SlideShare a Scribd company logo
1 of 32
IT-Sicherheit neu denken –
Paradigmenwechsel auf
Basis von Zero Trust
05. November
Thomas Treml
Microsoft Deutschland GmbH
BSI - IT-Sicherheit im Home-Office (bund.de)
IT-Sicherheit im Home-Office im Jahr 2020
Microsoft
Digital Defense Report
Aka.ms/mddr
OCTOBER 2021
Alte Welt vs.
Mitarbeiter, Partner & Kunden
Bring your own devices
Täglich neue Cloud-Apps
Perimeter verliert an Relevanz
Explosion der Signale
Eine neue Realität braucht neue Prinzipien
Explizit überprüfen
Identitäten sind das neue, zentrale Perimeter
Cloud
SaaS-Apps
On-Premises Apps
MFA durchsetzen
Zugriff
blockieren/zulassen
Legacy-Authentisierung
blockieren
Passwort
zurücksetzen
Zugriff
limitieren
Kontrollen
Mitarbeiter & Partner
Benutzer & Rollen
Bekannte &
konforme Geräte
Physikalische &
virtuelle Lokation
Client-Apps &
Authentifizierungs-
Methoden
Konditionen
Microsoft Cloud
In einer optimalen Zero-Trust-Implementierung sind Ihre digitalen Assets verbunden und in der Lage, das
Signal zu liefern, das erforderlich ist, um fundierte Zugriffsentscheidungen mithilfe automatisierter
Richtliniendurchsetzung zu treffen.
In drei Schritten zu Zero Trust
1. Automatisierte Identitäts- &
Zugriffsverwaltung
2. Zentrales Unified Endpoint
Management
3. Privilegierte
Benutzerrechtevergabe &
Applikationsmanagement
Zero Trust Reifegradmodell
Das Zero Trust-
Reifegradmodell
Mit diesen Grundprinzipien,
einer Übersicht des End-to-End-
Frameworks und einem
skalierbaren Reifegradmodell
verfügen Sie über das nötige
Wissen, um den Zero Trust-
Fortschritt im Unternehmen zu
bewerten, Stakeholder zu
informieren und die nächsten
Schritte zu priorisieren.
Leitfaden herunterladen
Bewertung mit dem Zero Trust-Reifegradmodell
Bewertung durchführen
Referenzarchitektur für Cybersicherheit
Referenzarchitektur für Microsoft-Cybersicherheit - Security documentation | Microsoft Docs
Microsoft Intelligent Security Association
• Collaboration
strengthens protection
• Teaming up with our security partners to
build an ecosystem of intelligent security
solutions that better defend against a
world of increased threats
Diskussion
Thomas Treml
Microsoft Deutschland GmbH
Thomas.Treml@microsoft.com
Anhang
Identity Data
Networking
Devices Apps Infrastructure
Logical Components of a Zero Trust Architecture
Evolving Zero Trust—Lessons learned and emerging trends - Microsoft Security Blog
Was bedeutet Zero Trust?
Workloads
Endgeräte
Personen Intelligenz Daten
Guiding Principles and Standards
• Principles are high-level statements of the values that guide IT and the
Business, e.g. “Information is an asset”. They are universally agreed
truths. They guide and shape the lower-level artefacts; standards and
policies.
• Principles change very little – if at all – over time.
• The objectives should change very little over time, as they are
foundations of Zero Trust and an organization’s Cybersecurity
strategy.
• Strategies are long-term missions that do not frequently change.
Therefore, the Principles are best tied to strategic objectives.
• Standards define the specification to which we do something, e.g. “Data-
at-rest must be encrypted using AES 128 bit or better”.
• Standards change, they improve and become obsolete.
• They are closer to technology.
• Design decisions are shaped by standards and principles and will
prescribe a product and configuration. e.g. “Disks shall be encrypted
using Microsoft BitLocker”.
• Principles are not tangible, so appropriate standards and policies must be
defined and enforced in order to implement the Principles.
© Microsoft 2021
Summary EO response for Federal Agencies
Executive order
On May 12, 2021, President Biden signed the Executive Order (EO) to improve the nation’s cybersecurity and protect federal government networks in
response to recent incidents from sophisticated malicious activity from nation-state and cyber criminals.
For agencies there are numerous requirements, including some with short-term action items included in the EO. The purpose of this presentation is to help
government agencies take thoughtful action aligned to one of these requirements: Plan for Zero Trust Implementation
Capabilities
There are six key capabilities expected to
be developed through the EO:
1. Secure Cloud Adoption Plan
2. Zero Trust Plan
3. Multifactor Authentication
Implementation
4. Endpoint Detection & Response
5. Data Identification
6. Secure Software Adoption
Zero Trust Plan
EO Requirement: Section 3 – “The heads of
agencies update plans for federal network
infrastructure (including adoption of cloud
technology and implementation of Zero Trust
Architecture) and report plans to OMB/NSC.”
Timeline: 07/11/2021
Microsoft reference architecture: Zero Trust
Architecture
Actions
Next steps include:
1. Review compliance requirements for
section 3
2. Review how Microsoft can support
3. Develop and implement plans to build
agency response
Resources:
Summary: FACT SHEET: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks | The White House
Executive Order: Executive Order on Improving the Nation's Cybersecurity | The White House
23
Defender for
Office 365
Defender for
Endpoint
Defender for
Identity
Defend across attack chains
Phishing
mail
Open
attachment
Click a URL
Browse
a website
Exploitation
and Installation
Command
and Control
Azure AD
Identity Protection
Brute force account or use
stolen account credentials
User account is
compromised
Attacker collects
reconnaissance &
configuration data
Attacker attempts
lateral movement
Privileged account
compromised
Domain
compromised
Microsoft Cloud
App Security
Attacker accesses
sensitive data
Exfiltration
of data
Leading
indicators
History of violations
Distracted and careless
Disgruntled or disenchanted
Subject to stressors
Insider risk
management
Insider has access
to sensitive data
Anomalous
activity detected
Data
leakage
Potential
sabotage
Azure Defender
https://aka.ms/MCRA
Provide actionable security
alerts, raw logs, or both
Microsoft Reference Architecture
Securing Privileged Access
Office 365 Security
Rapid Cyberattacks
(Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording Strategies
SQL Encryption &
Data Masking
Office 365
Dynamics 365
+Monito
r
Data Loss
Protection
Data Governance
eDiscovery
Cybersecurity Reference Architecture
https://aka.ms/MCRA Video Recording Strategies
Security Operations
Provide actionable security
alerts, raw logs, or both
https://aka.ms/MCRA
Security Operations
Provide actionable security
alerts, raw logs, or both
https://aka.ms/MCRA
©Microsoft Corporation Azure
Operational Technology (OT) Security Reference Architecture
Apply zero trust principles to securing OT and industrial IoT environments
S A F E T Y S Y S T E M S
Purdue Model
Level 1 – Basic Control
Electronics controlling or monitoring
physical systems
Level 0 – Process
Physical machinery
Level 2 – Supervisory Control
Monitoring & Control for discrete
business functions (e.g. production line)
Level 3 – Site Operations
Control & monitoring for physical site
with multiple functions (e.g. plant)
Security Analytics
Transform with Zero Trust Principles
Purdue model assumed static site/enterprise model
• Datacenter Segments – Align network/identity/other
controls to business workloads and business risk
• End user access - Dynamically grant access based on explicit
validation of current user and device risk level
Business Analytics
Confidentiality/Integrity/Availability
• Hardware Age: 5-10 years
• Warranty length 3-5 years
• Protocols: Native IP, HTTP(S), Others
• Security Hygiene: Multi-factor authentication (MFA), patching, threat monitoring, antimalware
Safety/Integrity/Availability
• Hardware Age: 50-100 years (mechanical + electronic overlay)
• Warranty length: up to 30-50 years
• Protocols: Industry Specific (often bridged to IP networks)
• Security Hygiene: Isolation, threat monitoring, managing vendor
access risk, (patching rarely)
Operational Technology
(OT) Environments
Information Technology
(IT) Environments
IIoT / OT Digital Transformation drivers
• Business Efficiency - Data to enable business agility
• Governance & Regulatory Compliance with safety and other
standards
• Emerging Security Standards like CMMC
Azure Analytics
IoT Hub, PowerBI, Azure Edge,
Digital Twins, and more
Blended cybersecurity attacks are
driving convergence of IT, OT, and IoT
security architectures and capabilities
Plant security console
(optional)
Sensor(s) + Analytics
TLS with mutual
authentication
N E T W O R K
T A P / S P A N
https://aka.ms/MCRA
Azure Defender for IoT
 Manager
 Security Console
3rd party
Analytics
Cloud
Environments
Business Analytics
Business Analytic Sensor(s)
Cloud Connection (OPTIONAL)
• Native plug-in for Azure Defender for IoT
• Native OT investigation & remediation playbooks
• Correlation with other data sources and
Strategic Threat intelligence (attack groups & context)
Zero Trust Principles - Assume breach, verify explicitly, Use least privilege access (identity and network)
Hard Boundary
Physically disconnect
from IT network(s)
Soft(ware) Boundary
People, Process, and Tech (network
+ identity access control, boundary
patching and security hygiene)
Internal
isolation
As business
processes allow
Isolation and Segmentation
3rd party
Analytics Azure Sentinel
3rd party SIEM
Situation: Solution: Impact:
“We chose the best of suite approach with the Microsoft 365 E5 solution, and now we have
an overview of our environment that helps us to react in real time and defend against attacks
proactively.”
When Siemens began to
transition to the cloud, it
emphasized real-time, proactive
security in order to apply a Zero
Trust approach. It needed a tightly
coordinated set of security
solutions to protect identities,
data, and endpoints.
.- Thomas Mueller-Lynch, Service Owner Lead for Digital Identity, Siemens
Already committed to the
productivity-enhancing apps in
Microsoft 365, it now makes full
use of the rich security built into
the solution, including Azure
Active Directory, Microsoft
Defender for Identity, Microsoft
Endpoint Manager, Microsoft
Defender for Endpoint, and
more.
Siemens is realizing the advantages
of an encompassing security system
that is worth more than the sum of
its parts: a tightly coordinated set of
solutions that helps protect
company data and about 300,000
devices easily, efficiently—and
proactively.
Customer:
Siemens
Industry:
Manufacturing
Size:
Large (10,000+ employees)
Country:
Germany
Products and services:
Microsoft Azure Active Directory
Microsoft Cloud App Security
Microsoft Defender for Endpoint
Microsoft Defender for Identity
Microsoft Endpoint Manager
Microsoft Information Protection P2
Customer Lockbox for Azure
Read full story here
Authentifizierung neu gedacht: Zero Trust verstehen und
umsetzen - computerwoche.de
This track exposes participants to all the key azure services at the disposal of the organization and all the cybersecurity concepts necessary to
ensure the confidentiality, integrity and availability of all these resources and information systems. There Will be deep dive, hands-on
sessions on key areas such as Azure Security Center, Azure Sentinel, Azure Monitor, IAM, Data and Application Security.
This track will help participants acquire the skills required to secure both M365 (E3 & E5) deployments and comply with industry & territorial
data protections. Key Security concepts such as Threat Management & Protection, IAM, Application & Mobility Security, GDPR, Compliance,
Risk and Security Governance will be taught.

More Related Content

What's hot

Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewMicrosoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security Overview
David J Rosenthal
 

What's hot (20)

introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
security-reference-architecture.pdf
security-reference-architecture.pdfsecurity-reference-architecture.pdf
security-reference-architecture.pdf
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Cyber Security Maturity Assessment
 Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
IBM Security QRadar
 IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
 
Azure Security Center- Zero to Hero
Azure Security Center-  Zero to HeroAzure Security Center-  Zero to Hero
Azure Security Center- Zero to Hero
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
A Guide to Managed Security Services
A Guide to Managed Security ServicesA Guide to Managed Security Services
A Guide to Managed Security Services
 
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewMicrosoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security Overview
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 

Similar to Zero Trust 20211105

Security in cloud computing kashyap kunal
Security in cloud computing  kashyap kunalSecurity in cloud computing  kashyap kunal
Security in cloud computing kashyap kunal
Kashyap Kunal
 

Similar to Zero Trust 20211105 (20)

microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public Sector
 
IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET- Simultaneous ammunition for the multi-cloud computing simulation IRJET- Simultaneous ammunition for the multi-cloud computing simulation
IRJET- Simultaneous ammunition for the multi-cloud computing simulation
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Iot 7-12-2021
Iot 7-12-2021Iot 7-12-2021
Iot 7-12-2021
 
IRJET-Domain Data Security on Cloud
IRJET-Domain Data Security on CloudIRJET-Domain Data Security on Cloud
IRJET-Domain Data Security on Cloud
 
SPUnite17 Microsoft Cloud Deutschland
SPUnite17 Microsoft Cloud DeutschlandSPUnite17 Microsoft Cloud Deutschland
SPUnite17 Microsoft Cloud Deutschland
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
Security in cloud computing kashyap kunal
Security in cloud computing  kashyap kunalSecurity in cloud computing  kashyap kunal
Security in cloud computing kashyap kunal
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls Security
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
Cloud Ecosystems A Perspective
Cloud Ecosystems A PerspectiveCloud Ecosystems A Perspective
Cloud Ecosystems A Perspective
 

Recently uploaded

CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
Wonjun Hwang
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
Overkill Security
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 

Recently uploaded (20)

Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 

Zero Trust 20211105

  • 1. IT-Sicherheit neu denken – Paradigmenwechsel auf Basis von Zero Trust 05. November Thomas Treml Microsoft Deutschland GmbH
  • 2.
  • 3.
  • 4. BSI - IT-Sicherheit im Home-Office (bund.de) IT-Sicherheit im Home-Office im Jahr 2020
  • 6.
  • 7.
  • 8. Alte Welt vs. Mitarbeiter, Partner & Kunden Bring your own devices Täglich neue Cloud-Apps Perimeter verliert an Relevanz Explosion der Signale
  • 9. Eine neue Realität braucht neue Prinzipien Explizit überprüfen
  • 10. Identitäten sind das neue, zentrale Perimeter
  • 11. Cloud SaaS-Apps On-Premises Apps MFA durchsetzen Zugriff blockieren/zulassen Legacy-Authentisierung blockieren Passwort zurücksetzen Zugriff limitieren Kontrollen Mitarbeiter & Partner Benutzer & Rollen Bekannte & konforme Geräte Physikalische & virtuelle Lokation Client-Apps & Authentifizierungs- Methoden Konditionen Microsoft Cloud
  • 12. In einer optimalen Zero-Trust-Implementierung sind Ihre digitalen Assets verbunden und in der Lage, das Signal zu liefern, das erforderlich ist, um fundierte Zugriffsentscheidungen mithilfe automatisierter Richtliniendurchsetzung zu treffen.
  • 13. In drei Schritten zu Zero Trust 1. Automatisierte Identitäts- & Zugriffsverwaltung 2. Zentrales Unified Endpoint Management 3. Privilegierte Benutzerrechtevergabe & Applikationsmanagement
  • 14. Zero Trust Reifegradmodell Das Zero Trust- Reifegradmodell Mit diesen Grundprinzipien, einer Übersicht des End-to-End- Frameworks und einem skalierbaren Reifegradmodell verfügen Sie über das nötige Wissen, um den Zero Trust- Fortschritt im Unternehmen zu bewerten, Stakeholder zu informieren und die nächsten Schritte zu priorisieren. Leitfaden herunterladen
  • 15. Bewertung mit dem Zero Trust-Reifegradmodell Bewertung durchführen
  • 16. Referenzarchitektur für Cybersicherheit Referenzarchitektur für Microsoft-Cybersicherheit - Security documentation | Microsoft Docs
  • 17. Microsoft Intelligent Security Association • Collaboration strengthens protection • Teaming up with our security partners to build an ecosystem of intelligent security solutions that better defend against a world of increased threats
  • 18. Diskussion Thomas Treml Microsoft Deutschland GmbH Thomas.Treml@microsoft.com
  • 20. Identity Data Networking Devices Apps Infrastructure Logical Components of a Zero Trust Architecture Evolving Zero Trust—Lessons learned and emerging trends - Microsoft Security Blog
  • 21. Was bedeutet Zero Trust? Workloads Endgeräte Personen Intelligenz Daten
  • 22. Guiding Principles and Standards • Principles are high-level statements of the values that guide IT and the Business, e.g. “Information is an asset”. They are universally agreed truths. They guide and shape the lower-level artefacts; standards and policies. • Principles change very little – if at all – over time. • The objectives should change very little over time, as they are foundations of Zero Trust and an organization’s Cybersecurity strategy. • Strategies are long-term missions that do not frequently change. Therefore, the Principles are best tied to strategic objectives. • Standards define the specification to which we do something, e.g. “Data- at-rest must be encrypted using AES 128 bit or better”. • Standards change, they improve and become obsolete. • They are closer to technology. • Design decisions are shaped by standards and principles and will prescribe a product and configuration. e.g. “Disks shall be encrypted using Microsoft BitLocker”. • Principles are not tangible, so appropriate standards and policies must be defined and enforced in order to implement the Principles.
  • 23. © Microsoft 2021 Summary EO response for Federal Agencies Executive order On May 12, 2021, President Biden signed the Executive Order (EO) to improve the nation’s cybersecurity and protect federal government networks in response to recent incidents from sophisticated malicious activity from nation-state and cyber criminals. For agencies there are numerous requirements, including some with short-term action items included in the EO. The purpose of this presentation is to help government agencies take thoughtful action aligned to one of these requirements: Plan for Zero Trust Implementation Capabilities There are six key capabilities expected to be developed through the EO: 1. Secure Cloud Adoption Plan 2. Zero Trust Plan 3. Multifactor Authentication Implementation 4. Endpoint Detection & Response 5. Data Identification 6. Secure Software Adoption Zero Trust Plan EO Requirement: Section 3 – “The heads of agencies update plans for federal network infrastructure (including adoption of cloud technology and implementation of Zero Trust Architecture) and report plans to OMB/NSC.” Timeline: 07/11/2021 Microsoft reference architecture: Zero Trust Architecture Actions Next steps include: 1. Review compliance requirements for section 3 2. Review how Microsoft can support 3. Develop and implement plans to build agency response Resources: Summary: FACT SHEET: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks | The White House Executive Order: Executive Order on Improving the Nation's Cybersecurity | The White House 23
  • 24. Defender for Office 365 Defender for Endpoint Defender for Identity Defend across attack chains Phishing mail Open attachment Click a URL Browse a website Exploitation and Installation Command and Control Azure AD Identity Protection Brute force account or use stolen account credentials User account is compromised Attacker collects reconnaissance & configuration data Attacker attempts lateral movement Privileged account compromised Domain compromised Microsoft Cloud App Security Attacker accesses sensitive data Exfiltration of data Leading indicators History of violations Distracted and careless Disgruntled or disenchanted Subject to stressors Insider risk management Insider has access to sensitive data Anomalous activity detected Data leakage Potential sabotage Azure Defender https://aka.ms/MCRA
  • 25. Provide actionable security alerts, raw logs, or both Microsoft Reference Architecture
  • 26. Securing Privileged Access Office 365 Security Rapid Cyberattacks (Wannacrypt/Petya) https://aka.ms/MCRA Video Recording Strategies SQL Encryption & Data Masking Office 365 Dynamics 365 +Monito r Data Loss Protection Data Governance eDiscovery Cybersecurity Reference Architecture https://aka.ms/MCRA Video Recording Strategies
  • 27. Security Operations Provide actionable security alerts, raw logs, or both https://aka.ms/MCRA
  • 28. Security Operations Provide actionable security alerts, raw logs, or both https://aka.ms/MCRA
  • 29. ©Microsoft Corporation Azure Operational Technology (OT) Security Reference Architecture Apply zero trust principles to securing OT and industrial IoT environments S A F E T Y S Y S T E M S Purdue Model Level 1 – Basic Control Electronics controlling or monitoring physical systems Level 0 – Process Physical machinery Level 2 – Supervisory Control Monitoring & Control for discrete business functions (e.g. production line) Level 3 – Site Operations Control & monitoring for physical site with multiple functions (e.g. plant) Security Analytics Transform with Zero Trust Principles Purdue model assumed static site/enterprise model • Datacenter Segments – Align network/identity/other controls to business workloads and business risk • End user access - Dynamically grant access based on explicit validation of current user and device risk level Business Analytics Confidentiality/Integrity/Availability • Hardware Age: 5-10 years • Warranty length 3-5 years • Protocols: Native IP, HTTP(S), Others • Security Hygiene: Multi-factor authentication (MFA), patching, threat monitoring, antimalware Safety/Integrity/Availability • Hardware Age: 50-100 years (mechanical + electronic overlay) • Warranty length: up to 30-50 years • Protocols: Industry Specific (often bridged to IP networks) • Security Hygiene: Isolation, threat monitoring, managing vendor access risk, (patching rarely) Operational Technology (OT) Environments Information Technology (IT) Environments IIoT / OT Digital Transformation drivers • Business Efficiency - Data to enable business agility • Governance & Regulatory Compliance with safety and other standards • Emerging Security Standards like CMMC Azure Analytics IoT Hub, PowerBI, Azure Edge, Digital Twins, and more Blended cybersecurity attacks are driving convergence of IT, OT, and IoT security architectures and capabilities Plant security console (optional) Sensor(s) + Analytics TLS with mutual authentication N E T W O R K T A P / S P A N https://aka.ms/MCRA Azure Defender for IoT  Manager  Security Console 3rd party Analytics Cloud Environments Business Analytics Business Analytic Sensor(s) Cloud Connection (OPTIONAL) • Native plug-in for Azure Defender for IoT • Native OT investigation & remediation playbooks • Correlation with other data sources and Strategic Threat intelligence (attack groups & context) Zero Trust Principles - Assume breach, verify explicitly, Use least privilege access (identity and network) Hard Boundary Physically disconnect from IT network(s) Soft(ware) Boundary People, Process, and Tech (network + identity access control, boundary patching and security hygiene) Internal isolation As business processes allow Isolation and Segmentation 3rd party Analytics Azure Sentinel 3rd party SIEM
  • 30. Situation: Solution: Impact: “We chose the best of suite approach with the Microsoft 365 E5 solution, and now we have an overview of our environment that helps us to react in real time and defend against attacks proactively.” When Siemens began to transition to the cloud, it emphasized real-time, proactive security in order to apply a Zero Trust approach. It needed a tightly coordinated set of security solutions to protect identities, data, and endpoints. .- Thomas Mueller-Lynch, Service Owner Lead for Digital Identity, Siemens Already committed to the productivity-enhancing apps in Microsoft 365, it now makes full use of the rich security built into the solution, including Azure Active Directory, Microsoft Defender for Identity, Microsoft Endpoint Manager, Microsoft Defender for Endpoint, and more. Siemens is realizing the advantages of an encompassing security system that is worth more than the sum of its parts: a tightly coordinated set of solutions that helps protect company data and about 300,000 devices easily, efficiently—and proactively. Customer: Siemens Industry: Manufacturing Size: Large (10,000+ employees) Country: Germany Products and services: Microsoft Azure Active Directory Microsoft Cloud App Security Microsoft Defender for Endpoint Microsoft Defender for Identity Microsoft Endpoint Manager Microsoft Information Protection P2 Customer Lockbox for Azure Read full story here
  • 31. Authentifizierung neu gedacht: Zero Trust verstehen und umsetzen - computerwoche.de
  • 32. This track exposes participants to all the key azure services at the disposal of the organization and all the cybersecurity concepts necessary to ensure the confidentiality, integrity and availability of all these resources and information systems. There Will be deep dive, hands-on sessions on key areas such as Azure Security Center, Azure Sentinel, Azure Monitor, IAM, Data and Application Security. This track will help participants acquire the skills required to secure both M365 (E3 & E5) deployments and comply with industry & territorial data protections. Key Security concepts such as Threat Management & Protection, IAM, Application & Mobility Security, GDPR, Compliance, Risk and Security Governance will be taught.

Editor's Notes

  1. 11