Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attacks (Advanced Threat Analytics)

441 views

Published on

Oggi, il tema della sicurezza informatica si è spostato dal datacenter a livelli più alti. Gli attacchi e le minacce sono cresciuti notevolmente oltre ad essere più sofisticati.
Gli attackers risiedono all'interno di una rete una media di otto mesi prima di essere rilevati. La percentuale maggiore degli attacchi compromettono le credenziali utente e utlizzano strumenti legittimi piuttosto che malware, rendendo molto difficile la loro rilevazione.

In questo webinar conosceremo ATA (Advanced Threat Analytics) strumento che aiuta le aziende a tenere sotto controllo comportamenti anomali e non leciti all’interno della propria organizzazione li dove gli strumenti di sicurezza tradizionali offrono una protezione limitata contro questo tipo di attacchi.

Published in: Education
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attacks (Advanced Threat Analytics)

  1. 1. Microsoft Advanced Threat Analytics Proteggersi dai Cyber Attacks Giuseppe Di Pasquale Premier Field Engineer Security 06/04/2017
  2. 2. Agenda 2
  3. 3. The frequency and sophistication of cybersecurity attacks are getting worse. The median # of days that attackers reside within a victim’s network before detection 146 Sobering statistics $500BThe total potential cost of cybercrime to the global economy of all network intrusions are due to compromised user credentials >63% $3.8MThe average cost of a data breach to a company
  4. 4. Designed to protect the perimeter Complexity Prone to false positives When user credentials are stolen and attackers are in the network, your current defenses provide limited protection. Initial setup, fine-tuning, and creating rules and thresholds/baselines can take a long time. You receive too many reports in a day with several false positives that require valuable time you don’t have.
  5. 5. DATA IDENTITYCLOUD & DATACENTER APPLICATIONS (Office365, SaaS) ENDPOINTS (Windows 10, Devices) Device Guard Credential Guard Windows Defender Windows Defender ATP Cloud App Security Azure SQL Security O365 Advanced Threat Protection Azure Security Center “OMS Security” Rights Management Services “Secure Islands” Azure AD Identity Protection Advanced Threat Analytics
  6. 6. Microsoft Advanced Threat Analytics brings the behavioral analytics concept to IT and the organization’s users. Behavioral Analytics Detection of advanced attacks and security risks Advanced Threat Detection An on-premises platform to identify advanced security attacks and insider threats before they cause damage
  7. 7. Detect threats fast with Behavioral Analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives Prioritize and plan for next steps
  8. 8. Analyze1 After installation: • Simple non-intrusive port mirroring, or deployed directly onto domain controllers • Remains invisible to the attackers • Analyzes all Active Directory network traffic • Collects relevant events from SIEM and information from Active Directory (titles, groups membership, and more)
  9. 9. ATA: • Automatically starts learning and profiling entity behavior • Identifies normal behavior for entities • Learns continuously to update the activities of the users, devices, and resources Learn2 What is entity? Entity represents users, devices, or resources
  10. 10. Detect3 Microsoft Advanced Threat Analytics: • Looks for abnormal behavior and identifies suspicious activities • Only raises red flags if abnormal activities are contextually aggregated • Leverages world-class security research to detect security risks and attacks in near real-time based on attackers Tactics, Techniques, and Procedures (TTPs) ATA not only compares the entity’s behavior to its own, but also to the behavior of entities in its interaction path.
  11. 11. Alert4 ATA reports all suspicious activities on a simple, functional, actionable attack timeline ATA identifies Who? What? When? How? For each suspicious activity, ATA provides recommendations for the investigation and remediation
  12. 12. Abnormal resource access Account enumeration Net Session enumeration DNS enumeration SAM-R Enumeration Abnormal working hours Brute force using NTLM, Kerberos, or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request Abnormal authentication requests Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash MS14-068 exploit (Forged PAC) MS11-013 exploit (Silver PAC) Skeleton key malware Golden ticket Remote execution Malicious replication requests Reconnaissance Compromised Credential Lateral Movement Privilege Escalation Domain Dominance
  13. 13. INTERNET ATA GATEWAY 1 VPN DMZ Web Port mirroring Syslog forwarding SIEM Fileserver DC1 DC2 DC3 DC4 ATA CENTER DB Fileserver ATA Lightweight Gateway :// DNS
  14. 14. DC01 ATA CENTER ATA Lightweight Gateway WIN10 – CLIENT - VICTIM WIN7 – CLIENT - ADMIN
  15. 15. www.microsoft.com/ata www.microsoft.com/en-us/evalcenter/evaluate-microsoft-advanced-threat-analytics
  16. 16. Q&A
  17. 17. Giuseppe Di Pasquale giuseppe.dipasquale@microsoft.com

×