train
Cloud computing has reformed the way businesses operate these days. Today, the cloud is being adopted by an increasing number of enterprises.
https://www.infosectrain.com/courses/certified-cloud-security-engineer-training-course/
Cloudbrew 2019 - Threat hunting with the Microsoft CloudTom Janetscheck
With the release of Azure Sentinel, Microsoft has shifted some features from Azure Security Center to their new threat hunting solution. But how do all the security tools Microsoft offers nowadays integrate with each other? How can you find a way through this security jungle? And how do you make sure to have the right tools in place when it comes to protecting your IT environments and hunting threats?
Join cloud security expert and Microsoft MVP Tom Janetscheck for this demo-rich session to get all these questions answered and to learn how to protect your resources easily and efficiently.
Similar to Webinar Mastering Microsoft Security von Baggenstos (20)
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
4. Themen
• Heutiges Bedrohungs-Umfeld
• Microsoft 365 Security
sowie Azure Security
(Compliance / Datenschutzgesetz)
• Best Practices bei der Einführung und
dem Betrieb von Sicherheitslösungen
• Fragen (im Chat) & Antworten
5. Durch das Webinar führen…
Martin Janisch
Partner Technology Strategist
Sven Heeb
Consulting, Projektleitung
Othmar Frey
Sales Director
6. Classified as Microsoft Confidential
Security Webinar
Martin Janisch
Partner Technology Strategist
16.08.2023
7. Classified as Microsoft Confidential
Attack surface is expanding due
to hybrid work
Rapid acceleration and increasing
sophistication of cybercrime
Rising cost of cybersecurity
risk mitigation and remediation
The increasingly
complex state
of cybersecurity
8. Relevance
Ransomware:
https://aka.ms/CISOWorkshop
Zero-days:
Breaching services on
a per job basis:
Exploit kits:
Loads (compromised device):
Spearphishing services:
Compromised accounts:
Denial of Service:
Highest average price
Most Common Passwords 2023 - Is Yours on the List? | CyberNews, based on
15.212 B from publicly leaked data breaches; last accessed on May 11th, 2023
9. Are SMB customers
subject to attacks?
“No one is interested
in my data anyhow.”
• Over 620 million ransomware attacks happened in 2021 globally. 1
• Of all ransomware attacks on enterprises in 2020, 55 percent hit
businesses with fewer than 100 employees, while an entire 75 percent
of attacks were on companies making less than $50 million in revenue. 2
• In fact, on average, victims of ransomware only recover around 65
percent of stolen data. 3
• “However, it’s safe to say that any business that uses a computer system
is at risk.” 4
• Average cost of a SMB data breach in 120K$ in 2018 5
Fact check
• Ransomware hackers might not be not interested in SMB customer data
– but the SMB customers are. If their data is encrypted/lost, they will
incur damage and cost immediately.
• Hackers are interested in money – and Ransomware-as-a-Service kits
allow for highly automized attacks of 10.000s of victims simultaneously
and easily.
• For public sector/sensitive data, data is often no longer encrypted
anymore – but rather used to threat making data public.
• Access to SMB customers cloud service accounts may allow hackers to
spin up crypto mining VMs – causing $100.000s of damage in days
Explaining the risk for SMB customers
10. The phishing threat landscape
The State of Cybercrime
710 million
phishing emails blocked
per week.
531,000
Unique phishing URLs hosted outside of
Microsoft taken down at the direction of our
Digital Crimes Unit.
1hr 12m
The median time it takes for an
attacker to access your private data if
you fall victim to a phishing email.
1hr 42m
The median time for an attacker to begin
moving laterally within your corporate
network once a device is compromised.
Phishing
emails with
Ethereum
wallet
addresses
Business email compromise themes
(January-June 2022)
Phishing page impersonating a
Microsoft login with dynamic content
11. Classified as Microsoft Confidential
Relevance
‘Time between Black Friday and Christmas favourable for Threat Actors
Threat Actors are Already Building Phishing Pages to Target Holiday Shoppers (cybersixgill.com)
‘Tis the Season for Online Shopping and Phishing Scams | Trustwave’
Evidence: >15 cases in Switzerland within the last 12 months; e.g.
2 Cryptojacking (28k in half a day, 464k in a few days in ACR)
1 Tenant Lockout
Local data shows that still, ~35 % (latest data even 47%!) of Azure Subscriptions
do not have MFA turned on for Owner / Administrator roles in Switzerland
Threat actor groups like ‘Conti’ have
company-like character
MFA activation
65%
35%
Yes
No
Avg. Secure Score
Conti ransomware leak shows group operates like a normal tech company (cnbc.com)
12. Classified as Microsoft Confidential
‘staggering 85% of 6,700 global security
practitioners say their companies do not
have a cybersecurity posture robust enough
to defend against risks relating to hybrid
work.’
13. 25.6billion
attempts to hijack enterprise
customer accounts detected
and blocked by Microsoft
from Jan – Dec 2021.
Identity & Access Management
Trends & Challenges
Identity is the New Battleground, Cyber Signals, February 2022
80% of attacks involve
identity-based techniques
14. Zero Trust
Attend a 2-day event for Partners: Security Through the Lens of Zero Trust here. The
training is also available On-demand.
Zero Trust Guidance Center | Microsoft Learn
Verify explicitly Use least privilege access Assume breach
Always authenticate
and authorize based
on all available data
points.
Limit user access with
Just-In-Time and Just-
Enough-Access (JIT/JEA),
risk-based adaptive
policies, and data
protection.
Minimize blast radius
and segment access.
Verify end-to-end
encryption and use
analytics to get
visibility, drive threat
detection, and
improve defenses.
15. Classified as Microsoft Confidential
Visibility across your entire organization
Secure your end users Secure your infrastructure
16. Classified as Microsoft Confidential
Microsoft 365 Defender Microsoft Defender for Cloud
Visibility Automation AI
Data
connectors
Security
analytics
Threat
intelligence
Modernize your SOC
with Microsoft Sentinel
Optimize security operations with cloud-native
SIEM powered by AI and automation
17. Classified as Microsoft Confidential
Microsoft Sentinel
Microsoft 365 Defender Microsoft Defender for Cloud
Endpoints Identities Cloud apps
Email Docs IoT
Protect end-user
environments with XDR
Stop attacks and coordinate
response across digital assets
18. Classified as Microsoft Confidential
Microsoft Sentinel
Microsoft 365 Defender Microsoft Defender for Cloud
SQL/Storage Server VMs Containers
Network Industrial
IoT
Azure App
Services
Secure multi-cloud
environments with XDR
Use industry-leading threat intelligence
and XDR capabilities to stop threats
19. Classified as Microsoft Confidential
8
3
18 21
7
Why is defense so difficult?
SecOps professionals must protect…
20. Classified as Microsoft Confidential
End Point
Attacks are crossing modalities
Typical human-operated ransomware campaign
Cloud apps
21. Classified as Microsoft Confidential
Protection across the entire kill chain
With Microsoft SIEM and XDR
Services stopped
and backups deleted
Files encrypted on
additional hosts
Browse to
a website
Phishing
mail
Open
attachment
Click a URL
Command
and Control
User account
is compromised
Brute force account or use
stolen account credentials
Attacker compromises
a privileged account
Domain is
compromised
Attacker exfiltrates
sensitive data
Attacker collects
reconnaissance and
configuration data
Email Endpoints Identities Workloads
Exploitation
and installation
Cloud apps
22. Classified as Microsoft Confidential
End Point
Protection across the entire kill chain
With Microsoft SIEM and XDR
Email Endpoints Identities
Cloud apps
Workloads
Malware detection
Safe links
Safe attachments
Endpoint Protection
Platform (EPP)
Endpoint Detection
and Response (EDR)
Verified ID
Permissions management
Privileged Access Management
Identity threat detection and response
Identity Protection
Workload threat protection
File share encryption
Control access
Protect data
25. Risk assurance by phases
Allows you to understand how
Microsoft security controls are
designed and operated by using
online resources such as:
• Service Trust Portal
• Compliance Manager
• Compliance Score, and
• Secure Score
All Microsoft controls have been
certified by independent third-parties
such following standards such as ISO
27001:2013, SOC 2, and FedRAMP
(NIST SP800-53).
By mapping your internal
requirements against these
frameworks, you will obtain 3rd Party
Certification over the design and
operation also of your controls.
Further confidence over the
operation of our controls may be
obtained by engaging a fully
independent third-party funded by
you as a customer.
For instance TruSight was founded
by a consortium of leading financial
service companies specifically for
this purpose.
Direct review of control evidences
is only possible through direct
audit engagements such as 1:1
and possibly group audits.
Currently, audits through the
Compliance Program are only
available to Financial Services
companies and organizations
performing privacy (GDPR)
assessments.
3rd Party
Certification
2
Service Review &
Education
1
External
Attestation
3
Direct Audit
Engagement
4
How Microsoft supports you in assessing & auditing our services
Compliance Program
Self-service Audit External
26. Microsoft Purview
Comprehensive solutions to help govern, protect and manage your data estate
Understand & govern data
Manage visibility and governance of
data assets across your environment
Safeguard data, wherever it lives
Protect sensitive data across clouds,
apps, and devices
Improve risk & compliance posture
Identify data risks and manage regulatory
compliance requirements
Microsoft ecosystem
Support for multi-cloud, hybrid, SaaS data | Third-party/partner ecosystem
32. Classified as Microsoft Confidential
140+3
Threat groups
65T4
Analyzing
Threat signals daily
50% increase
37B4
Blocking
email threats annually
Serving billions of global customers,
learning and predicting what’s next
Monitoring
40+1
Nation state-groups
Investing to improve and share
knowledge, gain insights, and
combat cybercrime
$20B1
in the next 5 years
60%
Up to savings, on
average, over
multi-vendor
security solutions
Keeping you
secure, while
saving you time
and resources
Trusted globally, protecting organizations’
multi-Cloud and multi-platform infrastructures
customers have chosen
Microsoft Security to
protect their
organizations
partners in security
ecosystem
860K4
15K1
Industry-leading security from Microsoft
1. Earnings Press Release, FY22 Q4. July 26, 2022, Microsoft Investor Relations
2. “Microsoft Digital Defense Report”. October 2021, Microsoft Security
3. Earnings Press Release, FY22 Q2. December 16, 2021, Microsoft Investor Relations
4. “Microsoft Security reaches another milestone—Comprehensive, customer-centric solutions drive results” blog – Microsoft Security
34. Best practices
• Secure Score / Messbarkeit im Unternehmen
• Vorstellung Produkte
• Defender for Servers
• Defender for Endpoint
• Defender for Office365
• Defender for Endpoint Vulnerability Management
• Beispiel Secure Score for Device / Exposure Score
• Azure Sentinel (Monitoring)
35. Secure Score Allgemein
Was ist Secure Score? (verschiedene Scores)
Microsoft Secure Score ist ein Tool, das die Sicherheit der Einrichtung und Konfiguration Ihres
Microsoft Tenant in einer einfachen Zahl ausdrückt.
• Empfehlung Microsoft 65% und höher
• Firmenziel Baggenstos 75 % bei Managed Service
Wie erreichen wir bzw. was ist unser Ziel?
• Secure Score Punkte: Absoluter Wert Abhängig von der eingesetzten Lizenzierung
• M365 Business Premium, M365 E3/E5 oder weitere Lizenzen
• Allgemeines Ziel: Technologische Weiterentwicklung fördern für Microsoft Produkte welche in der
Baggenstos Produktematrix sind.
• Doing: Wöchentlicher Abgleich (Endpoint, Messaging, Security usw.) innerhalb Core Team
Baggenstos bestehend aus Fachspezialisten (Consultants, Engineers)
• Managed Service Ziel: Technologische Weiterentwicklung der eingesetzten Produkte im Managed
Service
• Resultat: Massnahmenpakete erstellen via Ticketingsystem
• Umsetzung: Iterative Implementierung Managed Service Kunden
37. Worum geht es …
• Microsoft Defender for Servers erweitert den Schutz auf Ihre Windows- und Linux-Computer,
die in Azure, und lokal ausgeführt werden. Defender for Servers bietet weitere Features zum
Schutz vor Bedrohungen.
• Ist bereits auf jedem Server ab W2016 aktiv (Microsoft Defender Antivirus) aber aktiviert mit
maximaler Komptabilität
• Mit Defender for Server und entsprechender Konfiguration ist das Ziel maximale Security
• Sie unterscheidet sich von den typischen signaturbasierten Anti-Malware-Lösungen, die es
gibt, da sie Sensoren enthalten, um Verhaltenssignale von Betriebssystemen zu sammeln und
zu verarbeiten, und maschinelles Lernen (KI) verwendet, um verdächtiges Verhalten zu
erkennen.
• Microsoft Defender Servers ist im gleichen Zug eine zentrale Sicherheitsplattform (Portal) für
Endgeräte, die Unternehmen bei der Prävention, Erkennung, Untersuchung und Reaktion auf
fortschrittliche Bedrohungen unterstützt.
38. Defender for Servers
• Sie erhalten die Basiskonfiguration nach Baggenstos Baseline (Standard)
• Integration Azure Arc für Onboarding Onpremis Server
• Installation & Konfiguration Monitoring Agent
• Bereitstellen & Konfiguration der GPO’s für Defender Capabilities in Windows
• Onboarding (on-prem) Server in Defender for Cloud
• Exclusions für Business Applikationen setzen (bei Bedarf)
• Schulung Defender for Cloud
• Mailnotification oder Anbindung Ticketingsystem für Alerting (Azure Sentinel)
• Technische Features
• Next-generation protection (Maschine Learning / Künstliche Intelligenz)
• Attack surface reduction (Verringern der Angriffsfläche durch Regeln)
• Implementation Microsoft Defender Best Practises
• Centralized management (Security Portal)
• Security reports
• Lizenzvoraussetzungen:
• Microsoft Defender for Servers (CHF 5.– pro Monat pro Server)
40. Worum geht es …
• Analog Server, es handelt sich grundsätzlich um das gleiche Produkt. (Microsoft Defender
Antivirus)
• Unterscheidung im Onboarding der Clients
• Einfaches Onboarding via Intune Konfigurationsrichtlinen oder AD Gruppenrichtlinen
• Intuitives Security Portal für eine Übersicht aller Clients analog Server
• Alerting über Mail oder Ticketingsystem Anbindung (Azure Sentinel)
41. Defender for Endpoint
• Sie erhalten die Basiskonfiguration nach Baggenstos Baseline (Standard)
• Konfiguration & bereitstellen Intune Konfigurationsrichtlinien für Defender for Endpoint
• Onboarding mit Microsoft Endpoint Manager (Intune)
• Onboarding Clients
• Monitoring & Anpassung an ihre Systeme & Business Applikationen
• Mailnotification oder Anbindung Ticketinsystem für Alerting (Sentinel)
• Technische Features
• Er ist in Windows 10/11 eingebettet (kein zusätzlicher Agent muss bereitgestellt werden)
• Unterstützung für Windows 7/8 und Nicht-Windows-Betriebssysteme wie Linux, macOS, Android
und iOS
• Anti-Manipulation
• Endpunkt-Erkennung und -Reaktion (EDR)
• Attack Surface reduction
• Integration mit Microsoft Endpoint Manager
• Schwachstellenanalyse
• Suite-übergreifende Integrationen
• Integrierte Datentrennung und RBAC
• Tiefe Datensammlung (bis zu 6 Monate Datenspeicherung)
• Native Integration mit Azure AD Conditional Access
• Lizenzvoraussetzungen:
• Microsoft Defender for Endpoint Plan 1 oder 2, Microsoft365 Business Premium (Defender for Business)
43. Worum geht es …
Was ist Vulnerability Management? (Schwachstellenmanagement)
Das Vulnerability Management hat die Aufgaben die Verwundbarkeit in der IT-
Infrastruktur eines Unternehmens zu identifizieren und zu beheben. Das Ziel ist
die Reduzierung der Risiken für die IT-Systeme sowie die nachhaltige
Verbesserung der gesamten Sicherheitsniveaus.
Durch die Nutzung des Produktes priorisiert Defender Vulnerability Management
schnell und kontinuierlich die größten Sicherheitsrisiken für Ihre kritischsten
Ressourcen und bietet Sicherheitsempfehlungen zur Risikominderung.
• Software (Aktualität sowie Bugfixing)
• Browser Extensions
• Zertifikate
Fokus liegt auf Software Vulnerabilities sowie deren Bekämpfung.
44. Secure Score for Device / Exposure Score
Der Secure Score for Devices bzw. deren Empfehlungen kommen hauptsächlich
vom Defender for Endpoint.
Weitere Empfehlungen betreffen:
• OS, Netzwerk, Accounts, Applikationen
Secure Score for Devices Exposure Score
(Defender for Endpoint) (Vulnerability Management)
Empfohlener Wert
Microsoft 65% und
höher
Ziele Baggenstos
Microsoft 75% und
höher
Ziele Baggenstos
Microsoft 20 % und
tiefer
Empfohlener Wert
Microsoft 30 % und
tiefer
46. Worum geht es …
Microsoft Defender für Office 365 ist ein Sicherheitsdienst, der speziell für Office 365 entwickelt
wurde und Schutz vor komplexen Bedrohungen wie Phishing, Schadsoftware, Spam und
betrügerischen Business-E-Mails bietet.
• Drei Produkte
• Exchange Online Protection (Default Exchange Online)
• Microsoft Defender for Office365 P1
• Microsoft Defender for Office365 P2
Office365
47. Was bringen die einzelnen Services?
Exchange Online Protection
Defender for Office365 Plan 1 + 2
Lizenzvoraussetzungen: Microsoft Defender Office365 Plan 1 + 2, Microsoft365 Business Premium
48. Microsoft Sentinel
Sie erhalten die Basiskonfiguration für Ihr erfolgreiches Alert
Handling im Baggenstos Ticketsystem via Microsoft Sentinel
• Integrierte Defender Produkte (Baggenstos Standard)
• Microsoft Defender for Servers
• Microsoft Defender Antivirus
• Microsoft Defender Endpoint
• Microsoft Defender for Office365
49. Zusammenfassung – das Wichtigste!
Nutzen und konfigurieren Sie beim Einsatz von Microsoft
Cloud Services die lizenzierten Security Komponenten.
Überwachen und aktualisieren Sie stets die von Microsoft
erweiterten Security Funktionen.
Sensibilisieren Sie die Mitarbeitenden auf die möglichen
Bedrohungen und Schulen Sie das Verhalten bei
Unsicherheit.
What is the most typical case of fraud in the cloud?
It starts by stealing credentials, hackers target admin accounts without mfa, or breakglass accounts, sometimes breakglass accounts of a partner that gives them access to many customer subscriptions, or even mfa tokens stolen from an unmanaged device
Next step is to look for a subscription, may be production, but they even prefer test/dev subscriptions because nobody is monitoring those ones
Then they wait for the right time to start consuming resources, because they check for customer names, they analyze how to distribute the charge to get unnoticed, and then they deploy on a Friday evening so they have all the weekend to work without anyone watching them
Phishing continues to be a preferred attack method as cybercriminals can acquire significant value from successfully stealing and selling access to stolen accounts.
This year saw a significant increase in indiscriminate phishing and credential theft to gain information which is sold and used in targeted attacks such as ransomware, data exfiltration and extortion, and business email compromise, and also with attacks that will have a big impact on your side like cryptojacking: using your resources to do cryptomining activities.
To illustrate the scale of phishing and the speed of compromise, we’ve included some stats in the report.
This year we blocked an average of 710 million phishing emails per week.
In addition to the URLs blocked by Defender for Office, our Digital Crimes Unit directed the takedown of 531,000 unique phishing URLs hosted outside of Microsoft.
It takes just 1 hour and 12 minutes for an attacker to access your private data if you fall victim to a phishing email.
And one 1 hour and 42 minutes is the median time for an attacker to begin moving laterally in your corporate network once the device is compromised.
These last two data points come from Defender for Office (for malicious email/compromised identity activity), Azure Active Directory Identity Protection (for compromised identity events/alerts), Defender for Cloud Apps (for compromised identity data access events), M365D (for cross product correlation), and Defender for endpoint (for attack behavior alerts and events).
Phishing emails with Ethereum wallet addresses
Only a few days after the start of the war in Ukraine in late February 2022, the number of detected phishing emails containing Ethereum addresses encountered across enterprise customers increased dramatically. Total encounters peaked in the first week of March when half a million phishing emails contained an Ethereum wallet address. Prior to the start of the war, the number of Ethereum wallet addresses across other emails detected as phish was significantly less, averaging a few thousand emails per day.
Business email compromise:
Email phishing attacks against businesses for financial gain are collectively referred to as BEC attacks. Microsoft detects millions of BEC emails every month. BEC is the costliest financial cybercrime, with an estimated $2.4 billion USD in adjusted losses in 2021, representing more than 59 percent of the top five internet crime losses globally. BEC attackers normally attempt to start a conversation with potential victims to establish rapport. The introduction email, which we track as a BEC lure, represents close to 80 percent of detected BEC emails.
Phishing impersonating a Microsoft login with dynamic content
Microsoft accounts remain a top target for phishing operators, as evidenced by the numerous phishing landing pages which impersonate the Microsoft 365 login page. For example, phishers attempt to match the Microsoft login experience in their phish kits by generating a unique URL customized to the recipient. This URL points to a malicious webpage developed to harvest credentials, but a parameter in the URL will contain the specific recipient’s email address. Once the target navigates to the page, the phish kit will pre-populate user login data and a corporate logo customized to the email recipient, mirroring the appearance of the targeted company’s custom Microsoft 365 login page.
Let's start off with the why here and go through these trends + challenges we're seeing. [People don't own their identity data and don't really even understand where it is being used, regulations are increasing, we've already seen this with GDPR, and by next year 65% of the world will be covered by some kind of privacy regulation, and lastly the modern workplace is hybrid and we see that identity proofing processes are unsatisfactory for 82% of organizations.
Digital identity is a prime target for cybercrime and ransomware attacks. Compromised or fraudulent credentials are a very real and critical threat to public and private organizations today.
Today, your identity data is spread across countless entities and accounts, creating greater risks of fraud or breach. People once kept their valuable identity documents under lock and key. Plus, over 10 million people are stateless, and lack identity credentials.
Companies are questioning whether it’s even worth it to capture and manage personally identifiable data.
Pandemic and now hybrid work arrangements are a huge challenge to traditional identity verification process that tends to rely on the copies of physical documents (92% of orgs). Plus the Great Reshuffle - 4.5 million Americans resigned from their jobs in August 2021. 41% are considering leaving their employer.
So, how can we protect our customer subscriptions? We know that 98% of the attacks could be avoided by following the basic security hygiene. So, the first thing is protecting the identities, and one important strategy to protect them is to use Multifactor authentication. But this is not enough, we need to follow the zero trust principles. We must stop believing that everything behind our corporate firewall is safe, we always verify every request because we assume breach. And even when you have verified the request, the identity accessing a resource should only have the minimum rights to perform the task it has to do and just during the time it has to run the task, this applies to users but also to machine identities.
Zero Trust is a security strategy. It is not a product or a service, but an approach in designing and implementing these security principles.
We have special trainings for partners like this 2-day event for learning about Zero Trust, and a full Guidance Center on Microsoft learn, where you can learn all the concepts and have implementation guides for them.
Are you applying Zero Trust? Have you regular conversations and trainings with your customers about these topics?
20
21
22
Note: Per Gartner publication policy, alterations to this slide are not allowed.
Note: Per Forrester publication policy, alterations to this slide are not allowed.
Level 1
Education & learning: STP
Assess MS controls: Compliance Manager & STP (audit reports)
Evaluate Customer controls: secure score & STP (whitepapers)
Level 2: Independent Assurance
Certifications (multiple)
Level 3: External attestation
100% independent
External party has done evidence review on behalf of banks
Level 4: Directly observe control evidence
Group audit for efficiency
1:1 Audit upon request
Introducing Microsoft Purview!
To help organizations govern and protect data across their multi-cloud, multi-platform data environment, while meeting the compliance requirements they are subject to, we are announcing Microsoft Purview. Microsoft Purview is a comprehensive set of solutions to help govern, protect, and manage your data estate.
Microsoft Purview unifies information protection, data governance, risk management, and compliance solutions so that customers can manage their data all from one place. Now, they can leverage that visibility across their environment to help close exposure gaps, simplify tasks through automation, stay up-to-date with regulatory requirements, and keep their most important asset, data, safe.
With Microsoft Purview we bring together compliance and data governance
The risk and compliance portfolio joins with our unified data governance
Talk Track:
When you enable Microsoft Priva, from the Microsoft Purview compliance portal, in less than 48 hours, you start to see insights around personal data sprawl for your organization - how much personal data exists in your organization, where it lives, how it moves etc – no configuration needed. In this example, it shows that this tenant has 1.7K items with personal data found. These insights are also dynamically updated as new data comes in, helping Admin keep a pulse over time
Additionally on the dashboard, Admins can see this tile that summarizes the Privacy risks in their organization. There are 3 categories of privacy risks that are captured here, including
Data minimization risk, which identifies personal data that has not been used for a long period of time and is just sitting around in your org
Second, data overexposure risk, which identifies content with personal data that is being over shared,
Third, cross-border transfer risk, which identifies personal data that is being transferred across boundaries – regional or department data transfer.
This tile shows the total count of all such matches. Right from here Admins can drill down and inspect the violations
This view has been extremely valuable for our customers who have deployed the solution. Most of them did not have this level of visibility and insights into their personal data risks. For some organizations this amount of personal data could be pretty significant to begin with.
This view enables organizations to increase the awareness of privacy risks in their environment and take the right steps to make improvements
And it all comes together with Security Copilot at the heart of the Microsoft Security product portfolio.
Security is a defining challenge of our times.
The number of password attacks Microsoft detects has more than tripled in the last 12 months, from 1,287 per second to more than 4,000 per second
And the median time for an attacker to access your private data if you fall victim to a phishing email is only 1 hour and 12 minutes.
Defenders are simply outmatched. Attackers have more resources and don’t have to play by the same rules.
Add to that a global shortage of 3.5 million skilled cybersecurity professionals, and it’s no wonder that security incidents have become an everyday o ccurrence in organizations of every size, in every industry, and in every part of the world. So security professionals are up to huge challenge – a challenge that we believe we can help solve with Security Copilot.
Now, those are some jarring statistics. Net, net – the job is really tough. Let’s look at some specific challenges facing security analysts themselves now.
We’ve touched on this already, but one of the game changing aspects of this technology is that you can interact with it using natural language queries, the same way that you interact with your coworkers. Let’s take a look at what happens behind the scenes when you ask a natural language query because it may seem simple at face value but there is a lot of sophisticated processing and computation that’s taking place under the hood.
Here’s a very simplified look at what happens behind the scenes. After the user submits a prompt the Security Copilot planner determines the context and builds the plan using the available skills that come with Security Copilot. It then executes the plan and gathers all the necessary content and data. Next it combines that data and context, formats the data, works out the response and then delivers that response. This can happen in just seconds.
Once again this is a very simplified view, but I wanted to show you a little more on how it works. We’ve talked about the security-specific model a bit but let’s go a bit deeper there next.
Microsoft Defender for Cloud Secure score (Azure) https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls
Microsoft 365 Defender - Microsoft Secure Score (M365) Microsoft Secure Score | Microsoft Learn
Microsoft Secure Score for Devices (Exposure Score/Configuration Score) Microsoft Secure Score for Devices | Microsoft Learn
Microsoft Defender Exploit Guard
Kontrollierter Ordnerzugriff (schützt zum Beispiel systemordner
Reduzierung der Angriffsfläche (Sie kann zum Beispiel helfen, Office-, E-Mail- und skriptbasierte Malware zu stoppen)
Folgend die Microsoft 365 Defender Security Empfehlungen, welche durch die oben genannten Group Policies konfiguriert werden:
Microsoft Defender for Endpoint
Detect and block potentially unwanted applications (PUA)
Microsoft Defender Antivirus cloud protection
Always-on protection
Microsoft Defender SmartScreen (Wart vor verdächtigen Websites, schützt vor Phishing Websites, Führt Screening von Downloads durch
Microsoft Security Compliance Toolkit (SCT)
Plan costs, understand Microsoft Sentinel pricing and billing | Microsoft Learn
Credential Guard ist ein Schutz, um auf dem System verwendete Passwörter zu schützen, da diese ansonsten zugänglich für Schadsoftware auf dem System sich befinden. Diese Passwörter werden isoliert, sodass ausschliesslich System-Software den Zugang hat.
ASR
ASR ist eine Sammlung von Regeln, die den Microsoft Defender steuern, um das Windows System sicherer zu machen, indem es folgende Verhalten beeinflusst resp. nicht zulässt: [5]
Launching execuTabelle files and scripts that attempt to download or run files
Running obfuscated or otherwise suspicious scripts
Behaviors that apps do not usually occur during normal day-to-day work