Modern workplace environments are rapidly becoming cyber attackers’ prime target, because of the broad attack surface that our cloud-based digitalization offers. We, as an employee in the office or at home are always ‘connected’ and we are mixing personal with professional matters all the time. With BYOD (bring your own device) policies and all those cool SaaS cloud apps we love to use; company data and users are moving constantly outside the network perimeter of the company. Recent breaches clearly demonstrate that the traditional network security approach doesn’t work anymore within this ever-changing cyber threat landscape. Securing a modern workplace across identities, endpoints, user data, cloud apps and infrastructure becomes quite a challenge. Stopping cyber attackers’ threats requires an innovative approach, with evolving technology powered by AI & machine learning. In this session we will give you a sneak peak of the current tactics cyber attackers are using to get their foot between the door and how modern cyber defense tooling is used to detect and stop these threats.

6. On-premises /
Private cloud
devices datausers apps
THE WORLD BEFORE
MOBILITY & CLOUD

7. On-premises /
Private cloud
CLOUD APPS & SAAS SERVICES
THE WORLD
TODAY

8. On-premises /
Private cloud
MOBILE AND PERSONAL DEVICES

9. On-premises /
Private cloud
ORGANIZATION & SOCIAL IDENTITIES

10. On-premises /
Private cloud
GDPR
Compliance

11. Fort Eben Emael

12. THE WORLD HAS CHANGED
TURBULENT TIMES

13. Economic Crimes in the World
TOP FOUR
Cybercrime is Now One of the

15. Security in a cloud enabled world
Cloud service provider responsibility
Tenantresponsibility
Your responsibility for security is based on the type
of cloud service selected.
Cybersecurity threats make security more
challenging – however the public cloud makes it
easier for you to manage as the security load
shifts to the service provider.

16. Who is looking to attack you?
Script kiddie
Hacktivist
Malicious insiders
Hackers
Cybercrime Syndicates
Nation state sponsored hackers

17. Top 5 Threats today

19. Azure ATPMicrosoft Defender ATP
Identity protectionEnd Point protection
Office 365 ATP
Windows Defender AV
User browses to a
website
Phishing
mail
Opens
attachment
Clicks on a URL
+
Exploitation
&
Installation
Command
&
Control
Brute force account or
use stolen account credentials
User account
is compromised
Attacker
attempts
lateral
movement
Privileged
account
compromised
Domain
compromised
Attacker accesses
sensitive data
Exfiltrate data
Phishing kill chain -
Attacker
performs
Reconnaissance
Next Gen AV
Email protection
Cloud App Security
Extends protection & conditional
access to other cloud apps
Azure AD Identity Protection
Identity protection &
conditional access

20. HELP ??

21. Traditional Role-based Access Control
user role resource
Access

22. IF
Privileged user?
Credentials found in public?
Accessing critical app?
(Un)managed device?
Malware detected?
IP detected in Botnet?
Impossible travel?
Anonymous client?
High
Medium
Low
User risk
10TB
per day
THEN
Require MFA
Allow access
Deny access
Force password reset******
Limit access
High
Medium
Low
Session risk
AZURE AD
CONDITIONAL
ACCESS
User
Device
Apps
Location

27. Some cases out of the field
1) De ‘huis-tuin & keuken’ hack = phishing attempt
2) Targeted Ransomware attack

28. sabrina@in-deed.be
6 people @ customer
CASE 1: Phase 1: Initial User compromise through Phishing

29. Person 1
Phase 1: Initial User compromise through Phishing

30. • Person1







 9990
Phase 2: Use compromised User for further phishing

31. Phase 2: timeline Phish campaign
0
200
400
600
800
1000
1200
1400
1600
1800

32. Phase 3: Further compromise other users clicking Phish URL
(+ 100)
0
1
2
3
4
5
6
7
8
9
10
11:09
13:05
13:06
13:07
13:08
13:09
13:10
13:11
13:12
13:13
13:14
13:15
13:16
13:17
13:18
13:19
13:20
13:21
13:22
13:23
13:24
13:25
13:26
13:27
13:28
13:29
13:30
13:32
13:33
13:34
13:37
13:38
13:39
13:41
13:48
13:49
14:01
14:04
14:05
14:09
14:16
14:37
(blank)
Click rate to phishing URL

33. •

•
• Person 1

•

•

•
•
Response Actions

34. CASE 2: Targeted Ransomware attack

35. CASE 2: Response Actions

36. ➢ IAM is your new first line of defense: Strong Identity & Access management
(Conditional Access, MFA,…)
➢ Threat detection & protection across the kill chain (Endpoints n°1)
➢ Detect Cloud Shadow IT
➢ Security awareness / security hygiene
➢ Follow-up on Security Operations
➢ Cyber Remediation playbooks & IT best practices

37. HOW CAN WE HELP YOU?
Security & Risk
Assessment
Audit the AS IS security &
compliance set-up, needs
and pains
Set-up
consultancy
Pilot POC
A to Z implementation
services, coaching &
guidance
Security Blueprint &
Roadmap
Design of the best-practice
TO BE security architecture
& roadmap forward
Monitor
24/7 monitoring, alert
analysis, remediation
support
A t o Z G U I D A N C E

38. Contact us:
cloudsecurity@secwise.be
Gaston Geenslaan 311 - B4
3000 – Leuven
www.SecWise.be
Koen Jacobs
Koen.Jacobs@secwise.be
M: +32 473/ 784 295
THANK YOU!