SlideShare a Scribd company logo

Gunter O

Download as PPTX, PDF
H
Hilary Ip

Microsoft

Presentations & Public Speaking
1 of 15
Gunter Ollmann | CTO, Security -- Cloud + Enterprise Division Twitter: @gollmann LinkedIn: https://linkedin.com/in/gunterollmann/ How Machine Learning is Changing the Face of Cyber-Defense
Defense has fundamentally changed Defender
Microsoft’s daily cloud security scale 10s of PBs of logs 300+ million active Microsoft Account users Detected/ reflected attacks >10,000 location-detected attacks 1.5 million compromise attempts deflected 450 billion Azure Active Directory logons
• Incident Response (IR) and Threat Hunting • No shortage of interesting things needing to be investigated • Each new detection capability adds more needles to the haystack ML Applied to Continual Threat Detection
• Detection capabilities and volume scaling fast! • More threats than can ever be fully investigated by a human Prioritizing The Haystacks • Prioritization via scoring • Learning from human investigators • Collating related attack and exploitation events • Combining external and 3rd-party intelligence • Understanding the “business context” • Growing haystacks • Cyber defenders increasing focused on big/edge events • Backlog of (possible) investigations keeps growing • Need for AI-powered blocking/mitigation automation
• Transition of defender • 6+ years ago: “patch-monkey” • Today: front-line, highly-trained cybersecurity expert ML Critical to the Changing Cyber Battlefield Tier-2.5 Successful detections require domain knowledge
• Detect anomalous Azure Active Directory logins from unusual geographic locations • A login is anomalous, if the distance between places is ‘unreachable’ Example: Geolocation Anomaly Detection Noisy Inputs Company proxy/gateway Cellphone networks Staff vacations and travel Former rules + heuristics based approach 28% of logins identified as suspicious 2 billion logins per day = 560m “suspicious” logins
• Detect anomalous Azure Active Directory logins from unusual geographic locations • A login is anomalous, if the distance between places is ‘unreachable’ Example: Geolocation Anomaly Detection After applying Machine Learning Rate dropped to less than 0.001% Profile User’s location by comparing with similar users. Ensure the model accounts for travel and company proxies • Trained in regular intervals: 800+ GB per day • Classification completed within milliseconds
• Network anomaly and Multi-cloud behavioral detections • “User” downloading from an odd location, odd times, and unmanaged devices • Disproportionate download of documents marked as “confidential” • Attributed to an employee one-week before leaving • Anti-phishing leads to Patient-zero protection • Dynamically generated email with “unique” text and link to infector site • Sophisticated anti-phishing ML and anomaly detection recognizes the attack • URL inspected, payload downloaded and detonated • New malware family and campaign uncovered • Behavioral classifier and malware labels pushed to desktop protectors Preempting Customer Attacks with ML
Microsoft secures… MACHINE LEARNING Microsoft Azure Security Center Windows Server Security INFRASTRUCTURE IDENTITY Windows Hello Microsoft Azure Active Directory Credential Guard Microsoft Advanced Threat Analytics APPS & DATA Microsoft Cloud App Security Office 365 Data Loss Prevention Exchange Online Advanced Threat Protection Windows Information Protection Office 365 Customer Lockbox Office 365 Advanced Security Management Microsoft Azure Rights Management Windows BitLocker Azure Information Protection DEVICES Windows Defender Advanced Threat Protection Device Guard Windows Defender Enterprise Mobility + Security
• Cyber Reasoning System (CRS) • DEF CON 2016 – Las Vegas - $55m program, with $2m cash award for Mayhem • Auto-attack • Auto-defend • Auto-patch • Auto-”bug hunt” DARPA Cyber Grand Challenge
• The world today… is already automated • Every IP scanned hundreds of times per day • Every “common” port scanned hundreds of times per day • Every uncommon port scanned dozens of times per day • Every service identified, enumerated, and probed daily • Every service account tested and brute-forced 10,000’s times per day • All automated, database driven, searchable – ready for mass compromise • The world next week… will be smarter • Hide within the background noise of the Internet, maintain persistence • High volume, everything at once, land grab of target resources and data • Or something inbetween… From Defenders to Attackers
• Humans monitor across systems • Too big a “bump in the wire” to have humans in-line • Dynamic defensive layers fed by suspicion • Defenses added, connections re-routed, as behavioral anomalies grow • Move from “alert” to “mitigated” • Defend earlier in the attack life-cycle • Collaborative multi-provider prevention • Attack traffic is mitigated at source, informed by AI Next Generation Cyber Defense
Gunter Ollmann | CTO, Security -- Cloud + Enterprise Division Twitter: @gollmann LinkedIn: https://linkedin.com/in/gunterollmann/

Recommended

Solving cyber at scale
Solving cyber at scaleSolving cyber at scale
Solving cyber at scaleDataWorks Summit
 
Solving Cyber at Scale
Solving Cyber at ScaleSolving Cyber at Scale
Solving Cyber at ScaleDataWorks Summit
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
 
Steven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer cloudingSteven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer clouding'Self-Employed'
 
BSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security MonitoringBSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security Monitoringchrissanders88
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBlue Coat
 

Recommended

Solving cyber at scale
Solving cyber at scaleSolving cyber at scale
Solving cyber at scaleDataWorks Summit
 
Solving Cyber at Scale
Solving Cyber at ScaleSolving Cyber at Scale
Solving Cyber at ScaleDataWorks Summit
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryCR Group
 
Steven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer cloudingSteven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer clouding'Self-Employed'
 
BSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security MonitoringBSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security Monitoringchrissanders88
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBlue Coat
 
Visualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityVisualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityCambridge Intelligence
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber securityFemi Ashaye
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber AttackersSirius
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware EventArt Ocain
 
Data Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteData Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteHPCC Systems
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeDragos, Inc.
 
Using Big Data for Cybersecurity
Using Big Data for CybersecurityUsing Big Data for Cybersecurity
Using Big Data for CybersecuritySplunk
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & ChallengesDeepak Kumar (D3)
 
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)Security Bootcamp
 
A tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programA tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programidsecconf
 
Security Chat 5.0
Security Chat 5.0Security Chat 5.0
Security Chat 5.0Raffael Marty
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeCristian Garcia G.
 
Recover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacRecover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacTicTac Data Recovery
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack DemonstrationAlert Logic
 
CSCSS Science of Security - Developing Scientific Foundations for the Operati...
CSCSS Science of Security - Developing Scientific Foundations for the Operati...CSCSS Science of Security - Developing Scientific Foundations for the Operati...
CSCSS Science of Security - Developing Scientific Foundations for the Operati...Shawn Riley
 
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...Jürgen Ambrosi
 
Fully Integrated Defense Operation
Fully Integrated Defense OperationFully Integrated Defense Operation
Fully Integrated Defense OperationRob Fry
 

More Related Content

What's hot

Visualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityVisualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityCambridge Intelligence
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber securityFemi Ashaye
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber AttackersSirius
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware EventArt Ocain
 
Data Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteData Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteHPCC Systems
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeDragos, Inc.
 
Using Big Data for Cybersecurity
Using Big Data for CybersecurityUsing Big Data for Cybersecurity
Using Big Data for CybersecuritySplunk
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)Security Bootcamp
 
A tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programA tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programidsecconf
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeCristian Garcia G.
 
Recover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacRecover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacTicTac Data Recovery
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack DemonstrationAlert Logic
 
CSCSS Science of Security - Developing Scientific Foundations for the Operati...
CSCSS Science of Security - Developing Scientific Foundations for the Operati...CSCSS Science of Security - Developing Scientific Foundations for the Operati...
CSCSS Science of Security - Developing Scientific Foundations for the Operati...Shawn Riley
 

What's hot (20)

Visualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityVisualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber Security
 
Addressing cyber security
Addressing cyber securityAddressing cyber security
Addressing cyber security
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware Event
 
Data Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 KeynoteData Analytics in Cyber Security - Intellisys 2015 Keynote
Data Analytics in Cyber Security - Intellisys 2015 Keynote
 
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
 
Using Big Data for Cybersecurity
Using Big Data for CybersecurityUsing Big Data for Cybersecurity
Using Big Data for Cybersecurity
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
 
A tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting programA tale story of building and maturing threat hunting program
A tale story of building and maturing threat hunting program
 
Security Chat 5.0
Security Chat 5.0Security Chat 5.0
Security Chat 5.0
 
Disección de amenazas en entornos de nube
Disección de amenazas en entornos de nubeDisección de amenazas en entornos de nube
Disección de amenazas en entornos de nube
 
Recover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacRecover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by Tictac
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration
 
CSCSS Science of Security - Developing Scientific Foundations for the Operati...
CSCSS Science of Security - Developing Scientific Foundations for the Operati...CSCSS Science of Security - Developing Scientific Foundations for the Operati...
CSCSS Science of Security - Developing Scientific Foundations for the Operati...
 

Similar to Gunter O

2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...Jürgen Ambrosi
 
Fully Integrated Defense Operation
Fully Integrated Defense OperationFully Integrated Defense Operation
Fully Integrated Defense OperationRob Fry
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsAdeo Security
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...Flink Forward
 
Arbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsArbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsMicrosoft Österreich
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesAtif Ghauri
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Spyglass Security
 
Insurance Cyber Risks Presentation
Insurance Cyber Risks PresentationInsurance Cyber Risks Presentation
Insurance Cyber Risks PresentationNeville Cartwright
 
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Danny Akacki
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsSpyglass Security
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO CompliancePECB
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake finalMinh Le
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...Andris Soroka
 

Similar to Gunter O (20)

2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
 
Fully Integrated Defense Operation
Fully Integrated Defense OperationFully Integrated Defense Operation
Fully Integrated Defense Operation
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
Flink Forward Berlin 2018: Yonatan Most & Avihai Berkovitz - "Anomaly Detecti...
 
Arbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsArbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat Analytics
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2
 
Insurance Cyber Risks Presentation
Insurance Cyber Risks PresentationInsurance Cyber Risks Presentation
Insurance Cyber Risks Presentation
 
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Custom defense - Blake final
Custom defense - Blake finalCustom defense - Blake final
Custom defense - Blake final
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
 

More from Hilary Ip

Living in Color: Carving Out Safe Spaces For Community by Danielle Cadet (Man...
Living in Color: Carving Out Safe Spaces For Community by Danielle Cadet (Man...Living in Color: Carving Out Safe Spaces For Community by Danielle Cadet (Man...
Living in Color: Carving Out Safe Spaces For Community by Danielle Cadet (Man...Hilary Ip
 
Testing New Revenue Streams by Stefanie Rapp (SVP, Revenue Strategy, Bleacher...
Testing New Revenue Streams by Stefanie Rapp (SVP, Revenue Strategy, Bleacher...Testing New Revenue Streams by Stefanie Rapp (SVP, Revenue Strategy, Bleacher...
Testing New Revenue Streams by Stefanie Rapp (SVP, Revenue Strategy, Bleacher...Hilary Ip
 
Building A New Ecosystem: The Role of Partnerships at an OTT Service by Justi...
Building A New Ecosystem: The Role of Partnerships at an OTT Service by Justi...Building A New Ecosystem: The Role of Partnerships at an OTT Service by Justi...
Building A New Ecosystem: The Role of Partnerships at an OTT Service by Justi...Hilary Ip
 
How PBS Creates YouTube Series that Educate, Entertain & Inspire by Adam Dyle...
How PBS Creates YouTube Series that Educate, Entertain & Inspire by Adam Dyle...How PBS Creates YouTube Series that Educate, Entertain & Inspire by Adam Dyle...
How PBS Creates YouTube Series that Educate, Entertain & Inspire by Adam Dyle...Hilary Ip
 
Telling Better Stories Across the Open Web by Adam Greenberg (Sr. Global Prod...
Telling Better Stories Across the Open Web by Adam Greenberg (Sr. Global Prod...Telling Better Stories Across the Open Web by Adam Greenberg (Sr. Global Prod...
Telling Better Stories Across the Open Web by Adam Greenberg (Sr. Global Prod...Hilary Ip
 
Data Storytelling in the Digital Age by Stephanie Salmon (SVP, Data & Informa...
Data Storytelling in the Digital Age by Stephanie Salmon (SVP, Data & Informa...Data Storytelling in the Digital Age by Stephanie Salmon (SVP, Data & Informa...
Data Storytelling in the Digital Age by Stephanie Salmon (SVP, Data & Informa...Hilary Ip
 
Seven Steps to Building Out Newsletters by Michael Liss (VP, Product, New Yor...
Seven Steps to Building Out Newsletters by Michael Liss (VP, Product, New Yor...Seven Steps to Building Out Newsletters by Michael Liss (VP, Product, New Yor...
Seven Steps to Building Out Newsletters by Michael Liss (VP, Product, New Yor...Hilary Ip
 
Estelle Ayer
Estelle AyerEstelle Ayer
Estelle AyerHilary Ip
 
Adrian Gregory
Adrian GregoryAdrian Gregory
Adrian GregoryHilary Ip
 
Mark Wilson
Mark Wilson Mark Wilson
Mark Wilson Hilary Ip
 
Nathan Jacob
Nathan JacobNathan Jacob
Nathan JacobHilary Ip
 
Fireside chat slide
Fireside chat slide Fireside chat slide
Fireside chat slide Hilary Ip
 

More from Hilary Ip (20)

Living in Color: Carving Out Safe Spaces For Community by Danielle Cadet (Man...
Living in Color: Carving Out Safe Spaces For Community by Danielle Cadet (Man...Living in Color: Carving Out Safe Spaces For Community by Danielle Cadet (Man...
Living in Color: Carving Out Safe Spaces For Community by Danielle Cadet (Man...
 
Testing New Revenue Streams by Stefanie Rapp (SVP, Revenue Strategy, Bleacher...
Testing New Revenue Streams by Stefanie Rapp (SVP, Revenue Strategy, Bleacher...Testing New Revenue Streams by Stefanie Rapp (SVP, Revenue Strategy, Bleacher...
Testing New Revenue Streams by Stefanie Rapp (SVP, Revenue Strategy, Bleacher...
 
Building A New Ecosystem: The Role of Partnerships at an OTT Service by Justi...
Building A New Ecosystem: The Role of Partnerships at an OTT Service by Justi...Building A New Ecosystem: The Role of Partnerships at an OTT Service by Justi...
Building A New Ecosystem: The Role of Partnerships at an OTT Service by Justi...
 
How PBS Creates YouTube Series that Educate, Entertain & Inspire by Adam Dyle...
How PBS Creates YouTube Series that Educate, Entertain & Inspire by Adam Dyle...How PBS Creates YouTube Series that Educate, Entertain & Inspire by Adam Dyle...
How PBS Creates YouTube Series that Educate, Entertain & Inspire by Adam Dyle...
 
Telling Better Stories Across the Open Web by Adam Greenberg (Sr. Global Prod...
Telling Better Stories Across the Open Web by Adam Greenberg (Sr. Global Prod...Telling Better Stories Across the Open Web by Adam Greenberg (Sr. Global Prod...
Telling Better Stories Across the Open Web by Adam Greenberg (Sr. Global Prod...
 
Data Storytelling in the Digital Age by Stephanie Salmon (SVP, Data & Informa...
Data Storytelling in the Digital Age by Stephanie Salmon (SVP, Data & Informa...Data Storytelling in the Digital Age by Stephanie Salmon (SVP, Data & Informa...
Data Storytelling in the Digital Age by Stephanie Salmon (SVP, Data & Informa...
 
Seven Steps to Building Out Newsletters by Michael Liss (VP, Product, New Yor...
Seven Steps to Building Out Newsletters by Michael Liss (VP, Product, New Yor...Seven Steps to Building Out Newsletters by Michael Liss (VP, Product, New Yor...
Seven Steps to Building Out Newsletters by Michael Liss (VP, Product, New Yor...
 
John M
John MJohn M
John M
 
Maike S
Maike SMaike S
Maike S
 
Joe C
Joe CJoe C
Joe C
 
Philip R
Philip RPhilip R
Philip R
 
Michael W
Michael WMichael W
Michael W
 
Nick C
Nick CNick C
Nick C
 
Tyler M
Tyler MTyler M
Tyler M
 
Estelle Ayer
Estelle AyerEstelle Ayer
Estelle Ayer
 
Adrian Gregory
Adrian GregoryAdrian Gregory
Adrian Gregory
 
Mark Wilson
Mark Wilson Mark Wilson
Mark Wilson
 
Nathan Jacob
Nathan JacobNathan Jacob
Nathan Jacob
 
Fireside chat slide
Fireside chat slide Fireside chat slide
Fireside chat slide
 
Kate Tovey
Kate ToveyKate Tovey
Kate Tovey
 

Recently uploaded

Understanding Poverty: A Community Questionnaire
Understanding Poverty: A Community QuestionnaireUnderstanding Poverty: A Community Questionnaire
Understanding Poverty: A Community Questionnairebazilnaeem7
 
ServiceNow CIS-Discovery Exam Dumps 2024
ServiceNow CIS-Discovery Exam Dumps 2024ServiceNow CIS-Discovery Exam Dumps 2024
ServiceNow CIS-Discovery Exam Dumps 2024SkillCertProExams
 
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdfACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdfKinben Innovation Private Limited
 
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdfMicrosoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdfSkillCertProExams
 
Deciding The Topic of our Magazine.pptx.
Deciding The Topic of our Magazine.pptx.Deciding The Topic of our Magazine.pptx.
Deciding The Topic of our Magazine.pptx.bazilnaeem7
 
DAY 0 8 A Revelation 05-19-2024 PPT.pptx
DAY 0 8 A Revelation 05-19-2024 PPT.pptxDAY 0 8 A Revelation 05-19-2024 PPT.pptx
DAY 0 8 A Revelation 05-19-2024 PPT.pptxFamilyWorshipCenterD
 
SaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of GuruSaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of Gurusaastr
 
Databricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdfDatabricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdfSkillCertProExams
 
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptxTSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptxAnsari Aashif Raza Mohd Imtiyaz
 
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docx
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docxThe Influence and Evolution of Mogul Press in Contemporary Public Relations.docx
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docxMogul Press
 
2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptx2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptxnitishjain2015
 

Recently uploaded (11)

Understanding Poverty: A Community Questionnaire
Understanding Poverty: A Community QuestionnaireUnderstanding Poverty: A Community Questionnaire
Understanding Poverty: A Community Questionnaire
 
ServiceNow CIS-Discovery Exam Dumps 2024
ServiceNow CIS-Discovery Exam Dumps 2024ServiceNow CIS-Discovery Exam Dumps 2024
ServiceNow CIS-Discovery Exam Dumps 2024
 
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdfACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
 
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdfMicrosoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
 
Deciding The Topic of our Magazine.pptx.
Deciding The Topic of our Magazine.pptx.Deciding The Topic of our Magazine.pptx.
Deciding The Topic of our Magazine.pptx.
 
DAY 0 8 A Revelation 05-19-2024 PPT.pptx
DAY 0 8 A Revelation 05-19-2024 PPT.pptxDAY 0 8 A Revelation 05-19-2024 PPT.pptx
DAY 0 8 A Revelation 05-19-2024 PPT.pptx
 
SaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of GuruSaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of Guru
 
Databricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdfDatabricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdf
 
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptxTSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
 
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docx
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docxThe Influence and Evolution of Mogul Press in Contemporary Public Relations.docx
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docx
 
2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptx2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptx
 

Gunter O

  • 1. Gunter Ollmann | CTO, Security -- Cloud + Enterprise Division Twitter: @gollmann LinkedIn: https://linkedin.com/in/gunterollmann/ How Machine Learning is Changing the Face of Cyber-Defense
  • 2.
  • 3. Defense has fundamentally changed Defender
  • 4. Microsoft’s daily cloud security scale 10s of PBs of logs 300+ million active Microsoft Account users Detected/ reflected attacks >10,000 location-detected attacks 1.5 million compromise attempts deflected 450 billion Azure Active Directory logons
  • 5. • Incident Response (IR) and Threat Hunting • No shortage of interesting things needing to be investigated • Each new detection capability adds more needles to the haystack ML Applied to Continual Threat Detection
  • 6. • Detection capabilities and volume scaling fast! • More threats than can ever be fully investigated by a human Prioritizing The Haystacks • Prioritization via scoring • Learning from human investigators • Collating related attack and exploitation events • Combining external and 3rd-party intelligence • Understanding the “business context” • Growing haystacks • Cyber defenders increasing focused on big/edge events • Backlog of (possible) investigations keeps growing • Need for AI-powered blocking/mitigation automation
  • 7. • Transition of defender • 6+ years ago: “patch-monkey” • Today: front-line, highly-trained cybersecurity expert ML Critical to the Changing Cyber Battlefield Tier-2.5 Successful detections require domain knowledge
  • 8. • Detect anomalous Azure Active Directory logins from unusual geographic locations • A login is anomalous, if the distance between places is ‘unreachable’ Example: Geolocation Anomaly Detection Noisy Inputs Company proxy/gateway Cellphone networks Staff vacations and travel Former rules + heuristics based approach 28% of logins identified as suspicious 2 billion logins per day = 560m “suspicious” logins
  • 9. • Detect anomalous Azure Active Directory logins from unusual geographic locations • A login is anomalous, if the distance between places is ‘unreachable’ Example: Geolocation Anomaly Detection After applying Machine Learning Rate dropped to less than 0.001% Profile User’s location by comparing with similar users. Ensure the model accounts for travel and company proxies • Trained in regular intervals: 800+ GB per day • Classification completed within milliseconds
  • 10. • Network anomaly and Multi-cloud behavioral detections • “User” downloading from an odd location, odd times, and unmanaged devices • Disproportionate download of documents marked as “confidential” • Attributed to an employee one-week before leaving • Anti-phishing leads to Patient-zero protection • Dynamically generated email with “unique” text and link to infector site • Sophisticated anti-phishing ML and anomaly detection recognizes the attack • URL inspected, payload downloaded and detonated • New malware family and campaign uncovered • Behavioral classifier and malware labels pushed to desktop protectors Preempting Customer Attacks with ML
  • 11. Microsoft secures… MACHINE LEARNING Microsoft Azure Security Center Windows Server Security INFRASTRUCTURE IDENTITY Windows Hello Microsoft Azure Active Directory Credential Guard Microsoft Advanced Threat Analytics APPS & DATA Microsoft Cloud App Security Office 365 Data Loss Prevention Exchange Online Advanced Threat Protection Windows Information Protection Office 365 Customer Lockbox Office 365 Advanced Security Management Microsoft Azure Rights Management Windows BitLocker Azure Information Protection DEVICES Windows Defender Advanced Threat Protection Device Guard Windows Defender Enterprise Mobility + Security
  • 12. • Cyber Reasoning System (CRS) • DEF CON 2016 – Las Vegas - $55m program, with $2m cash award for Mayhem • Auto-attack • Auto-defend • Auto-patch • Auto-”bug hunt” DARPA Cyber Grand Challenge
  • 13. • The world today… is already automated • Every IP scanned hundreds of times per day • Every “common” port scanned hundreds of times per day • Every uncommon port scanned dozens of times per day • Every service identified, enumerated, and probed daily • Every service account tested and brute-forced 10,000’s times per day • All automated, database driven, searchable – ready for mass compromise • The world next week… will be smarter • Hide within the background noise of the Internet, maintain persistence • High volume, everything at once, land grab of target resources and data • Or something inbetween… From Defenders to Attackers
  • 14. • Humans monitor across systems • Too big a “bump in the wire” to have humans in-line • Dynamic defensive layers fed by suspicion • Defenses added, connections re-routed, as behavioral anomalies grow • Move from “alert” to “mitigated” • Defend earlier in the attack life-cycle • Collaborative multi-provider prevention • Attack traffic is mitigated at source, informed by AI Next Generation Cyber Defense
  • 15. Gunter Ollmann | CTO, Security -- Cloud + Enterprise Division Twitter: @gollmann LinkedIn: https://linkedin.com/in/gunterollmann/

Editor's Notes

  1. Left: Old model. Defender with limited “hard shell” defenses surrounded by attackers. Out numbered and out-gunned. Right: Cloud model. The cloud is instrumented and has defensive capabilities. Each customer/workload has its own set of defenses. Threat information and telemetry is shared and actions coordinated. Cloud provider’s defensive team helps orchestrate x-cloud defenses and responses. Defenders out number the attackers.
  2. Microsoft Cloud App Security b. Office 365 Advanced Security Management c. Microsoft Azure Rights Management d. Office 365 Data Loss Prevention e. Windows BitLocker f. Windows Information Protection g. Azure Information Protection h. Exchange Online Advanced Threat Protection i. Office 365 Customer Lockbox