SlideShare a Scribd company logo

ASMC 2017 - Martin Vliem - Security < productivity < security: syntax error?

P
PlatformSecurityManagement

In deze sessie geeft Martin Vliem een overzicht van uitdagingen en trends rondom informatiebeveiliging [security] [ cybersecurity] in relatie tot de digitale transformatie onderliggend aan Het Nieuwe Werken. Hij licht de belangrijkste bedreigingen toe, gaat in op de risico’s en illustreert hoe organisaties een betere balans kunnen vinden tussen productiviteit en beveiliging.

Education
1 of 22
Download to read offline
Keynote
ASSUME COMPROMISE Protect Detect First Host Compromised  CYBERTHREATS  Domain Admin Compromised  DATA LOSS (Attacker Undetected) 11-14 months  Breach Discovered Respond
Productivity < Security < Productivity Syntax Error? Martin Vliem National Security Officer CCSP, CISSP, CISA martin.vliem@microsoft.com https://www.linkedin.com/in/mvliem
Digital Transformation
1.
By 2020, 25 Billion devices will be connected to the internet1 By 2020, 75% of infrastructure will be under third party control3 1 Million pieces of malware are created every day5 82% of companies expect to face a cyber-attack in 20172 2 Billion customer records were compromised in 20164 COST OF A DATA BREACH Cyber attacks cost organisations $4 Billion a year6 The average cyber attack costs $21 000 per day8 The average cost of a breach is $4 Million7 but impact goes beyond finances
7 Fear is a poor advisor Dutch expression.
Rel. Frequency Order1st 2nd 3rd …
RUIN ATTACKER’S ECONOMIC MODEL BREAK THE KNOWN ATTACK PLAYBOOK ELIMINATE OTHER ATTACK VECTORS RAPID RESPONSE AND RECOVERY
PLAN ENTER TRAVERSE EXECUTE MISSION 4 Threat Actors exfiltrate PII and other sensitive business data Threat Actor targets employee(s) via phishing campaign 1 Workstation compromised, threat actor gathers credentials2a Threat Actors use stolen credentials to move laterally 3a Employee B opens infected email (Mobile or PC). Attacker disables antivirus 2b Compromised credentials/ device used to access cloud service / enterprise environment 3bc Credentials harvested when employee logs into fake website 2c A. Enter and Navigate Any employee opens attack email  Access to most/all corporate data B. Device Compromise Targeted employee opens attack email  Access to same data as employee C. Remote Credential Harvesting Targeted employee(s) enter credentials in website  Access to same data as employee(s) Any
Approved Cloud Services Office 365 Network Perimeter Unmanaged Devices Threats Persistent Network perimeter repels and detects classic attacks… …but is reliably defeated by • Phishing • Credential theft Data has moved out of the network and its protections We must establish an Identity security perimeter • Strong Authentication & secure privileged access • Monitoring and enforcement of access policies • Threat monitoring using telemetry & intelligence Resources $ $ $ $$ $ $ $ $ $ $ Identity Perimeter Shadow IT
Devices Apps Infrastructure Data Identity Unprotected Sensitive Data Unmanaged Devices Risky Use of Approved SaaS Apps Shadow IT SaaS Applications Phishing Credential Theft & Abuse
Data governance & rights management Responsibility SaaS PaaS IaaS On-prem Client endpoints Account & access management Identity & directory infrastructure Application Network controls Operating system Physical network Physical datacenter CustomerMicrosoft Physical hosts ALWAYS RETAINED BY CUSTOMER VARIES BY SERVICE TYPE TRANSFERS TO CLOUD PROVIDER Cloud service provider responsibility Tenant responsibility
CLOUD CONSUMER Information security, privacy, compliance, legal, policy requirements 1 Customer demonstrates compliance / controls risk6 CUSTOM(ER) CONTROLS & PROCESSES Customer evaluates claims and adds additional controls 5 CLOUD PROVIDER CLAIMS RISKS GOVERNANCE, RISK & COMPLIANCE Customer continuous assessment2 MITIGATING CONTROLS CLOUD PROVIDER MITIGATING CONTROLS Customer requests assurances from Cloud vendor 3 Cloud provider provides assurance4 CONTRACTING INDEPENDENTLY VERIFIED DESCRIPTIVE INFORMATION INTERACTIVE INFORMATION & CONTROLS OPTIONAL CONTROLS
Cloud Services Due Diligence checklist based on ISO19086
Devices Apps Infrastructure Data Identity Unprotected Sensitive Data Unmanaged Devices Risky Use of Approved SaaS Apps Shadow IT SaaS Applications Phishing Credential Theft & Abuse Classification and persistent protection CASB – Cloud Access Security Brokering Conditional access Mobile Device & App Management Hardened (front line) devices Threat detection Advanced Threat Protection Conditional Access UEBA – User & Entity Behavioral Analytics Risk based Access Privileged Access Cloud as the source for security – community effect
PLAN ENTER TRAVERSE EXECUTE MISSION 4 Threat Actors exfiltrate PII and other sensitive business data Threat Actor targets employee(s) via phishing campaign1 Workstation compromised, threat actor gathers credentials2a Threat Actors use stolen credentials to move laterally 3a Employee B opens infected email (Mobile or PC). Attacker disables antivirus 2b Compromised credentials/ device used to access cloud service / enterprise environment 3bc Credentials harvested when employee logs into fake website 2c A. Enter and Navigate Any employee opens attack email  Access to most/all corporate data B. Device Compromise Targeted employee opens attack email  Access to same data as employee C. Remote Credential Harvesting Targeted employee(s) enter credentials in website  Access to same data as employee(s) People, Process, Technology Office 365 Technology • Advanced Threat Protection (requires E5) EMS Technology • Cloud App Security (CASB) (requires E5) Office 365 Technology • Advanced Security Management (basic CASB) (requires E5) Azure Technology • Multi-Factor Authentication • Azure Active Directory Analytics Windows 10 Technology • Smartscreen URL and App reputation EMS Technology • Azure Information Protection (requires E5) Office 365 Technology • Data Loss Prevention Windows 10 Technology • Windows Information Protection Azure Technology • Disk, Storage, SQL Encryption • Key Vault • … Any Windows 10 Technology • Device Guard • Credential Guard • Defender Advanced Threat Protection (requires E5) Managed Detection and Response (MDR) • Enterprise Threat Detection Published Guidance • Securing Privileged Access Roadmap Professional Services • Security Foundation • Enhanced Security Admin Environment (ESAE) Technology • Advanced Threat Analytics (in EMS E3) • Azure Security Center & Operations Management Suite (OMS) • …and more EMS Technology • Intune conditional access Managed Detection and Response (MDR) • Enterprise Threat Detection (PCs only)
Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection System Center Configuration Manager + Intune Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ EPP - Windows Defender EDR - Windows Defender ATPMac OS Multi-Factor Authentication MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Windows Info Protection Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Enterprise Threat Detection Analytics Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WEF SIEM Integration IoT Identity & AccessUEBA Windows 10 Windows 10 Security • Secure Boot • Device Guard • Application Guard • Credential Guard • Windows Hello Managed Clients Windows Server 2016 Security Shielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V Containers, Nano server, … Software as a Service ATA Privileged Access Workstations (PAWs) • Device Health Attestation • Remote Credential Guard Intune MDM/MAM Conditional Access Cloud App Security Azure Information Protection (AIP) • Classify • Label • Protect • Report Office 365 DLP Endpoint DLP Structured Data & 3rd party Apps DDoS attack mitigation ClassificationLabels ASM Lockbox Office 365 Information Protection Legacy Windows Backup and Site Recovery Shielded VMs Domain Controllers Office 365 ATP • Email Gateway • Anti-malware Hold Your Own Key (HYOK) ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances
SECURE MODERN ENTERPRISE Identity Devices Apps and Data Infrastructure Identity Embraces identity as primary security perimeter and protects identity systems, admins, and credentials as top priorities Apps and Data Aligns security investments wit priorities including identifying and securing communications, data, and applications Infrastructure Operates on modern platform and uses cloud intelligence to detect and remediate both vulnerabilities and attacks Devices Accesses assets from trusted devices with hardware security assurances, great user experience, and advanced threat detection Secure Platform (secure by design) 1. Security Foundation – address Critical Attack Defenses 2. Secure the pillars – based on business priorities & risk
TRADITIONAL APPROACH CLOUD-ENABLED SECURITY
1. Security is about addressing risk, whilst enabling a productive modern enterprise. Getting to 100% protection is not feasible; focus on the right protection augmented with detection & response capabilities A Data driven security defense: https://gallery.technet.microsoft.com/Fixing-the-1-Problem-in-2e58ac4a 2. First implement critical attack defenses for the known playbook, where Identity is the new IT security perimeter. Then extend to addressing additional Identity, Device, Apps&Data and Infrastructure risks. Microsoft Cloud IT Architecture, Identity & Security resources: https://technet.microsoft.com/en- us/library/dn919927.aspx Securing Privileged Access: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged- access/securing-privileged-access 3. Cloud computing can contribute in securing a flexible workplace, but requires solid due diligence. Require assurances and clarity in the shared responsibilities model Cloud Services Due Diligence Checklist (ISO 19086 based): https://www.microsoft.com/en-us/trustcenter/Compliance/Due- Diligence-Checklist Summary and guidance…
Thank you!

Recommended

Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonAdam Levithan
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceDean Iacovelli
 
Microsoft Digital Crimes Unit
Microsoft Digital Crimes UnitMicrosoft Digital Crimes Unit
Microsoft Digital Crimes UnitMicrosoft Österreich
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterMicrosoft Österreich
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 

Recommended

Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonAdam Levithan
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceDean Iacovelli
 
Microsoft Digital Crimes Unit
Microsoft Digital Crimes UnitMicrosoft Digital Crimes Unit
Microsoft Digital Crimes UnitMicrosoft Österreich
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterMicrosoft Österreich
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
Arbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsArbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsMicrosoft Österreich
 
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber SecurityVivianMarcello3
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Microsoft Österreich
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the ThreatIBM Security
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information ProtectionMicrosoft Österreich
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewAllessandra Negri
 
Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016patmisasi
 
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...Cam Fulton
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry
 
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Microsoft Österreich
 
Cyber security infotech pvt ltd
Cyber security infotech pvt ltdCyber security infotech pvt ltd
Cyber security infotech pvt ltdCyber Security Infotech
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud CrossoverArmor
 
IBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerIBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerThierry Matusiak
 
Secure the modern Enterprise
Secure the modern EnterpriseSecure the modern Enterprise
Secure the modern EnterpriseMicrosoft Österreich
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
 

More Related Content

What's hot

The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
Arbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsArbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsMicrosoft Österreich
 
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Microsoft Österreich
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the ThreatIBM Security
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information ProtectionMicrosoft Österreich
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewAllessandra Negri
 
Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016patmisasi
 
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...Cam Fulton
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry
 
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Microsoft Österreich
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud CrossoverArmor
 
IBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerIBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerThierry Matusiak
 

What's hot (20)

The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
 
Arbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsArbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat Analytics
 
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security Simulation
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overview
 
Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016
 
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)
 
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
 
Cyber security infotech pvt ltd
Cyber security infotech pvt ltdCyber security infotech pvt ltd
Cyber security infotech pvt ltd
 
The Cloud Crossover
The Cloud CrossoverThe Cloud Crossover
The Cloud Crossover
 
IBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerIBM Security Software Solutions - One Pager
IBM Security Software Solutions - One Pager
 

Similar to ASMC 2017 - Martin Vliem - Security &lt; productivity &lt; security: syntax error?

"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Ravikumar Sathyamurthy
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and ComplianceDavid J Rosenthal
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 
Webinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosWebinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosJenniferMete1
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Shahar Geiger Maor
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
Subscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, ScalabilitySubscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, ScalabilityZuora, Inc.
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckArrow ECS UK
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAmazon Web Services
 

Similar to ASMC 2017 - Martin Vliem - Security &lt; productivity &lt; security: syntax error? (20)

Secure the modern Enterprise
Secure the modern EnterpriseSecure the modern Enterprise
Secure the modern Enterprise
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
 
Information Security
Information SecurityInformation Security
Information Security
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 
Webinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosWebinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von Baggenstos
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
Subscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, ScalabilitySubscribed 2015: Architecture, Security, Scalability
Subscribed 2015: Architecture, Security, Scalability
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
 

More from PlatformSecurityManagement

ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'
ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'
ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'PlatformSecurityManagement
 
ASMC 2018 sessie 2.3 Een schip met meerdere kapiteins? Security in een Campus...
ASMC 2018 sessie 2.3 Een schip met meerdere kapiteins? Security in een Campus...ASMC 2018 sessie 2.3 Een schip met meerdere kapiteins? Security in een Campus...
ASMC 2018 sessie 2.3 Een schip met meerdere kapiteins? Security in een Campus...PlatformSecurityManagement
 
ASMC Sessie 2.2 Aantoonbaar compliant beveiligen door middel van ‘human systems’
ASMC Sessie 2.2 Aantoonbaar compliant beveiligen door middel van ‘human systems’ASMC Sessie 2.2 Aantoonbaar compliant beveiligen door middel van ‘human systems’
ASMC Sessie 2.2 Aantoonbaar compliant beveiligen door middel van ‘human systems’PlatformSecurityManagement
 
ASMC 2018 Sessie 1.3 BCM en cyber security is cyber resilience
ASMC 2018 Sessie 1.3 BCM en cyber security is cyber resilienceASMC 2018 Sessie 1.3 BCM en cyber security is cyber resilience
ASMC 2018 Sessie 1.3 BCM en cyber security is cyber resiliencePlatformSecurityManagement
 
ASMC 2018 Sessie 1.2 Verzekeraars als veiligheidsregisseurs
ASMC 2018 Sessie 1.2 Verzekeraars als veiligheidsregisseursASMC 2018 Sessie 1.2 Verzekeraars als veiligheidsregisseurs
ASMC 2018 Sessie 1.2 Verzekeraars als veiligheidsregisseursPlatformSecurityManagement
 
ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'
ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'
ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'PlatformSecurityManagement
 
ASMC 2018 Keynote 2: Hoe organiseer je privacy in de keten?
ASMC 2018 Keynote 2: Hoe organiseer je privacy in de keten?ASMC 2018 Keynote 2: Hoe organiseer je privacy in de keten?
ASMC 2018 Keynote 2: Hoe organiseer je privacy in de keten?PlatformSecurityManagement
 
ASMC 2017 - Cor Treure - Cloud-benefits for the Customers: van concept naar a...
ASMC 2017 - Cor Treure - Cloud-benefits for the Customers: van concept naar a...ASMC 2017 - Cor Treure - Cloud-benefits for the Customers: van concept naar a...
ASMC 2017 - Cor Treure - Cloud-benefits for the Customers: van concept naar a...PlatformSecurityManagement
 
ASMC 2017 - Gertj-Jan Poelman - Het nieuwe werken, nieuwe risico's?
ASMC 2017 - Gertj-Jan Poelman - Het nieuwe werken, nieuwe risico's?ASMC 2017 - Gertj-Jan Poelman - Het nieuwe werken, nieuwe risico's?
ASMC 2017 - Gertj-Jan Poelman - Het nieuwe werken, nieuwe risico's?PlatformSecurityManagement
 
ASMC2017 - Gert-Jan Poelman - Het nieuwe werken, nieuwe risico’s? (lightversie)
ASMC2017 - Gert-Jan Poelman - Het nieuwe werken, nieuwe risico’s? (lightversie)ASMC2017 - Gert-Jan Poelman - Het nieuwe werken, nieuwe risico’s? (lightversie)
ASMC2017 - Gert-Jan Poelman - Het nieuwe werken, nieuwe risico’s? (lightversie)PlatformSecurityManagement
 
ASMC - Sjoerd van der Meulen - Cybercrime vs Security professional
ASMC - Sjoerd van der Meulen - Cybercrime vs Security professionalASMC - Sjoerd van der Meulen - Cybercrime vs Security professional
ASMC - Sjoerd van der Meulen - Cybercrime vs Security professionalPlatformSecurityManagement
 
ASMC2017 - Maatwerk in safety: met 6 stappen naar een effectieve bedrijfshulp...
ASMC2017 - Maatwerk in safety: met 6 stappen naar een effectieve bedrijfshulp...ASMC2017 - Maatwerk in safety: met 6 stappen naar een effectieve bedrijfshulp...
ASMC2017 - Maatwerk in safety: met 6 stappen naar een effectieve bedrijfshulp...PlatformSecurityManagement
 
ASMC2017 - Looking after your mobile workforce in a globalising economy
ASMC2017 - Looking after your mobile workforce in a globalising economyASMC2017 - Looking after your mobile workforce in a globalising economy
ASMC2017 - Looking after your mobile workforce in a globalising economyPlatformSecurityManagement
 
ASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartner
ASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartnerASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartner
ASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartnerPlatformSecurityManagement
 

More from PlatformSecurityManagement (20)

ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'
ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'
ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'
 
ASMC 2018 sessie 2.3 Een schip met meerdere kapiteins? Security in een Campus...
ASMC 2018 sessie 2.3 Een schip met meerdere kapiteins? Security in een Campus...ASMC 2018 sessie 2.3 Een schip met meerdere kapiteins? Security in een Campus...
ASMC 2018 sessie 2.3 Een schip met meerdere kapiteins? Security in een Campus...
 
ASMC Sessie 2.2 Aantoonbaar compliant beveiligen door middel van ‘human systems’
ASMC Sessie 2.2 Aantoonbaar compliant beveiligen door middel van ‘human systems’ASMC Sessie 2.2 Aantoonbaar compliant beveiligen door middel van ‘human systems’
ASMC Sessie 2.2 Aantoonbaar compliant beveiligen door middel van ‘human systems’
 
ASMC 2018 Sessie 1.5 Privacy onder de plint
ASMC 2018 Sessie 1.5 Privacy onder de plintASMC 2018 Sessie 1.5 Privacy onder de plint
ASMC 2018 Sessie 1.5 Privacy onder de plint
 
ASMC 2018 Sessie 1.3 BCM en cyber security is cyber resilience
ASMC 2018 Sessie 1.3 BCM en cyber security is cyber resilienceASMC 2018 Sessie 1.3 BCM en cyber security is cyber resilience
ASMC 2018 Sessie 1.3 BCM en cyber security is cyber resilience
 
ASMC 2018 Sessie Privacy onder de plint
ASMC 2018 Sessie Privacy onder de plintASMC 2018 Sessie Privacy onder de plint
ASMC 2018 Sessie Privacy onder de plint
 
ASMC 2018 Sessie 1.4 Beyond surveillance
ASMC 2018 Sessie 1.4 Beyond surveillanceASMC 2018 Sessie 1.4 Beyond surveillance
ASMC 2018 Sessie 1.4 Beyond surveillance
 
ASMC 2018 Sessie 1.2 Verzekeraars als veiligheidsregisseurs
ASMC 2018 Sessie 1.2 Verzekeraars als veiligheidsregisseursASMC 2018 Sessie 1.2 Verzekeraars als veiligheidsregisseurs
ASMC 2018 Sessie 1.2 Verzekeraars als veiligheidsregisseurs
 
ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'
ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'
ASMC 2018 Keynote 3: 'Over het sterke en zwakke van ketens'
 
ASMC 2018 Keynote 2: Hoe organiseer je privacy in de keten?
ASMC 2018 Keynote 2: Hoe organiseer je privacy in de keten?ASMC 2018 Keynote 2: Hoe organiseer je privacy in de keten?
ASMC 2018 Keynote 2: Hoe organiseer je privacy in de keten?
 
ASMC 2018
ASMC 2018 ASMC 2018
ASMC 2018
 
ASMC 2017 - Cor Treure - Cloud-benefits for the Customers: van concept naar a...
ASMC 2017 - Cor Treure - Cloud-benefits for the Customers: van concept naar a...ASMC 2017 - Cor Treure - Cloud-benefits for the Customers: van concept naar a...
ASMC 2017 - Cor Treure - Cloud-benefits for the Customers: van concept naar a...
 
ASMC2017 - rondetafel young professionals
ASMC2017 - rondetafel young professionalsASMC2017 - rondetafel young professionals
ASMC2017 - rondetafel young professionals
 
ASMC 2017 - Gertj-Jan Poelman - Het nieuwe werken, nieuwe risico's?
ASMC 2017 - Gertj-Jan Poelman - Het nieuwe werken, nieuwe risico's?ASMC 2017 - Gertj-Jan Poelman - Het nieuwe werken, nieuwe risico's?
ASMC 2017 - Gertj-Jan Poelman - Het nieuwe werken, nieuwe risico's?
 
ASMC2017 - Gert-Jan Poelman - Het nieuwe werken, nieuwe risico’s? (lightversie)
ASMC2017 - Gert-Jan Poelman - Het nieuwe werken, nieuwe risico’s? (lightversie)ASMC2017 - Gert-Jan Poelman - Het nieuwe werken, nieuwe risico’s? (lightversie)
ASMC2017 - Gert-Jan Poelman - Het nieuwe werken, nieuwe risico’s? (lightversie)
 
ASMC - Sjoerd van der Meulen - Cybercrime vs Security professional
ASMC - Sjoerd van der Meulen - Cybercrime vs Security professionalASMC - Sjoerd van der Meulen - Cybercrime vs Security professional
ASMC - Sjoerd van der Meulen - Cybercrime vs Security professional
 
ASMC 2017 - Marcel Spit
ASMC 2017 - Marcel Spit ASMC 2017 - Marcel Spit
ASMC 2017 - Marcel Spit
 
ASMC2017 - Maatwerk in safety: met 6 stappen naar een effectieve bedrijfshulp...
ASMC2017 - Maatwerk in safety: met 6 stappen naar een effectieve bedrijfshulp...ASMC2017 - Maatwerk in safety: met 6 stappen naar een effectieve bedrijfshulp...
ASMC2017 - Maatwerk in safety: met 6 stappen naar een effectieve bedrijfshulp...
 
ASMC2017 - Looking after your mobile workforce in a globalising economy
ASMC2017 - Looking after your mobile workforce in a globalising economyASMC2017 - Looking after your mobile workforce in a globalising economy
ASMC2017 - Looking after your mobile workforce in a globalising economy
 
ASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartner
ASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartnerASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartner
ASMC 2017 - Rudy Neefs - Van bedrijfspolitieman naar kritieke businesspartner
 

Recently uploaded

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 

Recently uploaded (20)

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 

ASMC 2017 - Martin Vliem - Security &lt; productivity &lt; security: syntax error?

  • 2. ASSUME COMPROMISE Protect Detect First Host Compromised  CYBERTHREATS  Domain Admin Compromised  DATA LOSS (Attacker Undetected) 11-14 months  Breach Discovered Respond
  • 3. Productivity < Security < Productivity Syntax Error? Martin Vliem National Security Officer CCSP, CISSP, CISA martin.vliem@microsoft.com https://www.linkedin.com/in/mvliem
  • 5. 1.
  • 6. By 2020, 25 Billion devices will be connected to the internet1 By 2020, 75% of infrastructure will be under third party control3 1 Million pieces of malware are created every day5 82% of companies expect to face a cyber-attack in 20172 2 Billion customer records were compromised in 20164 COST OF A DATA BREACH Cyber attacks cost organisations $4 Billion a year6 The average cyber attack costs $21 000 per day8 The average cost of a breach is $4 Million7 but impact goes beyond finances
  • 7. 7 Fear is a poor advisor Dutch expression.
  • 9. RUIN ATTACKER’S ECONOMIC MODEL BREAK THE KNOWN ATTACK PLAYBOOK ELIMINATE OTHER ATTACK VECTORS RAPID RESPONSE AND RECOVERY
  • 10. PLAN ENTER TRAVERSE EXECUTE MISSION 4 Threat Actors exfiltrate PII and other sensitive business data Threat Actor targets employee(s) via phishing campaign 1 Workstation compromised, threat actor gathers credentials2a Threat Actors use stolen credentials to move laterally 3a Employee B opens infected email (Mobile or PC). Attacker disables antivirus 2b Compromised credentials/ device used to access cloud service / enterprise environment 3bc Credentials harvested when employee logs into fake website 2c A. Enter and Navigate Any employee opens attack email  Access to most/all corporate data B. Device Compromise Targeted employee opens attack email  Access to same data as employee C. Remote Credential Harvesting Targeted employee(s) enter credentials in website  Access to same data as employee(s) Any
  • 11. Approved Cloud Services Office 365 Network Perimeter Unmanaged Devices Threats Persistent Network perimeter repels and detects classic attacks… …but is reliably defeated by • Phishing • Credential theft Data has moved out of the network and its protections We must establish an Identity security perimeter • Strong Authentication & secure privileged access • Monitoring and enforcement of access policies • Threat monitoring using telemetry & intelligence Resources $ $ $ $$ $ $ $ $ $ $ Identity Perimeter Shadow IT
  • 12. Devices Apps Infrastructure Data Identity Unprotected Sensitive Data Unmanaged Devices Risky Use of Approved SaaS Apps Shadow IT SaaS Applications Phishing Credential Theft & Abuse
  • 13. Data governance & rights management Responsibility SaaS PaaS IaaS On-prem Client endpoints Account & access management Identity & directory infrastructure Application Network controls Operating system Physical network Physical datacenter CustomerMicrosoft Physical hosts ALWAYS RETAINED BY CUSTOMER VARIES BY SERVICE TYPE TRANSFERS TO CLOUD PROVIDER Cloud service provider responsibility Tenant responsibility
  • 14. CLOUD CONSUMER Information security, privacy, compliance, legal, policy requirements 1 Customer demonstrates compliance / controls risk6 CUSTOM(ER) CONTROLS & PROCESSES Customer evaluates claims and adds additional controls 5 CLOUD PROVIDER CLAIMS RISKS GOVERNANCE, RISK & COMPLIANCE Customer continuous assessment2 MITIGATING CONTROLS CLOUD PROVIDER MITIGATING CONTROLS Customer requests assurances from Cloud vendor 3 Cloud provider provides assurance4 CONTRACTING INDEPENDENTLY VERIFIED DESCRIPTIVE INFORMATION INTERACTIVE INFORMATION & CONTROLS OPTIONAL CONTROLS
  • 15. Cloud Services Due Diligence checklist based on ISO19086
  • 16. Devices Apps Infrastructure Data Identity Unprotected Sensitive Data Unmanaged Devices Risky Use of Approved SaaS Apps Shadow IT SaaS Applications Phishing Credential Theft & Abuse Classification and persistent protection CASB – Cloud Access Security Brokering Conditional access Mobile Device & App Management Hardened (front line) devices Threat detection Advanced Threat Protection Conditional Access UEBA – User & Entity Behavioral Analytics Risk based Access Privileged Access Cloud as the source for security – community effect
  • 17. PLAN ENTER TRAVERSE EXECUTE MISSION 4 Threat Actors exfiltrate PII and other sensitive business data Threat Actor targets employee(s) via phishing campaign1 Workstation compromised, threat actor gathers credentials2a Threat Actors use stolen credentials to move laterally 3a Employee B opens infected email (Mobile or PC). Attacker disables antivirus 2b Compromised credentials/ device used to access cloud service / enterprise environment 3bc Credentials harvested when employee logs into fake website 2c A. Enter and Navigate Any employee opens attack email  Access to most/all corporate data B. Device Compromise Targeted employee opens attack email  Access to same data as employee C. Remote Credential Harvesting Targeted employee(s) enter credentials in website  Access to same data as employee(s) People, Process, Technology Office 365 Technology • Advanced Threat Protection (requires E5) EMS Technology • Cloud App Security (CASB) (requires E5) Office 365 Technology • Advanced Security Management (basic CASB) (requires E5) Azure Technology • Multi-Factor Authentication • Azure Active Directory Analytics Windows 10 Technology • Smartscreen URL and App reputation EMS Technology • Azure Information Protection (requires E5) Office 365 Technology • Data Loss Prevention Windows 10 Technology • Windows Information Protection Azure Technology • Disk, Storage, SQL Encryption • Key Vault • … Any Windows 10 Technology • Device Guard • Credential Guard • Defender Advanced Threat Protection (requires E5) Managed Detection and Response (MDR) • Enterprise Threat Detection Published Guidance • Securing Privileged Access Roadmap Professional Services • Security Foundation • Enhanced Security Admin Environment (ESAE) Technology • Advanced Threat Analytics (in EMS E3) • Azure Security Center & Operations Management Suite (OMS) • …and more EMS Technology • Intune conditional access Managed Detection and Response (MDR) • Enterprise Threat Detection (PCs only)
  • 18. Internet of Things Unmanaged & Mobile Clients Sensitive Workloads Extranet Azure Key Vault Azure Security Center • Threat Protection • Threat Detection System Center Configuration Manager + Intune Microsoft Azure On Premises Datacenter(s) NGFW Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR) Colocation $ EPP - Windows Defender EDR - Windows Defender ATPMac OS Multi-Factor Authentication MIM PAMAzure App Gateway Network Security Groups Azure AD PIM Azure Antimalware Disk & Storage Encryption SQL Encryption & Firewall Hello for Business Windows Info Protection Enterprise Servers VPN VPN VMs VMs Certification Authority (PKI) Incident Response Vulnerability Management Enterprise Threat Detection Analytics Managed Security Provider OMS ATA SIEM Security Operations Center (SOC) Logs & Analytics Active Threat Detection Hunting Teams Investigation and Recovery WEF SIEM Integration IoT Identity & AccessUEBA Windows 10 Windows 10 Security • Secure Boot • Device Guard • Application Guard • Credential Guard • Windows Hello Managed Clients Windows Server 2016 Security Shielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V Containers, Nano server, … Software as a Service ATA Privileged Access Workstations (PAWs) • Device Health Attestation • Remote Credential Guard Intune MDM/MAM Conditional Access Cloud App Security Azure Information Protection (AIP) • Classify • Label • Protect • Report Office 365 DLP Endpoint DLP Structured Data & 3rd party Apps DDoS attack mitigation ClassificationLabels ASM Lockbox Office 365 Information Protection Legacy Windows Backup and Site Recovery Shielded VMs Domain Controllers Office 365 ATP • Email Gateway • Anti-malware Hold Your Own Key (HYOK) ESAE Admin Forest PADS 80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013) IPS Edge DLP SSL Proxy Security Development Lifecycle (SDL) Azure AD Identity Protection Security Appliances
  • 19. SECURE MODERN ENTERPRISE Identity Devices Apps and Data Infrastructure Identity Embraces identity as primary security perimeter and protects identity systems, admins, and credentials as top priorities Apps and Data Aligns security investments wit priorities including identifying and securing communications, data, and applications Infrastructure Operates on modern platform and uses cloud intelligence to detect and remediate both vulnerabilities and attacks Devices Accesses assets from trusted devices with hardware security assurances, great user experience, and advanced threat detection Secure Platform (secure by design) 1. Security Foundation – address Critical Attack Defenses 2. Secure the pillars – based on business priorities & risk
  • 21. 1. Security is about addressing risk, whilst enabling a productive modern enterprise. Getting to 100% protection is not feasible; focus on the right protection augmented with detection & response capabilities A Data driven security defense: https://gallery.technet.microsoft.com/Fixing-the-1-Problem-in-2e58ac4a 2. First implement critical attack defenses for the known playbook, where Identity is the new IT security perimeter. Then extend to addressing additional Identity, Device, Apps&Data and Infrastructure risks. Microsoft Cloud IT Architecture, Identity & Security resources: https://technet.microsoft.com/en- us/library/dn919927.aspx Securing Privileged Access: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged- access/securing-privileged-access 3. Cloud computing can contribute in securing a flexible workplace, but requires solid due diligence. Require assurances and clarity in the shared responsibilities model Cloud Services Due Diligence Checklist (ISO 19086 based): https://www.microsoft.com/en-us/trustcenter/Compliance/Due- Diligence-Checklist Summary and guidance…