Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons it’s Written On - Alex Simons

551 views

Published on

This session will review digital identity’s transition from vulnerable authentication methods and what Microsoft and others are doing to address the hard problems associated with managing and protecting digital identities.

Published in: Technology
  • Be the first to comment

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons it’s Written On - Alex Simons

  1. 1. Without great security, Digital Identity is not worth the electrons it’s written on Alex Simons DirectorofProgramManagement MicrosoftCorporation
  2. 2. 90% organizations using Microsoft Active Directory WW 500M 10Bdaily Microsoft Account logons active Microsoft Account users 5.5M organizations using Microsoft Azure Active Directory >1,000 Microsoft engineers working on Identity and Security
  3. 3. The frequency and sophistication of cybersecurity attacks are escalating $500B total potential cost of cybercrime to the global economy $3.5M average cost of a data breach to a company 200+ median # days attackers reside within a victim’s network before detection network intrusions due to compromised user credentials 75%+
  4. 4. rule-based detection static analysis machine learning anomaly detection real-time risk scoring device profiling adaptive authentication conditional access smart cards security tokens OTPs & OATH codes authenticator apps biometrics dedicated teams threat intelligence dark web shared intelligence bounties Credential Hardening Dynamic Mitigation Attack Intelligence Advanced Detection
  5. 5. On premises In the cloud Machine Learning User and Entity Behavior Analytics
  6. 6. Brute force cameroncameron1cameron2cameron3cameron4cameron5cameron6cameron7cameron8cameron9cameron10cameron11cameron12cameron13cameron14cameron15cameron16cameron17cameron18cameron19cameron25cameron26cameron27cameron28cameron29cameron30cameron31cameron32cameron33cameron34cameron35cameron36cameron37cameron38cameron39cameron40cameron41cameron42cameron43cameron44cameron45cameron46cameron47cameron48cameron49cameron50 ÛÛÛÛÛÛÛÛÛÛÛÛ
  7. 7. Monitoring abuse across tenants Bad username IP address: 199.34.28.10 Probable Penetration IP address: 199.34.28.10 Bad username Bad password Bad password Bad username Bad password Bad username Bad username Logon Successful
  8. 8. Anonymizers IP address: 199.34.28.10 IP address: 199.34.28.10
  9. 9. N Botnets 192.168.1.10 10.18.91.42 172.16.4.19 192.168.1.12 172.16.11.14 199.34.28.10 192.168.9.5 172.16.21.98 10.129.6.21 172.16.5.2 172.16.42.2 192.168.14.11 172.16.82.14 10.111.4.53 192.168.21.1 10.34.71.5 172.16.87.9 192.168.28.10 172.16.25.6 10.4.221.34 199.34.28.10 199.34.28.10199.34.28.10
  10. 10. Security issues and risks Broken trust Weak protocols Known protocol vulnerabilities
  11. 11. Malicious attacks Pass-the-Ticket (PtT) Pass-the-Hash (PtH) Overpass-the-Hash Forged PAC (MS14-068) Golden Ticket Skeleton key malware Reconnaissance BruteForce
  12. 12. Abnormal behavior Anomalous logins Remote execution Suspicious activity Unknown threats Password sharing Lateral movement
  13. 13. http://aka.ms/aadtrial
  14. 14. http://aka.ms/atatrial

×