Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[Japan Tech summit 2017] SEC 003

158 views

Published on

[Japan Tech summit 2017] SEC 003 セッション資料

Published in: Technology
  • Be the first to comment

[Japan Tech summit 2017] SEC 003

  1. 1. Microsoft Tech Summit 2017本情報の内容(添付文書、リンク先などを含む)は、Microsoft Tech Summit 2017 開催日(2017 年 11 月 8日 - 9 日)時点のものであり、予告なく変更される場合があります。
  2. 2. Ransomware: last 22 months 6,700 65,400 1 2 ランサムウェア検出台数 (国内) X9 出典:トレンドマイクロ 2016年 年間セキュリティラウンドアップ
  3. 3. App Locker Windows Defender AV Bit Locker TPM Windows Hello LAPS PAW Credential Guard Device Guard EMET UAC Windows Firewall Smart Screen Defender ATP Application Guard Exploit Guard GPO Audit Policy LSA Protection Windows Update Secure Boot IPSEC Windows Information Protection Thin Client AutoVPN OneDrive MDM DEP
  4. 4. O F F M A C H I N E O N M A C H I N E P R E - B R E A C H Windows Defender Antivirus Behavioral Engine (Behavior Analysis) ▪ Process tree visualizations ▪ Artifact searching capabilities ▪ Machine Isolation and quarantine Windows Defender ATP (Advanced Threat Protection) ▪ Enhanced behavioral and machine learning detection ▪ Memory scanning capabilities O365 (Email) ▪ Reducing email attack vector ▪ Advanced sandbox detonation Edge (Browser) ▪ Browser hardening ▪ Reduce script based attack surface ▪ App container hardening ▪ Reputation based blocking for downloads ▪ SmartScreen P O S T - B R E A C H End to End Protection O F F M A C H I N E Windows Defender Antivirus (AV) ▪ Improved ML and heuristic protection ▪ Instantly protected with the cloud ▪ Enhanced Exploit Kit Detections One Drive (Cloud Storage) ▪ Reliable versioned file storage in the cloud ▪ Point in time file recovery App Guard (Virtualized Security) ▪ App isolation Locked Down Devices ▪ Windows 10S ▪ Device Guard ▪ Credential Guard ▪ VSM Windows Defender Exploit Guard (HIPS) Attack Surface Reduction • Set of rules to customize the attack surface Controlled Folder Access • Protecting data against access by untrusted process Exploit Protection • Mitigations against memory based exploits Network Protection • Blocking outbound traffic to low rep sources Application Control (Whitelisting) ▪ Whitelisting application
  5. 5. Attack Surface Reduction Exploit Protection 脅威へのアクセス制限 Network Protection Controlled Folder Access WINDOWS DEVICES APPS ANALYZE ATTACKS BUILD MITIGATIONS Data driven Software defense EVALUATE MITIGATIONS
  6. 6. Exploit Protection
  7. 7. Exploit Protection の軽減策
  8. 8.  OS レベルでの ブロックを実現
  9. 9. Office rules Email rule Script rules 1. 2.
  10. 10. • •
  11. 11.  •
  12. 12. ■  https://docs.microsoft.com/en-us/windows/device-security/windows-security-baselines ■ Security baseline for Windows 10 “Fall Creators Update” (v1709) – FINAL  https://blogs.technet.microsoft.com/secguide/2017/10/18/security-baseline-for-windows-10-fall-creators-update-v1709-final/ ■  https://blogs.technet.microsoft.com/jpsecurity/2017/09/14/moving-beyond-emet-ii-windows-defender-exploit-guard/ ■  https://docs.microsoft.com/ja-jp/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard

×