SlideShare a Scribd company logo
“Security is like oxygen.
When you have it, you don't
notice it. But when it’s gone,
you don’t survive long.”
Jessi Hempel
Former Senior Writer, WIRED
WIRED, “DOD Head Ashton Carter Enlists Silicon Valley to Transform
the Military,” November 18, 2015
“Cybersecurity is like going
to the gym. You can’t get
better by watching others,
you’ve got to get there
every day.”
Satya Nadella
CEO, Microsoft
@satyanadella #FIF2017
“People will only use
technology they trust.”
Brad Smith
President & Chief Legal Officer
Microsoft Corporation
200 DAYS between infiltration and detection
HOW DO BREACHES OCCUR?
Malware and
vulnerabilities are
not the only thing
to worry about
99.9%
of exploited Vulnerabilities were
used more than a year after the
CVE was published
46%
of compromised systems had
no malware on them
50%
of those who open and click
attachments do so within the
first hour
23%
of recipients opened phishing
messages (11% clicked on
attachments)
Fast and effective
phishing attacks
leave you little
time to react
74%
of the world’s businesses
expect to be hacked
in the coming year
Microsoft is meeting customer security needs with the industry's largest compliance
portfolio
ISO
27001
PCI DSS Level 1 * SOC 2 Type 2
ISO
27018
Cloud Controls
Matrix
Content Delivery and
Security Association *
Shared
Assessments
SOC 1 Type 2
Worldwide
INDUSTRY’S LARGEST COMPLIANCE PORTFOLIO
Government
FIPS 140-2 DISA Level 2FERPAFedRAMP
JAB P-ATO
FISMACJIS21 CFR
Part 11
IRS 1075Section 508
VPAT
United Kingdom
G-Cloud
NIST 800-
171
National
European Union
Model Clauses
Singapore
MTCS Level 3
New Zealand
GCIO
Australian Signals
Directorate
Japan
Financial
Services
Spain ENS
ENISA
IAF
HIPAA /
HITECH
EU-U.S.
Privacy Shield
China MLPS*,
TRUCS*, GB
18030*
https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings
ASSUME BREACH!
!
Apps and Data
SaaS
Analysis & Action
Digital Crimes Unit Hunting Teams Security Response Center Malware Protection Center
Device
Antivirus
Network
Infrastructure
Cyber Defense
Operations Center
CERTs and
other partners
PaaS IaaS
Identity
The Microsoft Cyber Defense Operations Center
• Protect Microsoft’s cloud infrastructure, customer-
facing cloud services, products and devices, and
internal resources 24 x 7 x 365
• Unite personnel, technology, and analytics in a
central hub
• Provide world-class security protection, detection,
and response
• More than 50 Security Experts and Data Scientists
• Connected to >3500 Security Professionals across
Microsoft
• Tight partnerships with Microsoft Research and the
Security Development Lifecycle (SDL) team
Focusing
on Trust
MICROSOFT CONFIDENTIAL
Access to a Transparency Center to work directly with source code for certain
high-volume products
Remote access to online source code for certain high-volume products
Technical data about products and services, including about Microsoft’s cloud
services
Information sharing about threats and vulnerabilities from Microsoft
Microsoft Confidential
A safer digital experience for
every person and organization
on the planet
The Microsoft Digital
Crimes Unit
Public and private partnerships to fight
technology facilitated crimes
.
Combining novel legal strategies, cutting-
edge forensics, cloud and big data
analytics
SECURE MODERN ENTERPRISE
Identity Apps
and Data
Infrastructure Devices
Identity
Embraces identity as primary security perimeter and protects
identity systems, admins, and credentials as top priorities
Apps and Data
Aligns security investments with business priorities including
identifying and securing communications, data, and applications
Infrastructure
Operates on modern platform and uses cloud intelligence to
detect and remediate both vulnerabilities and attacks
Devices
Accesses assets from trusted devices with hardware security
assurances, great user experience, and advanced threat detectionSecure Platform (secure by design)
Secure Platform (secure by design)
SECURE MODERN ENTERPRISE
Identity Apps
and Data
Infrastructure Devices
Phase 2: Secure the Pillars
Phase 1: Build the
Security Foundation
Start the journey by getting in
front of current attacks
• Critical Mitigations – Critical
attack protections
• Attack Detection – Hunt for
hidden persistent adversaries
and implement critical attack
detection
• Roadmap and planning –
Share Microsoft insight on
current attacks and strategies,
build a tailored roadmap to
defend your organization’s
business value and mission
Phase 1: Build Security Foundation – Critical Attack Defenses
Phase 2:
Secure the Pillars
Continue building a secure
modern enterprise by
adopting leading edge
technology and approaches:
• Threat Detection – Integrate
leading edge intelligence and
Managed detection and
response (MDR) capabilities
• Privileged Access – continue
reducing risk to business
critical identities and assets
• Cloud Security Risk – Chart a
secure path into a cloud-
enabled enterprise
• SaaS / Shadow IT Risk –
Discover, protect, and monitor
your critical data in the cloud
• Device & Datacenter
Security – Hardware
protections for Devices,
Credentials, Servers, and
Applications
• App/Dev Security – Secure
your development practices
and digital transformation
components
Enterprise identity, security and cybersecurity
• Dynamic Identity Framework Assessment (DIF)
• Azure Active Directory Implementation Services
• Azure Active Directory B2C Architecture Services
• Microsoft Identity Management Foundation
• Design and Implementation for Active Directory (DIAD)
• Enterprise Federated Identity using AD Federation Services (EFI)
• Public Key Infrastructure using AD Certificate Services (PKI)
• Enterprise Modernization – Active Directory Upgrade
• Active Directory Migration Service (ADMS)
• Offline Assessment for Active Directory Security (OAADS)
• Privileged Access Workstation (PAW)
• Persistent Adversary Detection Services (PADS)
• ATA Implementation Services (ATA-IS)
• Enterprise Threat Detection (ETD)
• Enhanced Secure Administrative Environment (ESAE)
• Securing Lateral Account Movement (POP-SLAM)
• Incident Response and Tactical Recovery (I/R & T/R)
• Microsoft Security Risk Assessment
• Windows 10 Enterprise Security Integration Briefing
• Windows 10 security implementation services
• Information Protection using Azure Rights Management Service
• Shielded Virtual Machines (VM) Proof of Concept (PoC)
• Security Development Lifecycle Maturity Assessment
Enterprise services and cybersecurity offersMicrosoft products and capabilities
• Azure AD Identity Protection
• Advanced Threat Analytics
• Enterprise Mobility + Security
• Advanced Threat Protection
• Azure AD B2C
• Microsoft Identity Manager
• Azure Information Protection
• Windows Information
Protection
• Enterprise Mobility + Security
• Customer Lockbox
• Cloud App Security
• Azure SQL Security
• Windows 10
• Device Guard
• Credential Guard
• Windows Defender
• Windows Defender ATP
• Windows Server 2016
• Azure Security Center
• OMS Security Suite
• Shielded VMs
Contact: cyberservices@microsoft.com
PLAN ENTER TRAVERSE EXECUTE MISSION
4
Threat Actors exfiltrate PII and
other sensitive business data
Threat Actor targets employee(s)
via phishing campaign1
Workstation compromised, threat
actor gathers credentials2a
Threat Actors use stolen credentials to move laterally
3a
Employee B opens infected
email (Mobile or PC).
Attacker disables antivirus
2b Compromised credentials/
device used to access
cloud service / enterprise
environment
3bc
Credentials harvested
when employee logs into
fake website
2c
A. Enter and Navigate
Any employee opens
attack email
 Access to most/all
corporate data
B. Device Compromise
Targeted employee opens attack email
 Access to same data as employee
C. Remote Credential
Harvesting
Targeted employee(s) enter credentials in
website
 Access to same data as employee(s)
Common Attacks
Office 365 Technology
• Advanced Threat Protection
(requires E5)
EMS Technology
• Cloud App Security (CASB)
(requires E5)
Office 365 Technology
• Advanced Security Management
(basic CASB) (requires E5)
Azure Technology
• Multi-Factor Authentication
• Azure Identity Protection
Microsoft Incident Response Teams
can be engaged to investigate any
incident type as well as to assess your
organization for existing compromises
Windows 10 Technology
• SmartScreen URL and App reputation
• Application Guard
EMS Technology
• Azure Information Protection
(requires E5)
Office 365 Technology
• Data Loss Prevention
Windows 10 Technology
• Windows Information Protection
Azure Technology
• Disk, Storage, SQL Encryption
• Key Vault
• …
Any
Windows 10 Technology
• Device Guard
• Credential Guard
• Defender Advanced Threat Protection (requires E5)
Managed Detection and Response (MDR)
• Enterprise Threat Detection
Published Guidance
• Securing Privileged Access Roadmap
Professional Services
• Security Foundation
• Enhanced Security Admin Environment (ESAE)
Technology
• Advanced Threat Analytics (in EMS E3)
• Azure Security Center & Operations Management Suite (OMS)
• …and more
EMS Technology
• Intune conditional access
Managed Detection and Response (MDR)
• Enterprise Threat Detection (PCs only)
Why do you want to protect information?
Reduce leakage of data
shared with others
Partitioning of sensitive data
from unauthorized users
Prevent employees from
leaking secrets
Meet compliance
requirements (GDPR, …)
96%
94%
89%
87%
Protect devices with industry-leading
encryption, anti-malware technologies, and
identity and access solutions
Safeguard customer data in the cloud,
including personal data, with industry-leading
security measures and privacy policies
Secure your IT environment and achieve
compliance with enterprise-grade user and
administrative controls
Protect customer data both in the cloud, and
on-premises, with industry-leading security
capabilities
Safeguard customer data in the cloud,
including personal data, with industry-leading
security measures and privacy policies

More Related Content

What's hot

Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansDavid J Rosenthal
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365AntonioMaio2
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
1 Modern Security - Keynote
1  Modern Security - Keynote1  Modern Security - Keynote
1 Modern Security - KeynoteAndrew Bettany
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Office365 security in depth
Office365 security in depthOffice365 security in depth
Office365 security in depthAlberto Pascual
 
Azure information protection_datasheet_en-us
Azure information protection_datasheet_en-usAzure information protection_datasheet_en-us
Azure information protection_datasheet_en-usKjetil Lund-Paulsen
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information ProtectionMicrosoft Österreich
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and ComplianceDavid J Rosenthal
 
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Kjetil Lund-Paulsen
 
Arbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsArbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsMicrosoft Österreich
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018sang yoo
 
3 Modern Security - Secure identities to reach zero trust with AAD
3   Modern Security - Secure identities to reach zero trust with AAD3   Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your OrganizationRaffa Learning Community
 

What's hot (20)

Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
 
Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
1 Modern Security - Keynote
1  Modern Security - Keynote1  Modern Security - Keynote
1 Modern Security - Keynote
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
 
Office365 security in depth
Office365 security in depthOffice365 security in depth
Office365 security in depth
 
Azure information protection_datasheet_en-us
Azure information protection_datasheet_en-usAzure information protection_datasheet_en-us
Azure information protection_datasheet_en-us
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
 
Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security
 
Arbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat AnalyticsArbel Zinger | Microsoft Advanced Threat Analytics
Arbel Zinger | Microsoft Advanced Threat Analytics
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
 
Azure information protection
Azure information protectionAzure information protection
Azure information protection
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018
 
3 Modern Security - Secure identities to reach zero trust with AAD
3   Modern Security - Secure identities to reach zero trust with AAD3   Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
 

Similar to Secure the modern Enterprise

ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem -  Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem -  Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptx
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptxDefenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptx
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptxMatthew Levy
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
Webinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosWebinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosJenniferMete1
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceDean Iacovelli
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxJustineGarcia32
 
In t trustm365ems_v3
In t trustm365ems_v3In t trustm365ems_v3
In t trustm365ems_v3InTTrust S.A.
 
Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprisessuserd58af7
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
 
Microsoft 365 and Microsoft Cloud App Security
Microsoft 365 and Microsoft Cloud App SecurityMicrosoft 365 and Microsoft Cloud App Security
Microsoft 365 and Microsoft Cloud App SecurityAlbert Hoitingh
 

Similar to Secure the modern Enterprise (20)

ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem -  Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem -  Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
 
go secure cloud.pdf
go secure cloud.pdfgo secure cloud.pdf
go secure cloud.pdf
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptx
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptxDefenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptx
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptx
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 
How You Can Keep Your Organization Secure
How You Can Keep Your Organization Secure How You Can Keep Your Organization Secure
How You Can Keep Your Organization Secure
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365
 
Webinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von BaggenstosWebinar Mastering Microsoft Security von Baggenstos
Webinar Mastering Microsoft Security von Baggenstos
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conference
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
 
In t trustm365ems_v3
In t trustm365ems_v3In t trustm365ems_v3
In t trustm365ems_v3
 
Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprise
 
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment"Evolving Cybersecurity Strategies" - Threat protection and incident managment
"Evolving Cybersecurity Strategies" - Threat protection and incident managment
 
Microsoft 365 and Microsoft Cloud App Security
Microsoft 365 and Microsoft Cloud App SecurityMicrosoft 365 and Microsoft Cloud App Security
Microsoft 365 and Microsoft Cloud App Security
 

More from Microsoft Österreich

Microsoft: #DigitaleHelden Symposium - Graphic Recording
Microsoft: #DigitaleHelden Symposium - Graphic RecordingMicrosoft: #DigitaleHelden Symposium - Graphic Recording
Microsoft: #DigitaleHelden Symposium - Graphic RecordingMicrosoft Österreich
 
Digitale Transformation: Technologie und Mensch - die nächsten 5 Jahre
Digitale Transformation: Technologie und Mensch - die nächsten 5 JahreDigitale Transformation: Technologie und Mensch - die nächsten 5 Jahre
Digitale Transformation: Technologie und Mensch - die nächsten 5 JahreMicrosoft Österreich
 
Digital Transformation "Book of Dreams"
Digital Transformation "Book of Dreams"Digital Transformation "Book of Dreams"
Digital Transformation "Book of Dreams"Microsoft Österreich
 
Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...
Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...
Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...Microsoft Österreich
 
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...Microsoft Österreich
 
Modernes Rechenzentrum - Future Decoded
Modernes Rechenzentrum - Future DecodedModernes Rechenzentrum - Future Decoded
Modernes Rechenzentrum - Future DecodedMicrosoft Österreich
 
Microsoft Trusted Cloud - Security Privacy & Control, Compliance, Transparency
Microsoft Trusted Cloud - Security Privacy & Control, Compliance, TransparencyMicrosoft Trusted Cloud - Security Privacy & Control, Compliance, Transparency
Microsoft Trusted Cloud - Security Privacy & Control, Compliance, TransparencyMicrosoft Österreich
 
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)Microsoft Österreich
 
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - S&T
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem -  S&TEnable Mobility and Improve Cost Efficiency within a Secure Ecosystem -  S&T
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - S&TMicrosoft Österreich
 
IMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOne
IMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOneIMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOne
IMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOneMicrosoft Österreich
 
ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics
ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics
ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics Microsoft Österreich
 
Der Hund an der digitalen Leine - tractive
Der Hund an der digitalen Leine - tractiveDer Hund an der digitalen Leine - tractive
Der Hund an der digitalen Leine - tractiveMicrosoft Österreich
 
Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...
Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...
Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...Microsoft Österreich
 

More from Microsoft Österreich (20)

Shape the Future
Shape the FutureShape the Future
Shape the Future
 
Information Security @ AVL
Information Security @ AVLInformation Security @ AVL
Information Security @ AVL
 
Microsoft: #DigitaleHelden Symposium - Graphic Recording
Microsoft: #DigitaleHelden Symposium - Graphic RecordingMicrosoft: #DigitaleHelden Symposium - Graphic Recording
Microsoft: #DigitaleHelden Symposium - Graphic Recording
 
Digitale Transformation: Technologie und Mensch - die nächsten 5 Jahre
Digitale Transformation: Technologie und Mensch - die nächsten 5 JahreDigitale Transformation: Technologie und Mensch - die nächsten 5 Jahre
Digitale Transformation: Technologie und Mensch - die nächsten 5 Jahre
 
Digital Transformation "Book of Dreams"
Digital Transformation "Book of Dreams"Digital Transformation "Book of Dreams"
Digital Transformation "Book of Dreams"
 
Smart Buildings & IoT
Smart Buildings & IoTSmart Buildings & IoT
Smart Buildings & IoT
 
Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...
Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...
Mit Simplicity und Storytelling zum „Warum“: Motivation und Führung einer neu...
 
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - Futur...
 
Modernes Rechenzentrum - Future Decoded
Modernes Rechenzentrum - Future DecodedModernes Rechenzentrum - Future Decoded
Modernes Rechenzentrum - Future Decoded
 
Microsoft Trusted Cloud - Security Privacy & Control, Compliance, Transparency
Microsoft Trusted Cloud - Security Privacy & Control, Compliance, TransparencyMicrosoft Trusted Cloud - Security Privacy & Control, Compliance, Transparency
Microsoft Trusted Cloud - Security Privacy & Control, Compliance, Transparency
 
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
 
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - S&T
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem -  S&TEnable Mobility and Improve Cost Efficiency within a Secure Ecosystem -  S&T
Enable Mobility and Improve Cost Efficiency within a Secure Ecosystem - S&T
 
IMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOne
IMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOneIMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOne
IMMERSIVE AND HYPER-INTELLIGENT WORLD 2025 - TrendOne
 
ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics
ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics
ÖBB - Bahnstrombedarfsprognose- mit Advanced Analytics
 
New World of Work - Solvion
New World of Work - SolvionNew World of Work - Solvion
New World of Work - Solvion
 
Der Hund an der digitalen Leine - tractive
Der Hund an der digitalen Leine - tractiveDer Hund an der digitalen Leine - tractive
Der Hund an der digitalen Leine - tractive
 
Der neue Office 365 Plan E5
Der neue Office 365 Plan E5Der neue Office 365 Plan E5
Der neue Office 365 Plan E5
 
Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...
Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...
Aufbau einer erfolgreichen Vertriebsabteilung – Neue Erkenntnisse aus der Ver...
 
Microsoft Lizenzierung – Server
Microsoft Lizenzierung – ServerMicrosoft Lizenzierung – Server
Microsoft Lizenzierung – Server
 
ACP Referenz Österreich Werbung
ACP Referenz Österreich WerbungACP Referenz Österreich Werbung
ACP Referenz Österreich Werbung
 

Recently uploaded

Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101vincent683379
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Server-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineServer-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineUXDXConf
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfalexjohnson7307
 
Transforming The New York Times: Empowering Evolution through UX
Transforming The New York Times: Empowering Evolution through UXTransforming The New York Times: Empowering Evolution through UX
Transforming The New York Times: Empowering Evolution through UXUXDXConf
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 

Recently uploaded (20)

Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Server-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineServer-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at Priceline
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdf
 
Transforming The New York Times: Empowering Evolution through UX
Transforming The New York Times: Empowering Evolution through UXTransforming The New York Times: Empowering Evolution through UX
Transforming The New York Times: Empowering Evolution through UX
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 

Secure the modern Enterprise

  • 1.
  • 2. “Security is like oxygen. When you have it, you don't notice it. But when it’s gone, you don’t survive long.” Jessi Hempel Former Senior Writer, WIRED WIRED, “DOD Head Ashton Carter Enlists Silicon Valley to Transform the Military,” November 18, 2015
  • 3. “Cybersecurity is like going to the gym. You can’t get better by watching others, you’ve got to get there every day.” Satya Nadella CEO, Microsoft @satyanadella #FIF2017
  • 4. “People will only use technology they trust.” Brad Smith President & Chief Legal Officer Microsoft Corporation
  • 5.
  • 6.
  • 7. 200 DAYS between infiltration and detection
  • 8. HOW DO BREACHES OCCUR? Malware and vulnerabilities are not the only thing to worry about 99.9% of exploited Vulnerabilities were used more than a year after the CVE was published 46% of compromised systems had no malware on them 50% of those who open and click attachments do so within the first hour 23% of recipients opened phishing messages (11% clicked on attachments) Fast and effective phishing attacks leave you little time to react
  • 9. 74% of the world’s businesses expect to be hacked in the coming year
  • 10.
  • 11.
  • 12. Microsoft is meeting customer security needs with the industry's largest compliance portfolio ISO 27001 PCI DSS Level 1 * SOC 2 Type 2 ISO 27018 Cloud Controls Matrix Content Delivery and Security Association * Shared Assessments SOC 1 Type 2 Worldwide INDUSTRY’S LARGEST COMPLIANCE PORTFOLIO Government FIPS 140-2 DISA Level 2FERPAFedRAMP JAB P-ATO FISMACJIS21 CFR Part 11 IRS 1075Section 508 VPAT United Kingdom G-Cloud NIST 800- 171 National European Union Model Clauses Singapore MTCS Level 3 New Zealand GCIO Australian Signals Directorate Japan Financial Services Spain ENS ENISA IAF HIPAA / HITECH EU-U.S. Privacy Shield China MLPS*, TRUCS*, GB 18030* https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings
  • 14.
  • 15.
  • 16. Apps and Data SaaS Analysis & Action Digital Crimes Unit Hunting Teams Security Response Center Malware Protection Center Device Antivirus Network Infrastructure Cyber Defense Operations Center CERTs and other partners PaaS IaaS Identity
  • 17. The Microsoft Cyber Defense Operations Center • Protect Microsoft’s cloud infrastructure, customer- facing cloud services, products and devices, and internal resources 24 x 7 x 365 • Unite personnel, technology, and analytics in a central hub • Provide world-class security protection, detection, and response • More than 50 Security Experts and Data Scientists • Connected to >3500 Security Professionals across Microsoft • Tight partnerships with Microsoft Research and the Security Development Lifecycle (SDL) team
  • 19. MICROSOFT CONFIDENTIAL Access to a Transparency Center to work directly with source code for certain high-volume products Remote access to online source code for certain high-volume products Technical data about products and services, including about Microsoft’s cloud services Information sharing about threats and vulnerabilities from Microsoft
  • 20. Microsoft Confidential A safer digital experience for every person and organization on the planet The Microsoft Digital Crimes Unit Public and private partnerships to fight technology facilitated crimes . Combining novel legal strategies, cutting- edge forensics, cloud and big data analytics
  • 21. SECURE MODERN ENTERPRISE Identity Apps and Data Infrastructure Devices Identity Embraces identity as primary security perimeter and protects identity systems, admins, and credentials as top priorities Apps and Data Aligns security investments with business priorities including identifying and securing communications, data, and applications Infrastructure Operates on modern platform and uses cloud intelligence to detect and remediate both vulnerabilities and attacks Devices Accesses assets from trusted devices with hardware security assurances, great user experience, and advanced threat detectionSecure Platform (secure by design)
  • 22. Secure Platform (secure by design) SECURE MODERN ENTERPRISE Identity Apps and Data Infrastructure Devices Phase 2: Secure the Pillars Phase 1: Build the Security Foundation Start the journey by getting in front of current attacks • Critical Mitigations – Critical attack protections • Attack Detection – Hunt for hidden persistent adversaries and implement critical attack detection • Roadmap and planning – Share Microsoft insight on current attacks and strategies, build a tailored roadmap to defend your organization’s business value and mission Phase 1: Build Security Foundation – Critical Attack Defenses Phase 2: Secure the Pillars Continue building a secure modern enterprise by adopting leading edge technology and approaches: • Threat Detection – Integrate leading edge intelligence and Managed detection and response (MDR) capabilities • Privileged Access – continue reducing risk to business critical identities and assets • Cloud Security Risk – Chart a secure path into a cloud- enabled enterprise • SaaS / Shadow IT Risk – Discover, protect, and monitor your critical data in the cloud • Device & Datacenter Security – Hardware protections for Devices, Credentials, Servers, and Applications • App/Dev Security – Secure your development practices and digital transformation components
  • 23. Enterprise identity, security and cybersecurity • Dynamic Identity Framework Assessment (DIF) • Azure Active Directory Implementation Services • Azure Active Directory B2C Architecture Services • Microsoft Identity Management Foundation • Design and Implementation for Active Directory (DIAD) • Enterprise Federated Identity using AD Federation Services (EFI) • Public Key Infrastructure using AD Certificate Services (PKI) • Enterprise Modernization – Active Directory Upgrade • Active Directory Migration Service (ADMS) • Offline Assessment for Active Directory Security (OAADS) • Privileged Access Workstation (PAW) • Persistent Adversary Detection Services (PADS) • ATA Implementation Services (ATA-IS) • Enterprise Threat Detection (ETD) • Enhanced Secure Administrative Environment (ESAE) • Securing Lateral Account Movement (POP-SLAM) • Incident Response and Tactical Recovery (I/R & T/R) • Microsoft Security Risk Assessment • Windows 10 Enterprise Security Integration Briefing • Windows 10 security implementation services • Information Protection using Azure Rights Management Service • Shielded Virtual Machines (VM) Proof of Concept (PoC) • Security Development Lifecycle Maturity Assessment Enterprise services and cybersecurity offersMicrosoft products and capabilities • Azure AD Identity Protection • Advanced Threat Analytics • Enterprise Mobility + Security • Advanced Threat Protection • Azure AD B2C • Microsoft Identity Manager • Azure Information Protection • Windows Information Protection • Enterprise Mobility + Security • Customer Lockbox • Cloud App Security • Azure SQL Security • Windows 10 • Device Guard • Credential Guard • Windows Defender • Windows Defender ATP • Windows Server 2016 • Azure Security Center • OMS Security Suite • Shielded VMs Contact: cyberservices@microsoft.com
  • 24. PLAN ENTER TRAVERSE EXECUTE MISSION 4 Threat Actors exfiltrate PII and other sensitive business data Threat Actor targets employee(s) via phishing campaign1 Workstation compromised, threat actor gathers credentials2a Threat Actors use stolen credentials to move laterally 3a Employee B opens infected email (Mobile or PC). Attacker disables antivirus 2b Compromised credentials/ device used to access cloud service / enterprise environment 3bc Credentials harvested when employee logs into fake website 2c A. Enter and Navigate Any employee opens attack email  Access to most/all corporate data B. Device Compromise Targeted employee opens attack email  Access to same data as employee C. Remote Credential Harvesting Targeted employee(s) enter credentials in website  Access to same data as employee(s) Common Attacks Office 365 Technology • Advanced Threat Protection (requires E5) EMS Technology • Cloud App Security (CASB) (requires E5) Office 365 Technology • Advanced Security Management (basic CASB) (requires E5) Azure Technology • Multi-Factor Authentication • Azure Identity Protection Microsoft Incident Response Teams can be engaged to investigate any incident type as well as to assess your organization for existing compromises Windows 10 Technology • SmartScreen URL and App reputation • Application Guard EMS Technology • Azure Information Protection (requires E5) Office 365 Technology • Data Loss Prevention Windows 10 Technology • Windows Information Protection Azure Technology • Disk, Storage, SQL Encryption • Key Vault • … Any Windows 10 Technology • Device Guard • Credential Guard • Defender Advanced Threat Protection (requires E5) Managed Detection and Response (MDR) • Enterprise Threat Detection Published Guidance • Securing Privileged Access Roadmap Professional Services • Security Foundation • Enhanced Security Admin Environment (ESAE) Technology • Advanced Threat Analytics (in EMS E3) • Azure Security Center & Operations Management Suite (OMS) • …and more EMS Technology • Intune conditional access Managed Detection and Response (MDR) • Enterprise Threat Detection (PCs only)
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37. Why do you want to protect information? Reduce leakage of data shared with others Partitioning of sensitive data from unauthorized users Prevent employees from leaking secrets Meet compliance requirements (GDPR, …) 96% 94% 89% 87%
  • 38.
  • 39. Protect devices with industry-leading encryption, anti-malware technologies, and identity and access solutions
  • 40. Safeguard customer data in the cloud, including personal data, with industry-leading security measures and privacy policies
  • 41. Secure your IT environment and achieve compliance with enterprise-grade user and administrative controls
  • 42. Protect customer data both in the cloud, and on-premises, with industry-leading security capabilities
  • 43. Safeguard customer data in the cloud, including personal data, with industry-leading security measures and privacy policies