13. Slide
‹#›
Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm
Follow us:
#O365ENGAGE17
Understand Cloud Data Types
Data at
Rest
Data in
Transit
Data in
Use
Data in
Production
Data not in
Production
information storage
objects, containers,
and types that exist
statically on
physical media, be
it magnetic or
optical disk.
When data is being
transferred between
components, locations or
programs, such as over
the network, across a
service bus (from on-
premises to cloud and
vice-versa
Information being acted
upon in some way by the
host or guest during a
process, such as real-
time database queries
running in active memory
(as opposed to a page file
sent out to disk),
Data in some form of
storage, e.g. Azure
SQL Database, and
compute processes
that need to access
that storage during
production
operations.
Data in some form of
storage, e.g. a Virtual
Hard Disk (VHD), but
that VHD is not in
production use. For
example, it may be
part of an upgrade
operation
14. Slide
‹#›
Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm
Follow us:
#O365ENGAGE17
Look a little closer …
• Obvious?”
• Email
• Contacts
• Calendar
• Word files
• Excel files
• PowerPoint files
• OneNote files
• Picture files
• Video files
• PDF files
• Visio files
• “Less Obvious?”
• Web pages
• Instant Messages (IM
Chats)
• Skype call logs
• Meeting content
generated during
Skype meetings
• Newsfeeds
Conversations
• Metadata
• “Not Obvious?”
• Surveys
• Wikis
• Blogs
• Announcements
• Links
• Issue tracking
• Custom
• Can buy or build
custom apps
• Sway
15. Slide
‹#›
Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm
Follow us:
#O365ENGAGE17
Then, take Metadata for Example
• Simply put, It’s Data about Data!
• Often Overlooked by Traditional Security
• You need to think BIG!
• It’s everywhere, on practically Everything
Digital
• Email, Website, Phone, Voicemail,
Cameras, Digital Music, Movies, CCTV
Systems, Public Transport, IoT Devices,
Cars, Electronic Finance Systems and
many many more …
• It’s almost impossible to Avoid it
• Metadata Contains no Content
“Every Click
you Take, Every
Move you Make,
I’ll be Watching
you …”
16. Slide
‹#›
Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm
Follow us:
#O365ENGAGE17
Types of Metadata
• Descriptive metadata describes a resource
for purposes such as discovery and
identification. It can include elements such as
title, abstract, author, and keywords.
• Structural metadata is metadata about
containers of metadata and indicates how
compound objects are put together, for
example, how pages are ordered to form
chapters.
• Administrative metadata provides information
to help manage a resource, such as when and
how it was created, file type and other
technical information, and who can access it.
56. Slide
‹#›
Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
4: Choose the date – Any devices issued for a user before this date
would require MFA setup
$auth.RememberDevicesNotIssuedBefore = (Get-Date)
5: Enable MFA for all users: Get-MsolUser –All | Foreach{ Set-
MsolUser -UserPrincipalName $_.UserPrincipalName -
StrongAuthenticationRequirements $auth}
If your users do not regularly sign in through the browser, you can
send them to this link to register for multi-factor
auth: https://aka.ms/MFASetup
Multi Factor Authentication via PowerShell Step by Step
64. Slide
‹#›
Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm
Follow us:
#O365ENGAGE17
Azure; cloud App Security
• Cloud Discovery: Discover all cloud use in your organization,
including Shadow IT reporting and control and risk assessment.
• Data Protection: Monitor and control your data in the cloud by
gaining visibility, enforcing DLP policies, alerting and
investigation.
• Threat Protection: Detect anomalous use and security
incidents. Use behavioral analytics and advanced investigation
tools to mitigate risk and set policies and alerts to achieve
maximum control over network cloud traffic.
68. Slide
‹#›
Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm
Follow us:
#O365ENGAGE17
What is Advanced Threat Analytics?
• Cloud linked to on-premises that protects your enterprise from
multiple types of advanced targeted cyber attacks and insider
threats.
• Reconnaissance: Detects attackers as they gather information
on your environment and its assets
• Lateral movement cycle, Prevents attackers spreading their
attack surface inside your network.
• Prevents persistence during which an attacker captures the
information allowing them to resume their campaign using
various set of entry points, credentials and techniques.