In deze sessie geeft Martin Vliem een overzicht van uitdagingen en trends rondom informatiebeveiliging [security] [ cybersecurity] in relatie tot de digitale transformatie onderliggend aan Het Nieuwe Werken. Hij licht de belangrijkste bedreigingen toe, gaat in op de risico’s en illustreert hoe organisaties een betere balans kunnen vinden tussen productiviteit en beveiliging.
6. By 2020,
25 Billion
devices will be
connected to
the internet1
By 2020, 75%
of infrastructure
will be under third
party control3
1 Million
pieces of malware
are created
every day5
82% of
companies
expect to face a
cyber-attack in
20172
2 Billion
customer
records were
compromised in
20164
COST OF A DATA BREACH
Cyber attacks cost
organisations
$4 Billion
a year6
The average cyber
attack costs
$21 000
per day8
The average cost
of a breach is
$4 Million7
but impact goes beyond finances
10. PLAN ENTER TRAVERSE EXECUTE MISSION
4
Threat Actors exfiltrate
PII and other sensitive
business data
Threat Actor targets
employee(s)
via phishing campaign
1
Workstation compromised, threat
actor gathers credentials2a
Threat Actors use stolen credentials to move laterally
3a
Employee B opens infected
email (Mobile or PC).
Attacker disables antivirus
2b Compromised credentials/
device used to access
cloud service / enterprise
environment
3bc
Credentials harvested
when employee logs into
fake website
2c
A. Enter and Navigate
Any employee opens
attack email
Access to most/all
corporate data
B. Device Compromise
Targeted employee opens attack email
Access to same data as employee
C. Remote Credential
Harvesting
Targeted employee(s) enter credentials in
website
Access to same data as employee(s)
Any
11. Approved
Cloud Services
Office
365
Network Perimeter
Unmanaged
Devices
Threats
Persistent
Network perimeter repels and
detects classic attacks…
…but is reliably defeated by
• Phishing
• Credential theft
Data has moved out of the
network and its protections
We must establish an Identity
security perimeter
• Strong Authentication &
secure privileged access
• Monitoring and
enforcement of access
policies
• Threat monitoring using
telemetry & intelligence
Resources
$
$
$ $$
$
$
$
$ $
$
Identity Perimeter
Shadow IT
16. Devices
Apps
Infrastructure
Data
Identity
Unprotected
Sensitive Data
Unmanaged
Devices
Risky Use of
Approved SaaS Apps
Shadow IT SaaS
Applications
Phishing
Credential Theft
& Abuse
Classification and
persistent protection
CASB – Cloud Access
Security Brokering
Conditional access
Mobile Device & App
Management
Hardened (front line) devices
Threat detection
Advanced Threat Protection
Conditional Access
UEBA – User & Entity Behavioral
Analytics
Risk based Access
Privileged Access
Cloud as the source for
security – community
effect
17. PLAN ENTER TRAVERSE EXECUTE MISSION
4
Threat Actors exfiltrate PII and
other sensitive business data
Threat Actor targets employee(s)
via phishing campaign1
Workstation compromised, threat
actor gathers credentials2a
Threat Actors use stolen credentials to move laterally
3a
Employee B opens infected
email (Mobile or PC).
Attacker disables antivirus
2b Compromised credentials/
device used to access
cloud service / enterprise
environment
3bc
Credentials harvested
when employee logs into
fake website
2c
A. Enter and Navigate
Any employee opens
attack email
Access to most/all
corporate data
B. Device Compromise
Targeted employee opens attack email
Access to same data as employee
C. Remote Credential
Harvesting
Targeted employee(s) enter credentials in
website
Access to same data as employee(s)
People, Process, Technology
Office 365 Technology
• Advanced Threat Protection
(requires E5)
EMS Technology
• Cloud App Security (CASB)
(requires E5)
Office 365 Technology
• Advanced Security Management
(basic CASB) (requires E5)
Azure Technology
• Multi-Factor Authentication
• Azure Active Directory Analytics
Windows 10 Technology
• Smartscreen URL and App reputation
EMS Technology
• Azure Information Protection
(requires E5)
Office 365 Technology
• Data Loss Prevention
Windows 10 Technology
• Windows Information Protection
Azure Technology
• Disk, Storage, SQL Encryption
• Key Vault
• …
Any
Windows 10 Technology
• Device Guard
• Credential Guard
• Defender Advanced Threat Protection (requires E5)
Managed Detection and Response (MDR)
• Enterprise Threat Detection
Published Guidance
• Securing Privileged Access Roadmap
Professional Services
• Security Foundation
• Enhanced Security Admin Environment (ESAE)
Technology
• Advanced Threat Analytics (in EMS E3)
• Azure Security Center & Operations Management Suite (OMS)
• …and more
EMS Technology
• Intune conditional access
Managed Detection and Response (MDR)
• Enterprise Threat Detection (PCs only)
18. Internet of Things
Unmanaged & Mobile Clients
Sensitive
Workloads
Extranet
Azure Key Vault
Azure Security Center
• Threat Protection
• Threat Detection
System Center Configuration Manager + Intune
Microsoft Azure
On Premises Datacenter(s)
NGFW
Nearly all customer breaches that Microsoft’s Incident
Response team investigates involve credential theft
63% of confirmed data breaches involve weak, default,
or stolen passwords (Verizon 2016 DBR)
Colocation
$
EPP - Windows Defender
EDR - Windows Defender ATPMac
OS
Multi-Factor
Authentication
MIM PAMAzure App Gateway
Network Security Groups
Azure AD PIM
Azure Antimalware
Disk & Storage Encryption
SQL Encryption & Firewall
Hello for
Business
Windows
Info Protection
Enterprise Servers
VPN
VPN
VMs VMs
Certification
Authority (PKI)
Incident
Response
Vulnerability
Management
Enterprise
Threat
Detection
Analytics
Managed
Security
Provider OMS
ATA
SIEM
Security Operations
Center (SOC)
Logs & Analytics
Active Threat Detection
Hunting
Teams
Investigation
and Recovery
WEF
SIEM
Integration
IoT
Identity &
AccessUEBA
Windows 10
Windows 10 Security
• Secure Boot
• Device Guard
• Application Guard
• Credential Guard
• Windows Hello
Managed Clients
Windows Server 2016 Security
Shielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V
Containers, Nano server, …
Software as a Service
ATA
Privileged Access Workstations (PAWs)
• Device Health
Attestation
• Remote
Credential Guard
Intune MDM/MAM
Conditional Access
Cloud App Security
Azure
Information
Protection (AIP)
• Classify
• Label
• Protect
• Report
Office 365 DLP
Endpoint DLP
Structured Data &
3rd party Apps
DDoS attack mitigation
ClassificationLabels
ASM
Lockbox
Office 365
Information
Protection
Legacy
Windows
Backup and Site Recovery
Shielded VMs
Domain Controllers
Office 365 ATP
• Email Gateway
• Anti-malware
Hold Your Own
Key (HYOK)
ESAE
Admin Forest
PADS
80% + of employees admit
using non-approved SaaS apps
for work (Stratecast, December
2013)
IPS
Edge DLP
SSL Proxy
Security Development Lifecycle (SDL)
Azure AD
Identity Protection
Security
Appliances
19. SECURE MODERN ENTERPRISE
Identity Devices Apps
and Data
Infrastructure
Identity
Embraces identity as primary security perimeter and protects
identity systems, admins, and credentials as top priorities
Apps and Data
Aligns security investments wit priorities including identifying and
securing communications, data, and applications
Infrastructure
Operates on modern platform and uses cloud intelligence to
detect and remediate both vulnerabilities and attacks
Devices
Accesses assets from trusted devices with hardware security
assurances, great user experience, and advanced threat detection
Secure Platform (secure by design)
1. Security Foundation – address Critical Attack Defenses
2. Secure the pillars – based on business priorities & risk
21. 1. Security is about addressing risk, whilst enabling a productive modern
enterprise. Getting to 100% protection is not feasible; focus on the right
protection augmented with detection & response capabilities
A Data driven security defense: https://gallery.technet.microsoft.com/Fixing-the-1-Problem-in-2e58ac4a
2. First implement critical attack defenses for the known playbook, where Identity
is the new IT security perimeter. Then extend to addressing additional Identity,
Device, Apps&Data and Infrastructure risks.
Microsoft Cloud IT Architecture, Identity & Security resources: https://technet.microsoft.com/en-
us/library/dn919927.aspx
Securing Privileged Access: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-
access/securing-privileged-access
3. Cloud computing can contribute in securing a flexible workplace, but requires
solid due diligence. Require assurances and clarity in the shared responsibilities
model
Cloud Services Due Diligence Checklist (ISO 19086 based): https://www.microsoft.com/en-us/trustcenter/Compliance/Due-
Diligence-Checklist
Summary and guidance…