Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2016, A new era of OS and Cloud Security

373 views

Published on

The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach when it comes to security, especially after some of last years’ heavily publicized incidents. Join this session for a discussion on what Microsoft is doing to protect against these new security threats with fresh approaches taken both at the server & client OS level, as well as in Azure.

Published in: Technology

2016, A new era of OS and Cloud Security

  1. 1. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals 2016 – A New Era of OS and Cloud Security Tudor Damian Microsoft Cloud and Datacenter Management MVP Certified Ethical Hacker tudor.damian@avaelgo.ro / @tudydamian / tudy.tel
  2. 2. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Many thanks to our sponsors & partners! GOLD SILVER PARTNERS PLATINUM POWERED BY
  3. 3. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals • Overview of Security Trends • Windows security on-prem & Cloud-enabled improvements – Guarded Fabric • Shielded VMs & Hypervisor Code Integrity (HVCI) – Device Guard – Provable PC Health (PPCH) Service – Advanced Threat Analytics – Windows Defender Advanced Threat Protection – Azure Security Center – Operations Management Suite Agenda
  4. 4. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals INDUSTRY SECURITY TRENDS
  5. 5. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals The Evolution of Attacks Volume and Impact Script Kiddies BLASTER, SLAMMER Motive: Mischief 2003-2004 Ignite 2015 BRK2325
  6. 6. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals The Evolution of Attacks 2005-PRESENT Organized Crime RANSOMWARE, CLICK-FRAUD, IDENTITY THEFT Motive: Profit Script Kiddies BLASTER, SLAMMER Motive: Mischief 2003-2004 Ignite 2015 BRK2325
  7. 7. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals The Evolution of Attacks 2005-PRESENT Organized Crime RANSOMWARE, CLICK-FRAUD, IDENTITY THEFT Motive: Profit Script Kiddies BLASTER, SLAMMER Motive: Mischief 2012 - Beyond Nation States, Activists, Terror Groups BRAZEN, COMPLEX, PERSISTENT Motives: IP Theft, Damage, Disruption 2003-2004 Ignite 2015 BRK2325
  8. 8. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Changing nature of cybersecurity attacks Causing significant financial loss, impact to brand reputation, loss of confidential data and executive jobs Compromising user credentials in the vast majority of attacks Today’s cyber attackers are: Staying in the network an average of eight months before detection Using legitimate IT tools rather than malware – harder to detect Ignite 2015 BRK3870
  9. 9. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Changing nature of cybersecurity attacks Today’s cyber attackers are: Causing significant financial loss, impact to brand reputation, loss of confidential data and executive jobs Compromising user credentials in the vast majority of attacks Staying in the network an average of eight months before detection Using legitimate IT tools rather than malware – harder to detect Ignite 2015 BRK3870
  10. 10. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Changing nature of cybersecurity attacks Today’s cyber attackers are: Causing significant financial loss, impact to brand reputation, loss of confidential data and executive jobs Compromising user credentials in the vast majority of attacks Staying in the network an average of eight months before detection Using legitimate IT tools rather than malware – harder to detect Ignite 2015 BRK3870
  11. 11. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Changing nature of cybersecurity attacks Today’s cyber attackers are: Causing significant financial loss, impact to brand reputation, loss of confidential data and executive jobs Compromising user credentials in the vast majority of attacks Staying in the network an average of eight months before detection Using legitimate IT tools rather than malware – harder to detect Ignite 2015 BRK3870
  12. 12. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Median number of days attackers are present on a victims network before detection 200+ Days after detection to full recovery 80 Impact of lost productivity and growth $3Trillion Average cost of a data breach (15% YoY increase) $3.5Million “ THERE ARE TWO KINDS OF BIG COMPANIES, THOSE WHO’VE BEEN HACKED, AND THOSE WHO DON’T KNOW THEY’VE BEEN HACKED.” - J A M E S C O M E Y, F B I D I R E C TO R Build 2016 B890
  13. 13. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Timeline of discovery for cyber attacks worldwide Hours, 9% Days, 8% Weeks, 16% Months, 62% Years, 5% Hours Days Weeks Months Years Source: Verizon
  14. 14. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals • Some Verizon DBIR findings – The time to compromise is almost always days or less, if not minutes or less – 85% of breaches took weeks to discover – 96% of breaches were not highly difficult – 97% of breaches were avoidable through simple/intermediate controls – 63% of confirmed data breaches involved weak, default or stolen passwords – 95% of confirmed web app breaches were financially motivated • The 2014 DBIR report shows that 92% of the 100.000 incidents they’ve analyzed over the past 10 years can be described by just 9 basic patterns Verizon Data Breach Investigations Report Source: http://www.verizonenterprise.com/DBIR/
  15. 15. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Pwn2Own 2014-2016 • Sandbox escapes or 3rd party code execution: – Internet Explorer – Edge – Mozilla Firefox – Google Chrome – Adobe Flash – Adobe Reader XI – Apple Safari on Mac OS X – Windows – OS X • 2014 - $850.000 total prize money, paid to 8 entrants • 2015 - $557.500 total prize money, paid to 6 entrants • 2016 - $460.000 total prize money Sources: http://www.eweek.com/security/pwn2own-2014-claims-ie-chrome-safari-and-more-firefox-zero-days.html http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2015-Day-One-results/ba-p/6722204 http://www.securityweek.com/pwn2own-2016-hackers-earn-460000-21-new-flaws
  16. 16. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals • Heartbleed (2014) • Shellshock (2014) • BadUSB (2014) • Equation Group (Kaspersky study, 2015) • Lenovo’s Superfish (2014-2015) • OAuth & OpenID Covert Redirect (2014) • Poodle, Freak and Drown SSL attacks (2014-2016) • Stagefright vulnerability (Android, 2015) • XCodeGhost malware (iOS, 2015) • Gemalto SIM cards (2015) • GSM SS7 vulnerabilities (2014-2016) Other recent “happenings” in the IT industry
  17. 17. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals • We have to stop focusing on preventing a data breach and start assuming the breach has already happened • Currently: a one-sided, purely preventative strategy • Future: emphasis on breach detection, incident response, and effective recovery – Start thinking about the time when a breach will (almost inevitably) occur in your infrastructure – Be prepared for that! Assume Breach - a change in mindset
  18. 18. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals GUARDED FABRIC Shielded VMs, Hypervisor Code Integrity (HVCI)
  19. 19. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Fabric, workloads, control plane Fabric manager Workload manager Ignite 2015 BRK2482
  20. 20. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Trust plane - isolated from fabric & control plane Key service Ignite 2015 BRK2482
  21. 21. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Virtual Secure Mode • • • • • • • • • VSM Key service Ignite 2015 BRK2482
  22. 22. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals VSM VM protected at rest, in transit • • • • 3. Deliver vTPM key encrypted to VSM TPM Key service Workload manager HSM Ignite 2015 BRK2482
  23. 23. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals VSM VM protected in execution • • • •  Key service Ignite 2015 BRK2482
  24. 24. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals VSM Key service Trust in the environment • • • 1. Attestation request: TPM public key, VSM public key, UEFI secure boot log, HVCI policy 2. Deliver attestation certificate Attestation service Ignite 2015 BRK2482
  25. 25. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals • Admin-trusted attestation – Intended to support existing host hardware (no TPM 2.0 available) – Guarded hosts that can run Shielded VMs are approved by the Host Guardian Service based on membership in a designated Active Directory Domain Services (AD DS) security group • TPM-trusted attestation – Offers the strongest possible protections – Requires more configuration steps – Host hardware and firmware must include TPM 2.0 and UEFI 2.3.1 with secure boot enabled – Guarded hosts that can run Shielded VMs are approved based on their TPM identity, measured boot sequence and code integrity policies Guarded hosts and Shielded VMs attestation Ignite 2015 BRK2482
  26. 26. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals VSM Overview Ignite 2015 BRK2325
  27. 27. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals • Uploading shielded VM • Uploading secrets • Bring-your-own-key with HSM • Retrieving shielded VM • Live migration • Live storage migration • Non-live migration • Automatic scale-out • Cluster failover • Cross-datacenter, cross-trust migration • Backup, disaster recovery • Creating shielded VM from tenant’s template • Creating shielded VM from third-party template • Protected guest configuration • Remote administration • On-boarding and retiring servers • Servicing host OS, hardware and firmware • Managing HVCI policy for host software • Isolating Guardian service in separate forest • Remediating compromised and evicted host • Administrator trust, non-attested • Troubleshooting All scenarios become secure, scalable & reliable
  28. 28. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals DEVICE GUARD
  29. 29. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals New challenges require a new platform Ignite 2015 BRK2325
  30. 30. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals • (Sort of) an improved version of AppLocker • Hardware Rooted App Control (runs in VSM) – Enables a Windows desktop to be locked down to only run trusted apps, just like many mobile OS’s (e.g.: Windows Phone) – Untrusted apps and executables such as malware are unable to run – Resistant to tampering by an administrator or malware – Requires devices specially configured by either the OEM or IT • Getting Apps into the Circle of Trust – Supports all apps including Universal and Desktop (Win32) – Trusted apps can be created by IHV, ISV, and Organizations using a Microsoft provided signing service – Apps must be specially signed using the Microsoft signing service. No additional modification is required – Signing service will be made available to OEM’s, IHV, ISV’s, and Enterprises Device Guard Ignite 2015 BRK2325
  31. 31. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals PROVABLE PC HEALTH (PPCH)
  32. 32. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Today, health is assumed • Unhealthy clients proliferate malware 1 Important resources 2 Ignite 2015 BRK2325
  33. 33. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Windows Provable PC Health (PPCH) • Cloud-based service –Provides remote health attestation –Can issue health state “claims” • Blocks unhealthy devices to protect resources and prevent proliferation • Intune can provide conditional access based on PPCH health state claims • Available for use by 3rd party network access, security, and management solutions Ignite 2015 BRK2325
  34. 34. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Provable PC Health overview 1 Important resources 2 3 5 4 Ignite 2015 BRK2325
  35. 35. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals ADVANCED THREAT ANALYTICS Protecting corporate environments from advanced attacks
  36. 36. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals How Microsoft Advanced Threat Analytics works Analyze1 After installation: • Simple, non-intrusive port mirroring configuration copies all AD-related traffic • Remains invisible to the attackers • Analyzes all Active Directory network traffic • Collects relevant events from SIEM (Security Information and Event Management) and information from AD (titles, group memberships, and more) Ignite 2015 BRK3870
  37. 37. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals How Microsoft Advanced Threat Analytics works ATA: • Automatically starts learning and profiling entity behavior • Identifies normal behavior for entities • Learns continuously to update the activities of the users, devices, and resources Learn2 What is an entity? Entity represents users, devices, or resources Ignite 2015 BRK3870
  38. 38. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals How Microsoft Advanced Threat Analytics works Detect3 Microsoft Advanced Threat Analytics: • Looks for abnormal behavior and identifies suspicious activities • Only raises red flags if abnormal activities are contextually aggregated • Leverages world-class security research to detect security risks and attacks in near real time based on attackers Tactics, Techniques and Procedures (TTPs) ATA not only compares the entity’s behavior to its own, but also to the behavior of entities in its interaction path. Ignite 2015 BRK3870
  39. 39. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals How Microsoft Advanced Threat Analytics works Abnormal Behavior  Anomalous logins  Remote execution  Suspicious activity Security issues and risks  Broken trust  Weak protocols  Known protocol vulnerabilities Malicious attacks  Pass-the-Ticket (PtT)  Pass-the-Hash (PtH)  Overpass-the-Hash  Forged PAC (MS14-068)  Golden Ticket  Skeleton key malware  Reconnaissance  BruteForce  Unknown threats  Password sharing  Lateral movement Ignite 2015 BRK3870
  40. 40. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals ATA Topology - Overview Ignite 2015 BRK3870
  41. 41. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Captures and analyzes DC network traffic via port mirroring Listens to multiple DCs from a single Gateway Receives events from SIEM Retrieves data about entities from the domain Performs resolution of network entities Transfers relevant data to the ATA Center ATA Topology - Gateway Ignite 2015 BRK3870
  42. 42. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals ATA Topology - Center Manages ATA Gateway configuration settings Receives data from ATA Gateways and stores in the database Detects suspicious activity and abnormal behavior (through Machine Learning) Provides Web Management Interface Supports multiple Gateways Ignite 2015 BRK3870
  43. 43. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals ATA Interface Overview Ignite 2015 BRK3870
  44. 44. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals ATA Interface Overview Ignite 2015 BRK3870
  45. 45. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals ATA Interface Overview Ignite 2015 BRK3870
  46. 46. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals ATA Interface Overview Ignite 2015 BRK3870
  47. 47. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals ATA Interface Overview Ignite 2015 BRK3870
  48. 48. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals WINDOWS DEFENDER ADVANCED THREAT PROTECTION Windows advanced threat detection, investigate and response
  49. 49. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals STRONTIUM attack case study
  50. 50. @ITCAMPRO #ITCAMP16Community Conference for IT ProfessionalsBuild 2016 B890
  51. 51. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals From: <attacker>@<email provider.com> To: <victim>@<email provider.com> Subject: Re: Mission In Central African Republic *Dear Sir!* Please be advised that The Spanish Army personnel and a large number of the Spanish Guardia Civil officers currently deployed in the Central African Republic (CAR) as part of the European EUFOR RCA mission will return to Spain in early March as the mission draws to a close. Visit for the additional info. *Best regards,* *Capt. <omitted>, Defence Adviser, Public Diplomacy Division NATO, Brussels <attacker>@<email provider.com> TARGET: Diplomat in the Middle East hxxp://eurasiaglobalnews.com/90670117-spains- armed-forces-conclude-mission-in-central-african- republic/ Build 2016 B890
  52. 52. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals TARGET: NATO-Themed Spear Phish hxxp://nato.int -> hxxp://natoint.com Build 2016 B890
  53. 53. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals ATTACK: Stages of a 0-day Attack TimeStamp Alert Data 2015/04/08 10:11:54 Unknown URL Report hxxp:militaryadviser.org/hu/press-center/news/426728-ukraine/440136/ Initial Exploit URL (Flash 0day) TimeStamp Alert Sha1 FileName Parent Process 2015/04/08 10:12:11 Win32/ContextualDropIETemp b22233684bc8aa939629f4cbebb18545c7121548 runrun.exe iexplore.exe TimeStamp Alert Sha1 FileName Parent Process 2015/04/08 10:12:11 #LowFiContextRundllAppdata ef1a7b1a92b7b00f77786b6a1bffc4e495ccf729 odserv.dll rundll32.exe TimeStamp Alert Sha1 FileName Parent Process 2015/04/09 06:34:04 #HackTool:Win32/WDigest.A!dha ca709ec79ee0518b77f161bc8bab8847c889cb88 psw.exe rundll32.exe Kernel Mode Exploit (0day) Stage 1: Backdoor Stage 2: Pass-the-Hash Module 1 2 3 4 Build 2016 B890
  54. 54. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Device Health attestation Device Guard Device Control Security policies Built-in 2FA Account lockdown Credential Guard Microsoft Passport Windows Hello ;) Device protection / Drive encryption Enterprise Data Protection Conditional access SmartScreen AppLocker Device Guard Windows Defender Network/Firewall Windows Defender ATP Device protection Information protection Threat resistance Breach detection Investigation & Response Pre breach Post breach Identity protection The Windows 10 Defense Stack Build 2016 B890
  55. 55. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Powered by cloud Machine Learning Analytics over the largest sensor array in the world Universal end-point behavioral sensor, built into Win10, with no additional deployment requirements Enhanced by the community of researchers and threat intelligence Windows Defender ATP Overview Build 2016 B890
  56. 56. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Post breach detection for advanced attacks actionable, correlated, real-time and historical for known and unknown attacks Easily investigate & explore enterprise endpoints to understand scope of breach through rich machine timeline and data pivoting Self hunting across protected assets search for current and historical observables: machines, files, IPs, or URLs across all endpoints. Deep file analysis of files observed on endpoints Built-in threat intelligence knowledge base provides actor and intent context for threat intel-based detections, combining 1st and 3rd-party intelligence sources Windows Defender ATP Features Build 2016 B890
  57. 57. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals • Indicators of Compromise (IOCs) – Monitoring “What (who) we know” – Threat Intelligence database of known adversary and campaign IOCs • Indications of Attack (IOAs) – Monitoring “What (who) we don’t recognize – yet” – Generic IOA Dictionary of attack-stage behaviors, tools, and techniques Windows ATP Indicators Build 2016 B890
  58. 58. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Over1MMicrosoft corporatemachines Newcode,new products,newfiles Mostarelocal admins Hundredsoflabs, malware enclaves 1.2BillionWindows machinesreporting 1Mfiles detonateddaily Advanced detectionalgorithms &Statistical modelling APThunters– OSSecurity,Exploit& MalwareResearchers, &ThreatIntelligence 11MEnterprise machinesreporting 2.5TURLsindexed and600Mreputation lookups Why Microsoft is in a unique position Build 2016 B890
  59. 59. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals
  60. 60. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals
  61. 61. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals
  62. 62. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals
  63. 63. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals
  64. 64. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals
  65. 65. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals
  66. 66. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals
  67. 67. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals AZURE SECURITY CENTER Understand the security state of all of your Azure resources
  68. 68. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals • Understand the security state of Azure resources • Use policies that enable you to recommend and monitor security configurations • Use DevOps to deploy integrated Microsoft and partner security solutions • Identify threats with advanced analysis of your security-related events • Respond and recover from incidents faster with real-time security alerts • Export security events to a SIEM for further analysis Azure Security Center enables you to: AzureCon 2015 ACON205
  69. 69. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Azure Security Center interface AzureCon 2015 ACON205
  70. 70. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals • Compromised machines • Failed exploitation attempts • Brute force attacks • Data exfiltration • Web application vulnerabilities • Advanced malware • Achieve all this using: – High volume of signals – Behavioral profiling – Machine Learning – Global threat intelligence • Constantly being expanded with new detection mechanisms Finds attacks that might go undetected AzureCon 2015 ACON205
  71. 71. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Rich ecosystem of products and services AzureCon 2015 ACON205
  72. 72. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals OPERATIONS MANAGEMENT SUITE Transforming machine data into operational intelligence
  73. 73. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals ``` Log Analytics Automation Backup DR and Data Protection Security Microsoft Operation Management Suite Simplified Management. Any Cloud, Any OS.
  74. 74. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Gain visibility across your hybrid enterprise cloud Log Analytics Automation Orchestrate complex and repetitive operations Availability Increase data protection and application availability Security Help secure your workloads, servers, and users OMS Solutions
  75. 75. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Log Analytics • Gain visibility across your hybrid enterprise cloud • Easy collection, correlation, and visualization of your machine data – Log management across physical, virtual, and cloud infrastructure • Overview of infrastructure health, capacity, and usage • Proactive operational data analysis – Faster investigation and resolution of operational issues with deep insights • Deliver unparalleled insights across your datacenters and public clouds, including Azure and AWS • Collect, store, and analyze log data from virtually any Windows Server and Linux server source
  76. 76. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Integrated search • Combine and correlate any machine data from multiple sources – Query, and filter the results by using facet controls. – Automated data visualization – Metrics pivoted around a particular problem areas – Common search queries
  77. 77. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Custom Dashboard • Visualize all of your saved searches – Custom or sample searches – Customizable visual information – Shareable across teams
  78. 78. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Solution Packs • Collection of logic, visualization and data acquisition rules – Powered by search – Metrics pivoted around a particular problem areas – Investigate and resolve operational issues – Can be added/removed and customized
  79. 79. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Alert Management • Expose your integrated System Center Operations Manager alerts • Web based Alert visualization • Integrated search for deeper analysis • Common alert queries
  80. 80. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Capacity Planning • Plan for future capacity and trends using historical data • VM utilization and efficiency • Compute projection • Storage utilization
  81. 81. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Active Directory Assessment • Using best practices and data collection, identify potential issues • Security and Compliance • Availability and business continuity • Performance and security • Upgrade, migration and deployment
  82. 82. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals SQL Server Assessment • Security and Compliance • Availability and business continuity • Performance and security • Upgrade, migration and deployment • Operations and monitoring • Change and configuration
  83. 83. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Change Tracking • Track every change on your system across any environment • Configuration type change • Software & application changes • Windows Service changes
  84. 84. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Azure Automation Dashboard • Quick glance view of runbook health and status – Active runbooks & total jobs – Link into Azure Automation portal
  85. 85. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Azure Backup and Recovery Dashboard • Quick glance view of backup and protection status – Registered servers – Backup size & jobs status – Link into Azure portal for backup and recovery
  86. 86. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals System Update Assessment • Understand server update and patching status across your environment • Servers missing security updates • Servers not updated recently • Types of updates missing
  87. 87. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Malware Assessment • Quickly define your servers malware status and potential threats • Detected threats • Protection status
  88. 88. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Security and Audit • Collect security events and perform forensic, audit and breach analysis – Security posture – Notable issues – Summary threats
  89. 89. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals • Security Posture – Quick glance showcasing server workload and server security threats – Computer growth change – Account authentication – Total system activities – Processes executed – Change in policy – Remote IP Tracking Security Solution Pack
  90. 90. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals • Notable issues – Understand notable security issues, and audit rate of change – Failed account access – Security policy and group changes – Password resets – Event log cleaning – Lock-out accounts Security Solution Pack
  91. 91. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals • Security context – Quick view of security positon across your enterprise – Active threats – Patch status – Software changes – Service changes – Critical and warning alerts Security Solution Pack
  92. 92. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals AND THAT’S NOT ALL OF IT…
  93. 93. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Responsibility for Security in the Cloud era Ignite 2015 BRK2482
  94. 94. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals Some other things to keep in mind • Start using an “Assume Breach” approach • UEFI Secure Boot and TPM support on your hardware • Just-Enough/Just-In-Time Administration (coming in WS 2016) • Azure Rights Management & Data Loss Prevention • Azure AD Multi-Factor Authentication • Windows Hello / Microsoft Passport • Cloud App Security • Etc. 
  95. 95. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals What to do next? • Channel 9 - https://channel9.msdn.com/ – Ignite 2015 BRK2482 - Platform Vision and Strategy: Security and Assurance Overview – Ignite 2015 BRK3870 - Microsoft Advanced Threat Analytics – Ignite 2015 BRK2325 - A New Era of Threat Resistance for the Windows 10 Platform – AzureCon 2015 ACON205 - New Azure Security Center helps you prevent, detect, and respond to threats – Ignite New Zealand 2015 M235 - Automating Operational and Management Tasks in Microsoft Operations Management Suite and Azure – Build 2016 B890 – Windows Defender ATA – … & others  • Microsoft Virtual Academy - http://www.microsoftvirtualacademy.com/ • Try out & look at Windows Server 2016 TP5 & System Center 2016 • Look into the latest Azure/Cloud improvements • Keep up with Security changes in the industry
  96. 96. @ITCAMPRO #ITCAMP16Community Conference for IT Professionals THANK YOU!  Contact: tudor.damian@avaelgo.ro / @tudydamian / tudy.tel

×