O365Engage17 - Defence against the dark (cloud) arts azure security deep dive
•
1 like•151 views
Office 365 Engage 2017 Session
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to O365Engage17 - Defence against the dark (cloud) arts azure security deep dive
Similar to O365Engage17 - Defence against the dark (cloud) arts azure security deep dive (20)
More from NCCOMMS
More from NCCOMMS (20)
Recently uploaded
Recently uploaded (20)
O365Engage17 - Defence against the dark (cloud) arts azure security deep dive
- 2. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 Andy Malone MVP, MCT (UK) • Microsoft MVP (Enterprise Security) • Microsoft Certified Trainer (20 years) • Founder: Cybercrime Security Forum • Worldwide Event Speaker • Author: Sc-Fi Thriller The Seventh Day • www.AndyMalone.org 2
- 3. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 This session will talk about … • Current Cybersecurity Trends • Attacks which are Simpler than you think! • How Azure & Office 365 is Fighting back! • Andy’s Top 10 Tips! • Demos – Demos - Demos • Review 3
- 4. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Motivation for Cybercrime 2017 4
- 5. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Why Should I be Concerned? 5
- 6. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] What’s are the Attack Vectors? 6
- 9. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 WanaCrypt0r 2.0 • WanaCrypt0r 2.0 is the ransomware that struck the NHS as well as Spanish telecoms company Telefonica. • Discovered earlier by security researchers Malware Hunter Team who shared their findings on Twitter. • It is believed WanaCrypt0r spread through the NHS’ internal network • Root cause: Many older XP & Win 7 Machines were unpatched, maintained
- 12. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Before you can defend, you need to think like a hacker! 12
- 13. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 Understand Cloud Data Types Data at Rest Data in Transit Data in Use Data in Production Data not in Production information storage objects, containers, and types that exist statically on physical media, be it magnetic or optical disk. When data is being transferred between components, locations or programs, such as over the network, across a service bus (from on- premises to cloud and vice-versa Information being acted upon in some way by the host or guest during a process, such as real- time database queries running in active memory (as opposed to a page file sent out to disk), Data in some form of storage, e.g. Azure SQL Database, and compute processes that need to access that storage during production operations. Data in some form of storage, e.g. a Virtual Hard Disk (VHD), but that VHD is not in production use. For example, it may be part of an upgrade operation
- 14. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 Look a little closer … • Obvious?” • Email • Contacts • Calendar • Word files • Excel files • PowerPoint files • OneNote files • Picture files • Video files • PDF files • Visio files • “Less Obvious?” • Web pages • Instant Messages (IM Chats) • Skype call logs • Meeting content generated during Skype meetings • Newsfeeds Conversations • Metadata • “Not Obvious?” • Surveys • Wikis • Blogs • Announcements • Links • Issue tracking • Custom • Can buy or build custom apps • Sway
- 15. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 Then, take Metadata for Example • Simply put, It’s Data about Data! • Often Overlooked by Traditional Security • You need to think BIG! • It’s everywhere, on practically Everything Digital • Email, Website, Phone, Voicemail, Cameras, Digital Music, Movies, CCTV Systems, Public Transport, IoT Devices, Cars, Electronic Finance Systems and many many more … • It’s almost impossible to Avoid it • Metadata Contains no Content “Every Click you Take, Every Move you Make, I’ll be Watching you …”
- 16. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 Types of Metadata • Descriptive metadata describes a resource for purposes such as discovery and identification. It can include elements such as title, abstract, author, and keywords. • Structural metadata is metadata about containers of metadata and indicates how compound objects are put together, for example, how pages are ordered to form chapters. • Administrative metadata provides information to help manage a resource, such as when and how it was created, file type and other technical information, and who can access it.
- 18. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Metadata & the Cloud • Cloud metadata : As well as standard file metadata • Tenant metadata may also include the performance, configuration, operations, and billing data that is part of each cloud workload or tenant account • Information can also include security, log & performance information
- 19. Slide ‹#› Demo Simple tools to Backdoor your Data! 19
- 20. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Andy’s Top 10 Tips to Defend Against the Dark Cloud Arts … 20
- 22. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] A Word about Azure AD Rights Management Services
- 25. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Extending RMS capabilities with Azure Information Protection • Prevents Permissions Bleed • Once data is outside organization, its beyond the realm of your control • Anyone can plagiarise • Content easily copied • Potential Copyright Infringement Issues • Plausible Deniability Reins • Lack of Compliance
- 26. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Azure Information Protection Document Classification & Labelling File Encryption Rights Management Detailed Auditing, Tracking & Reporting Simple Configuration
- 29. Slide ‹#› Demo A Word on Sharing Content Wisely! 29
- 43. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Identity has its Challenges … • Managing and controlling identity and user access • Encrypting communications and operation processes • Securing networks • Managing threats • Governess & Compliance • Law Enforcement
- 44. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Azure Identity Protection § Risk based Conditional Access automatically protects against suspicious logins and compromised credentials § Detect and remediate configuration vulnerabilities to improve your security posture § Gain insights from a consolidated view of machine learning based threat detection Q Brute force attacks Leaked credentials Infected devices Suspicious sign-in activities Configuration vulnerabilities Risk-Based policies MFA Challenge Risky Logins Block attacks Change bad credentials
- 45. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] User Logs in Date / Time Location Alert Triggers Detailed Logs Risk Evaluation Reporting Services Detailed Heuristics Azure Identity Protection
- 46. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Azure AD Identity Protection! Azure Identity Protection User Logs in • Provides Detailed Reports on: • Users with leaked credentials • Irregular sign-in activity • Sign-ins from possibly infected devices & unfamiliar locations • Sign-ins from IP addresses with suspicious activity • Sign-ins from impossible travel • & Much More … • *Requires Azure AD Premium
- 49. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Azure Multi Factor Authentication! • Method of authentication requiring more than one verification method • Combines device as something you have or Somewhere you are • Password Something you know • Fully supports Biometrics (Something you are) • Adds a critical second layer of security to user sign-ins and transactions • Available for Azure, Office 365 & Hybrid Deployments User Logs in
- 50. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Azure Multi Factor Authentication! • Authentication Methods: • Phone call • Text message • Mobile app notification • Users can choose the method they prefer • Mobile app verification code • 3rd party OAUTH tokens
- 51. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Azure Multi Factor Authentication!
- 52. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Azure Multi Factor Authentication!
- 53. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 Microsoft Authenticator • App which works with both Microsoft accounts and Azure AD accounts • Supports both enterprise and consumer scenarios
- 54. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Multi Factor Authentication via PowerShell Step by Step 1: install the Microsoft Online Services Sign-In Assistant Next Install the Azure Active Directory Module for Windows PowerShell Get-ExecutionPolicy (If the output is anything other than "unrestricted", run the following command) Set-ExecutionPolicy Unrestricted –Scope CurrentUser
- 55. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] 2: Connect to MsolService via PowerShell $UserCredential = Get-Credential Import-Module MSOnline Connect-MsolService –Credential $UserCredential $auth = New-Object -TypeName Microsoft.Online.Administration.StrongAuthentica tionRequirement $auth.RelyingParty = "*” 3: Choose the MFA State $auth.State = "Enabled” Multi Factor Authentication via PowerShell Step by Step
- 56. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] 4: Choose the date – Any devices issued for a user before this date would require MFA setup $auth.RememberDevicesNotIssuedBefore = (Get-Date) 5: Enable MFA for all users: Get-MsolUser –All | Foreach{ Set- MsolUser -UserPrincipalName $_.UserPrincipalName - StrongAuthenticationRequirements $auth} If your users do not regularly sign in through the browser, you can send them to this link to register for multi-factor auth: https://aka.ms/MFASetup Multi Factor Authentication via PowerShell Step by Step
- 57. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Top Tip: Combine Multi Factor Auth with SSO • On the Local ADFS Federation Server install WindowsAzureSDK- x64.exe • On the Local ADFS Federation Server run the PowerShell Cmdlet run Register- ADFSAuthenticationProvider • Run the Microsoft Azure Multi Factor Authentication Wizard – Server Authentication Wizard • You’re all set!
- 64. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 Azure; cloud App Security • Cloud Discovery: Discover all cloud use in your organization, including Shadow IT reporting and control and risk assessment. • Data Protection: Monitor and control your data in the cloud by gaining visibility, enforcing DLP policies, alerting and investigation. • Threat Protection: Detect anomalous use and security incidents. Use behavioral analytics and advanced investigation tools to mitigate risk and set policies and alerts to achieve maximum control over network cloud traffic.
- 65. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 Azure: cloud App Security • using Cloud Discovery to map and identify your cloud environment and the cloud apps your organization is using. • sanctioning and unsanctioning apps in your cloud. • using easy-to-deploy app connectors that take advantage of provider APIs, for visibility and governance of apps that you connect to. • helping you have continuous control by setting, and then continually fine- tuning, policies
- 68. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 What is Advanced Threat Analytics? • Cloud linked to on-premises that protects your enterprise from multiple types of advanced targeted cyber attacks and insider threats. • Reconnaissance: Detects attackers as they gather information on your environment and its assets • Lateral movement cycle, Prevents attackers spreading their attack surface inside your network. • Prevents persistence during which an attacker captures the information allowing them to resume their campaign using various set of entry points, credentials and techniques.
- 69. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 Can Help Prevent the following Attacks • Pass-the-Ticket (PtT) • Pass-the-Hash (PtH) • Overpass-the-Hash • Forged PAC (MS14-068) • Golden Ticket • Malicious replications • Reconnaissance • Brute Force • Remote execution
- 70. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 Can Help Detect the following Threats • Anomalous logins • Unknown threats • Password sharing • Lateral movement
- 73. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER] Don’t rely purely on Technology! Policies Procedures Training Awareness IT & Cloud Infrastructure SUCCESS
- 75. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 Session Review • Current Cybersecurity Trends • Attacks are Simpler than you think! • How Azure & Office 365 is Fighting back! • Andy’s Top 10 Tips! • Demos – Demos - Demos • Review 75
- 76. Slide ‹#› Defence Against the Dark (Cloud) Arts: Azure Security Deep Dive | Andy Malone 20th June 2017 ) 2.15 – 3.30pm Follow us: #O365ENGAGE17 Questions? | Thank You! Andy Malone (@AndyMalone) Andrew.malone@quality-training.co.uk We’d like to know what you think! Please fill out the evaluation form you received at the registration desk for this session Session recordings and materials: Materials will be available on Office365Engage.com soon