Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Threat Management Lifecycle
Antonio Formato – Threat Management
antonio.formato@microsoft.com
+39 331 7350 247
@anformato
User opens email
attachment or
clicks on a URL
DETECT
Attacker steals
sensitive data
Exploitation of
the endpoint
Maliciou...
User browses
to a website
User runs a
program
Office 365 ATP
Email protection
User receives
an email
Opens an
attachment
C...
Office 365 Advanced Threat Protection
Protect your data
Advanced threat protection: Time of click protection for malicious links
Web servers
perform latest URL
...
Protect your data
Advanced threat protection: Sandboxing technology for malicious attachments
Sandboxing
Protect your data
Advanced threat protection: URL detonation
SandboxingEmail with link Link added to
reputation server
Protect your data
Threat protection extends to your
entire Office 365 ecosystem
Email is only one attack vector
Threat pro...
Protect your data
Advanced threat protection for your collaboration workloads
Sandboxing
and detonation
• anonymous links
...
Protect your data
Advanced security for your desktop clients
Improve your security against advanced
threats, unknown malwa...
Unified Platform for Endpoint
Security
*AV-TEST and AV-Comparatives
*Listed as one of the leaders in the “Ovum Decision Matrix”
Advanced Threat Analytics
Behavioral Analytics
(Interaction Map)
Detection for known
attacks and issues
Advanced Threat
Detection
Piattaforma on-pre...
Abnormal resource access
Account enumeration
Net Session enumeration
DNS enumeration
SAM-R Enumeration
Abnormal working ho...
Abnormal Behavior
 Anomalous logins
 Remote execution
 Suspicious activity
Security issues and risks
 Broken trust
 W...
INTERNET
ATA GATEWAY 1
VPN
DMZ
Web
Port mirroring
Syslog forwarding
SIEM
Fileserver
DC1
DC2
DC3
DC4
ATA CENTER
DB
Fileserv...
Cloud App Security
A comprehensive, intelligent security solution that brings the visibility, real-time control,
and security you have in you...
Discover and
assess risks
Protect your
information
Detect
threats
Control access
in real time
Identify cloud apps on your
...
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
Upcoming SlideShare
Loading in …5
×

Threat management lifecycle in ottica GDPR

Introduzione agli scenari di autenticazione per i servizi informativi nei contesti lavorativi moderni. Panoramica delle soluzioni offerte dalla soluzione Enterprise Mobility and Security per la messa in sicurezza delle identità e delle informazioni nel loro completo ciclo di vita. Prevenzione, rilevamento, contenimento e risposta a minacce di tipo avanzato con riferimenti alla cyber kill chain (focus su Endpoint, Identità, servizi di produttività e cloud app).

  • Be the first to comment

  • Be the first to like this

Threat management lifecycle in ottica GDPR

  1. 1. Threat Management Lifecycle Antonio Formato – Threat Management antonio.formato@microsoft.com +39 331 7350 247 @anformato
  2. 2. User opens email attachment or clicks on a URL DETECT Attacker steals sensitive data Exploitation of the endpoint Malicious apps and data Advanced threats and abnormal behavior Compromised user credentials Advanced threats to hybrid workloads Attacker installs backdoor to gains persistency Escalates privileges, steels credentials Attackers explores the network and moves to find sensitive data Attacker accesses sensitive data User inserts USB drive Browse to a website
  3. 3. User browses to a website User runs a program Office 365 ATP Email protection User receives an email Opens an attachment Clicks on a URL + Windows Defender ATP End Point protection Brute force an account Reconnaissance Lateral Movement Domain Dominance ATA +Azure ATP Identity protection Maximize detection coverage throughout the attack stages ! ! ! Exploitation Installation Command and Control channel C:
  4. 4. Office 365 Advanced Threat Protection
  5. 5. Protect your data Advanced threat protection: Time of click protection for malicious links Web servers perform latest URL reputation check Rewriting URLs to redirect to a web server. User clicking URL is taken to EOP web servers for the latest check at the “time- of-click”
  6. 6. Protect your data Advanced threat protection: Sandboxing technology for malicious attachments Sandboxing
  7. 7. Protect your data Advanced threat protection: URL detonation SandboxingEmail with link Link added to reputation server
  8. 8. Protect your data Threat protection extends to your entire Office 365 ecosystem Email is only one attack vector Threat protection has extended coverage Microsoft enables security for multiple office workloads Office 365
  9. 9. Protect your data Advanced threat protection for your collaboration workloads Sandboxing and detonation • anonymous links • companywide sharing • explicit sharing • guest user activity collaboration signals • malware in email + SPO • Windows Defender • Windows Defender ATP • suspicious logins • risky IP addresses • irregular file activity threat feeds • users • IPs • On-demand patterns (e.g. WannaCry) activity watch lists Leverage Signals Apply Smart Heuristics Files in SPO, ODB and Teams 1st and 3rd party reputation Multiple AV engines SharePoint OneDrive Microsoft Teams
  10. 10. Protect your data Advanced security for your desktop clients Improve your security against advanced threats, unknown malware, and zero-day attacks Protect users from malicious links with time-of-click protection Safeguard your environment from malicious documents using virtual environments Word Excel PowerPoint
  11. 11. Unified Platform for Endpoint Security
  12. 12. *AV-TEST and AV-Comparatives
  13. 13. *Listed as one of the leaders in the “Ovum Decision Matrix”
  14. 14. Advanced Threat Analytics
  15. 15. Behavioral Analytics (Interaction Map) Detection for known attacks and issues Advanced Threat Detection Piattaforma on-premise per il rilevamento di attacchi avanzati prima che essi causino danni
  16. 16. Abnormal resource access Account enumeration Net Session enumeration DNS enumeration SAM-R Enumeration Abnormal working hours Brute force using NTLM, Kerberos, or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request Abnormal VPN Abnormal authentication requests Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash Malicious service creation MS14-068 exploit (Forged PAC) MS11-013 exploit (Silver PAC) Skeleton key malware Golden ticket Remote execution Malicious replication requests Abnormal Modification of Sensitive Groups Advanced Threat Analytics Reconnaissance ! ! ! Compromised Credential Lateral Movement Privilege Escalation Domain Dominance
  17. 17. Abnormal Behavior  Anomalous logins  Remote execution  Suspicious activity Security issues and risks  Broken trust  Weak protocols  Known protocol vulnerabilities Malicious attacks  Pass-the-Ticket (PtT)  Pass-the-Hash (PtH)  Overpass-the-Hash  Forged PAC (MS14-068)  Golden Ticket  Skeleton key malware  Reconnaissance  BruteForce  Unknown threats  Password sharing  Lateral movement
  18. 18. INTERNET ATA GATEWAY 1 VPN DMZ Web Port mirroring Syslog forwarding SIEM Fileserver DC1 DC2 DC3 DC4 ATA CENTER DB Fileserver ATA Lightweight Gateway :// DNS
  19. 19. Cloud App Security
  20. 20. A comprehensive, intelligent security solution that brings the visibility, real-time control, and security you have in your on-premises network to your cloud applications. ControlDiscover Protect Integrates with your SIEM, Identity and Access Management, DLP and Information Protection solutions
  21. 21. Discover and assess risks Protect your information Detect threats Control access in real time Identify cloud apps on your network, gain visibility into shadow IT, and get risk assessments and ongoing analytics. Get granular control over data and use built-in or custom policies for data sharing and data loss prevention. Identify high-risk usage and detect unusual behavior using Microsoft threat intelligence and research. Manage and limit cloud app access based on conditions and session context, including user identity, device, and location. 101010101 010101010 101010101 01011010 10101

×