SlideShare a Scribd company logo

Zero trust deck 2020

Download as PPTX, PDF
G
Guido Marchetti

This Deck, gives you an overview of the zero trust security posture, considerations you should have while looking to adopt that posture, and the advantages of doing so.

Technology
1 of 44
Modern Zero-Trust Security in 30 Days 2020
Context of Zero trust, Why you need it?
Your enterprise in transformation Requires a modern identity and access security perimeter
Threat evolution is accelerating Identity and Apps THREAT AGES Malware and Infrastructure
Trust, but verify
Running Dual Perimeters ATTACKERS USING IDENTITY TACTICS MODERN PERIMETER (Identity Controls) FULLY ZERO TRUST
Integrate where possible
Zero Trust Technical Explanation
Why are we having a Zero Trust conversation? 1. IT Security is Complex • Many Devices, Users, & Connections 2. “Trusted network” security strategy • Initial attacks were network based • Seemingly simple and economical • Accepted lower security within network 3. Assets increasingly leave network • BYOD, WFH, Mobile, and SaaS 4. Attackers shift to identity attacks • Phishing and credential theft • Security teams often overwhelmed Access Control: Keep away from
Network Perimeter Office 365 Modernizing the security perimeter Resources Identity Perimeter
Zero Trust Principles Always authenticate and authorize based on all available data points, including user identity, location, device health, data classification, and anomalies. Verify Explicitly Minimize user access with Just-In-Time and Just-Enough Access (JIT/JEA), risk-based adaptive polices, and data protection which protects data and productivity. Least Privilege Minimize scope of breach damage and prevent lateral movement by segmenting access via network, user, devices and application awareness. Verify all sessions are encrypted end to end. Use analytics to get visibility and drive threat detection Assume Breach
Zero Trust Access Control Strategy Never Trust. Always verify. Allow full access Block access Allow limited Access Signal to make an informed decision Device Risk • Device Management • Threat Detection • and more… User Risk • Multi-factor Authentication • Behavior Analytics • and more… based on organization’s policy Apply to inbound requests Re-evaluate during session Decision of policy across resources Modern Applications SaaS Applications Legacy Applications And more… Enforcement Remediate Risk Increase Assurance
Zero Trust Model Modern Approach to Access Integrated Threat Intelligence Organization Policy
Corporate Network Geo-location Cloud SaaS apps On-premises & web apps Microsoft Cloud App SecurityMacOS Android iOS Windows Windows Defender ATP Client apps Browser apps Google ID MSA Azure AD ADFS Require MFA Allow/block access Block legacy authentication Force password reset****** Limited access ControlsConditions Machine learning Policies Real time Evaluation Engine Session Risk 3 40TB Effective policy Microsoft Cloud Azure AD conditional access (Zero Trust) Employee & Partner Users and Roles Trusted & Compliant Devices Physical & Virtual Location Client apps & Auth Method Conditions
Visibility and Control at the Perimeter User Role Group Device Config Location Last Sign-in Conditional access risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
Conditional Access Example User Role: Sales Account Representative Group: London Users Device: Windows Config: Corp Proxy Location: London, UK Last Sign-in: 5 hrs ago Office resource Conditional access risk Health: Device compromised Client: Browser Config: Anonymous Last seen: Asia High Medium Low Anonymous IP Unfamiliar sign-in location for this user Malicious activity detected on device Device Sensitivity: Medium Block access Force threat remediation Your Pa$$word doesn't matter
SharePoint Online & Office 365 apps Identity and Access Management Use Cases Assign B2B users access to any app or service your organization owns Add B2B users with accounts in other Azure AD organizations 3 I need my customers and partners to access the apps they need from everywhere and collaborate seamlessly Other organizations Add B2B users with MSA, Google, or other Identity Provider accounts Other Identity Providers* Google ID* Microsoft Account On- premises
Why you Should Do this. Reduce your Risk and take control.
Increasing attack cost User credential theft Increasing attack cost User credential theft Link Link Link Link Link Link Link
Increasing attack cost Abuse credentials to access cloud assets Link Link Link Link Link Link
Increasing attack cost Abuse credentials to access on-premises assets Link Link Link
 Impossible to forget  Ease of use  Fingerprint and facial recognition  Hardware assurances (VBS) BIOMETRICS = SECURITY AND PRODUCTIVITY
• Segregated approach • Insufficient War Chest • No Stakeholder backing to drive change • Not utilising what you already have Common Pitfalls
Journey to Zero-trust – First 30 days.
Deploy Configure an industry standard Identity & access management solution Protect Data throughout it’s full lifecycle with Information protection Use Security & Compliance intelligence to learn about YOUR environment and allow informed security decisions Enable Threat protection capabilities and monitoring solution Ensure device level Zero trust with industry standard configured Unified Endpoint Management First steps to Zero trust Model
Azure AD Identity & Access Management Secure Admin privileged identity  Configure recommended Industry practice for global admin strategy  Enable PIM & enable specific admin roles to IT user accounts  Configure Privileged Role Administrator  Enable and configure Azure Identity Protection  Configure Alerts on admin account resets Additional security features  Configure Company branding  Configure Dynamic Group Membership & automated licence provisioning  Configure Self-service user groups with naming standard and expiration Secure User identity  Restrict 3rd party app registration capabilities  Enable & harden Self-service password reset (SSPR)  Expand authentication methods  Configure Single sign-on to cloud applications
Device Management W10/macOS  Automatic Enrolment on new W10 devices  Automated BitLocker Encryption on new W10 devices  W10 Device Configuration / Application Deployment based on identity  NCSC Device Configuration policies (User / System hardening and Endpoint Protection)  Automated W10 Device refresh / Fresh Start  MacOS Compliance and Configuration policies iOS/Android  Apple Business Manager / Managed Google Play portals integration with Intune  Apple Business Manager / DEP enrolment integration with Intune / Device Supplier  Apple VPP / Managed Google Play application management, approval and deployment  Android Enterprise Work Profile and Corporate Owned Fully Managed enrolments  Locked enrolment / Factory Reset Prevention Platform  Define and configure enrolment process for all Operating Systems for both new and "in use" devices  Application Management and Deployment  Device Compliance policies per OS  Device Configuration policies per OS  Application Protection  Lost / Stolen device Data Loss Protection  Conditional Access
Data & Threat Protection Securing Exchange Online ü Validate SPF Sender Policy Framework, which enables the receiving mail server to verify the Mail From address of the email is genuine. ü Enable DomainKeys Identified Mail (DKIM) to prevent spoofers from sending messages that look like they are coming from your domain. ü Configure Domain-based Message Authentication (DMARC) to tell other mail servers what to do with messages which fail SPF and DKIM checks. ü Increased Encryption keys from 1024 to 2048 length for additional security Configure data loss and advanced threat protection polices​  Apply ATP policy configurations as per recommended security settings  Configure DLP, Retention and sensitivity labels  ​Workshops to determine information protection and compliance strategies External Sharing capability enablement  Enable external sharing to allow internal users securely share content with people outside the organization  Controlled via "allowed external domains”, user groups, , limitations on guest permissions & secure specific invite links
Enterprise Mobility + Security Azure Information Protection Protect your data, everywhere Microsoft Cloud App Security Azure Active Directory Detect threats early with visibility and threat analytics Advanced Threat Analytics Extend enterprise-grade security to your cloud and SaaS apps Intune Protect your users, devices, and apps Manage identity with hybrid integration to protect application access from identity attacks Privileged Identity Management Identity Protection ENFORCE MFA ALLOW BLOCK Conditional Access Windows 10 Azure AD Join, Health Attestation, Windows Hello, BitLocker
Key Challenges and Strategic Opportunities Identity-based attacks are up 300% this year Information is your most attractive target Attackers constantly evolving techniques Most enterprises report using more than 60 security solutions
Zero Trust Top Tips
Identity is the best starting point for Zero Trust. • 1. Realign around identity • Identity is the best starting point for Zero Trust. • Users can have multiple devices and access enterprise resources from a variety of networks and app 1. Realign around identity
2. Device level Zero trust -Implement conditional access controls • Hackers routinely compromise identity credentials and use them to access systems and move laterally in the network. • Trust cannot, therefore, be inferred solely from whether a particular user or their device is inside or outside the corporate network.
3. Strengthen your credentials • Making multi-factor authentication a part of conditional access restrictions can help enable better user verification and limit the ability of hackers to misuse stolen credentials.
4. Plan for a dual-perimeter strategy • Maintain existing network-based protections while adding new identity-based controls to your environment.
5. Integrate intelligence and behavior analytics • Your ability to make good access control decisions depends on the quality, quantity and diversity of signals you integrate into those decisions
6. Reduce your attack surface • Implementing privileged identity management will minimise the likelihood of a compromised account being used in an administrator or other privileged role. • It’s also a good idea to block apps using legacy authentication protocol
7. Increase security awareness • Use a Security Information and Event Management (SIEM) system to aggregate and correlate the data to better detect suspicious activities and patterns that indicate potential network intrusions and events, such as leaked credentials, bad IP addresses and access from infected devices.
8. Enable end-user self-help • Empower users to carry out certain security tasks, such as self-service password resets & implementing self-service group management allows owners to create and manage groups without needing an administrator to do the job.
• Achieving Zero trust is takes time. It requires • support from key stakeholders with clear communication throughout the organization, throughout the project life cycle. 9. Don’t overpromise
10. Show value along the way • One of the most effective ways to build long- term support for a Zero Trust initiative is to demonstrate incremental value with each investment.
What we Do
Identity & Access Management Threat Protection Data & Information Protection Security & Management Azure Active Directory Multi-Factor Authentication Role Based Access Control (PIM) Microsoft Defender Advanced Threat Protection Office 365 Advanced Threat Protection Azure Information Protection Intune Microsoft Security and Compliance Center + CWSI Solutions Self Service Password Reset Credential Guard/Windows Hello Azure Advanced Threat Protection Microsoft Cloud App Security Office 365 Data Loss Prevention Microsoft Information Protection BitLocker/File Vault Microsoft Cloud App Security Mobile Threat Defense Secure Score Device Management Windows 10 Autopilot BitLocker/File Vault Compliance Score Managed Service Consulting Zero Trust Solutions
Contact: Gmarchetti@cwsi.ie

Recommended

Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 

Recommended

Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
EyesOpen Association
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
aungyekhant1
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
Precisely
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
Ivanti
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
AlgoSec
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc
 
OneIdentity - A Future-Ready Approach to IAM
OneIdentity - A Future-Ready Approach to IAMOneIdentity - A Future-Ready Approach to IAM
OneIdentity - A Future-Ready Approach to IAM
Adrian Dumitrescu
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
Centrify Corporation
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
Hitachi ID Systems, Inc.
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
Ahmed Banafa
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Jürgen Ambrosi
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
Olav Tvedt
 

More Related Content

What's hot

Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
EyesOpen Association
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
aungyekhant1
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
Precisely
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
Veritis Group, Inc
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
Ivanti
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
AlgoSec
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc
 
OneIdentity - A Future-Ready Approach to IAM
OneIdentity - A Future-Ready Approach to IAMOneIdentity - A Future-Ready Approach to IAM
OneIdentity - A Future-Ready Approach to IAM
Adrian Dumitrescu
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
Centrify Corporation
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
Hitachi ID Systems, Inc.
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
Ahmed Banafa
 

What's hot (20)

Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices Identity and Access Management (IAM): Benefits and Best Practices 
Identity and Access Management (IAM): Benefits and Best Practices 
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
 
OneIdentity - A Future-Ready Approach to IAM
OneIdentity - A Future-Ready Approach to IAMOneIdentity - A Future-Ready Approach to IAM
OneIdentity - A Future-Ready Approach to IAM
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
 

Similar to Zero trust deck 2020

Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Jürgen Ambrosi
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
Olav Tvedt
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Adam Levithan
 
MMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itMMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure it
Peter Daalmans
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
SPS Paris
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityGet Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
David J Rosenthal
 
20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure ad20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure ad
Arjan Cornelissen
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
Richard Diver
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365
Ravikumar Sathyamurthy
 
Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa
Plain Concepts
 
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Kjetil Lund-Paulsen
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMS
David J Rosenthal
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 security
PowerSaturdayParis
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
Katherine Cola
 
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - Atidan
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - AtidanMicrosoft Enterprise Mobility and Security Launch - August 5-2015 - Atidan
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - AtidanDavid J Rosenthal
 
Primendi Pilveseminar - Enterprise Mobility suite
Primendi Pilveseminar - Enterprise Mobility suitePrimendi Pilveseminar - Enterprise Mobility suite
Primendi Pilveseminar - Enterprise Mobility suite
Primend
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
Teemu Tiainen
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)
Radhakrishnan Govindan
 
In t trustm365ems_v3
In t trustm365ems_v3In t trustm365ems_v3
In t trustm365ems_v3
InTTrust S.A.
 
#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck
Olav Tvedt
 

Similar to Zero trust deck 2020 (20)

Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
 
MMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itMMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure it
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityGet Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
 
20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure ad20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure ad
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365
 
Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa
 
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMS
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 security
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - Atidan
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - AtidanMicrosoft Enterprise Mobility and Security Launch - August 5-2015 - Atidan
Microsoft Enterprise Mobility and Security Launch - August 5-2015 - Atidan
 
Primendi Pilveseminar - Enterprise Mobility suite
Primendi Pilveseminar - Enterprise Mobility suitePrimendi Pilveseminar - Enterprise Mobility suite
Primendi Pilveseminar - Enterprise Mobility suite
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)
 
In t trustm365ems_v3
In t trustm365ems_v3In t trustm365ems_v3
In t trustm365ems_v3
 
#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck
 

Recently uploaded

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 

Recently uploaded (20)

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 

Zero trust deck 2020

  • 1. Modern Zero-Trust Security in 30 Days 2020
  • 2. Context of Zero trust, Why you need it?
  • 3. Your enterprise in transformation Requires a modern identity and access security perimeter
  • 4. Threat evolution is accelerating Identity and Apps THREAT AGES Malware and Infrastructure
  • 6. Running Dual Perimeters ATTACKERS USING IDENTITY TACTICS MODERN PERIMETER (Identity Controls) FULLY ZERO TRUST
  • 8. Zero Trust Technical Explanation
  • 9. Why are we having a Zero Trust conversation? 1. IT Security is Complex • Many Devices, Users, & Connections 2. “Trusted network” security strategy • Initial attacks were network based • Seemingly simple and economical • Accepted lower security within network 3. Assets increasingly leave network • BYOD, WFH, Mobile, and SaaS 4. Attackers shift to identity attacks • Phishing and credential theft • Security teams often overwhelmed Access Control: Keep away from
  • 10. Network Perimeter Office 365 Modernizing the security perimeter Resources Identity Perimeter
  • 11. Zero Trust Principles Always authenticate and authorize based on all available data points, including user identity, location, device health, data classification, and anomalies. Verify Explicitly Minimize user access with Just-In-Time and Just-Enough Access (JIT/JEA), risk-based adaptive polices, and data protection which protects data and productivity. Least Privilege Minimize scope of breach damage and prevent lateral movement by segmenting access via network, user, devices and application awareness. Verify all sessions are encrypted end to end. Use analytics to get visibility and drive threat detection Assume Breach
  • 12. Zero Trust Access Control Strategy Never Trust. Always verify. Allow full access Block access Allow limited Access Signal to make an informed decision Device Risk • Device Management • Threat Detection • and more… User Risk • Multi-factor Authentication • Behavior Analytics • and more… based on organization’s policy Apply to inbound requests Re-evaluate during session Decision of policy across resources Modern Applications SaaS Applications Legacy Applications And more… Enforcement Remediate Risk Increase Assurance
  • 13. Zero Trust Model Modern Approach to Access Integrated Threat Intelligence Organization Policy
  • 14. Corporate Network Geo-location Cloud SaaS apps On-premises & web apps Microsoft Cloud App SecurityMacOS Android iOS Windows Windows Defender ATP Client apps Browser apps Google ID MSA Azure AD ADFS Require MFA Allow/block access Block legacy authentication Force password reset****** Limited access ControlsConditions Machine learning Policies Real time Evaluation Engine Session Risk 3 40TB Effective policy Microsoft Cloud Azure AD conditional access (Zero Trust) Employee & Partner Users and Roles Trusted & Compliant Devices Physical & Virtual Location Client apps & Auth Method Conditions
  • 15. Visibility and Control at the Perimeter User Role Group Device Config Location Last Sign-in Conditional access risk Health/Integrity Client Config Last seen High Medium Low Firewall Intrusion Detection/Prevention Forward/Reverse Proxy Source: IP Address/Port Destination: IP Address/Port Signatures Analytics Allow List Authentication Intranet Resources Actions: • Allow • Allow Restricted • Require MFA • Block • Force Remediation Actions: • Allow • Block Device
  • 16. Conditional Access Example User Role: Sales Account Representative Group: London Users Device: Windows Config: Corp Proxy Location: London, UK Last Sign-in: 5 hrs ago Office resource Conditional access risk Health: Device compromised Client: Browser Config: Anonymous Last seen: Asia High Medium Low Anonymous IP Unfamiliar sign-in location for this user Malicious activity detected on device Device Sensitivity: Medium Block access Force threat remediation Your Pa$$word doesn't matter
  • 17. SharePoint Online & Office 365 apps Identity and Access Management Use Cases Assign B2B users access to any app or service your organization owns Add B2B users with accounts in other Azure AD organizations 3 I need my customers and partners to access the apps they need from everywhere and collaborate seamlessly Other organizations Add B2B users with MSA, Google, or other Identity Provider accounts Other Identity Providers* Google ID* Microsoft Account On- premises
  • 18. Why you Should Do this. Reduce your Risk and take control.
  • 19. Increasing attack cost User credential theft Increasing attack cost User credential theft Link Link Link Link Link Link Link
  • 20. Increasing attack cost Abuse credentials to access cloud assets Link Link Link Link Link Link
  • 21. Increasing attack cost Abuse credentials to access on-premises assets Link Link Link
  • 22.  Impossible to forget  Ease of use  Fingerprint and facial recognition  Hardware assurances (VBS) BIOMETRICS = SECURITY AND PRODUCTIVITY
  • 23. • Segregated approach • Insufficient War Chest • No Stakeholder backing to drive change • Not utilising what you already have Common Pitfalls
  • 24. Journey to Zero-trust – First 30 days.
  • 25. Deploy Configure an industry standard Identity & access management solution Protect Data throughout it’s full lifecycle with Information protection Use Security & Compliance intelligence to learn about YOUR environment and allow informed security decisions Enable Threat protection capabilities and monitoring solution Ensure device level Zero trust with industry standard configured Unified Endpoint Management First steps to Zero trust Model
  • 26. Azure AD Identity & Access Management Secure Admin privileged identity  Configure recommended Industry practice for global admin strategy  Enable PIM & enable specific admin roles to IT user accounts  Configure Privileged Role Administrator  Enable and configure Azure Identity Protection  Configure Alerts on admin account resets Additional security features  Configure Company branding  Configure Dynamic Group Membership & automated licence provisioning  Configure Self-service user groups with naming standard and expiration Secure User identity  Restrict 3rd party app registration capabilities  Enable & harden Self-service password reset (SSPR)  Expand authentication methods  Configure Single sign-on to cloud applications
  • 27. Device Management W10/macOS  Automatic Enrolment on new W10 devices  Automated BitLocker Encryption on new W10 devices  W10 Device Configuration / Application Deployment based on identity  NCSC Device Configuration policies (User / System hardening and Endpoint Protection)  Automated W10 Device refresh / Fresh Start  MacOS Compliance and Configuration policies iOS/Android  Apple Business Manager / Managed Google Play portals integration with Intune  Apple Business Manager / DEP enrolment integration with Intune / Device Supplier  Apple VPP / Managed Google Play application management, approval and deployment  Android Enterprise Work Profile and Corporate Owned Fully Managed enrolments  Locked enrolment / Factory Reset Prevention Platform  Define and configure enrolment process for all Operating Systems for both new and "in use" devices  Application Management and Deployment  Device Compliance policies per OS  Device Configuration policies per OS  Application Protection  Lost / Stolen device Data Loss Protection  Conditional Access
  • 28. Data & Threat Protection Securing Exchange Online ü Validate SPF Sender Policy Framework, which enables the receiving mail server to verify the Mail From address of the email is genuine. ü Enable DomainKeys Identified Mail (DKIM) to prevent spoofers from sending messages that look like they are coming from your domain. ü Configure Domain-based Message Authentication (DMARC) to tell other mail servers what to do with messages which fail SPF and DKIM checks. ü Increased Encryption keys from 1024 to 2048 length for additional security Configure data loss and advanced threat protection polices​  Apply ATP policy configurations as per recommended security settings  Configure DLP, Retention and sensitivity labels  ​Workshops to determine information protection and compliance strategies External Sharing capability enablement  Enable external sharing to allow internal users securely share content with people outside the organization  Controlled via "allowed external domains”, user groups, , limitations on guest permissions & secure specific invite links
  • 29. Enterprise Mobility + Security Azure Information Protection Protect your data, everywhere Microsoft Cloud App Security Azure Active Directory Detect threats early with visibility and threat analytics Advanced Threat Analytics Extend enterprise-grade security to your cloud and SaaS apps Intune Protect your users, devices, and apps Manage identity with hybrid integration to protect application access from identity attacks Privileged Identity Management Identity Protection ENFORCE MFA ALLOW BLOCK Conditional Access Windows 10 Azure AD Join, Health Attestation, Windows Hello, BitLocker
  • 30. Key Challenges and Strategic Opportunities Identity-based attacks are up 300% this year Information is your most attractive target Attackers constantly evolving techniques Most enterprises report using more than 60 security solutions
  • 32. Identity is the best starting point for Zero Trust. • 1. Realign around identity • Identity is the best starting point for Zero Trust. • Users can have multiple devices and access enterprise resources from a variety of networks and app 1. Realign around identity
  • 33. 2. Device level Zero trust -Implement conditional access controls • Hackers routinely compromise identity credentials and use them to access systems and move laterally in the network. • Trust cannot, therefore, be inferred solely from whether a particular user or their device is inside or outside the corporate network.
  • 34. 3. Strengthen your credentials • Making multi-factor authentication a part of conditional access restrictions can help enable better user verification and limit the ability of hackers to misuse stolen credentials.
  • 35. 4. Plan for a dual-perimeter strategy • Maintain existing network-based protections while adding new identity-based controls to your environment.
  • 36. 5. Integrate intelligence and behavior analytics • Your ability to make good access control decisions depends on the quality, quantity and diversity of signals you integrate into those decisions
  • 37. 6. Reduce your attack surface • Implementing privileged identity management will minimise the likelihood of a compromised account being used in an administrator or other privileged role. • It’s also a good idea to block apps using legacy authentication protocol
  • 38. 7. Increase security awareness • Use a Security Information and Event Management (SIEM) system to aggregate and correlate the data to better detect suspicious activities and patterns that indicate potential network intrusions and events, such as leaked credentials, bad IP addresses and access from infected devices.
  • 39. 8. Enable end-user self-help • Empower users to carry out certain security tasks, such as self-service password resets & implementing self-service group management allows owners to create and manage groups without needing an administrator to do the job.
  • 40. • Achieving Zero trust is takes time. It requires • support from key stakeholders with clear communication throughout the organization, throughout the project life cycle. 9. Don’t overpromise
  • 41. 10. Show value along the way • One of the most effective ways to build long- term support for a Zero Trust initiative is to demonstrate incremental value with each investment.
  • 43. Identity & Access Management Threat Protection Data & Information Protection Security & Management Azure Active Directory Multi-Factor Authentication Role Based Access Control (PIM) Microsoft Defender Advanced Threat Protection Office 365 Advanced Threat Protection Azure Information Protection Intune Microsoft Security and Compliance Center + CWSI Solutions Self Service Password Reset Credential Guard/Windows Hello Azure Advanced Threat Protection Microsoft Cloud App Security Office 365 Data Loss Prevention Microsoft Information Protection BitLocker/File Vault Microsoft Cloud App Security Mobile Threat Defense Secure Score Device Management Windows 10 Autopilot BitLocker/File Vault Compliance Score Managed Service Consulting Zero Trust Solutions

Editor's Notes

  1. Key Takeaway: Many businesses are transforming rapidly to compete with digital native startups, this change is driving the need for security transformation. These are the IT transformation components to support the business’s digital transformation that will provide both challenges and opportunities for information security. While the challenges are significant, there is also a massive opportunity to solve longstanding security problems with this next generation of computing. This represents a classic enterprise security strategy with a network perimeter and a mobile device management component bolted on. CLICK 1 To be competitive in the marketplace, businesses are seeking to transform using new powerful technologies. The availability of cloud, mobile, and Internet of Things (IoT) technologies is fueling major disruptions in once-settled markets as Digital native startups leverage this new technology to disrupt longstanding business models Existing organizations are driving digital transformation to adopt the way they engage customers, empower employees, optimize operations, and offer products to customers CLICK 2 This instantiates in a couple of different ways that each provide unique challenges for security Software as a Service (SaaS) adoption to increase collaboration and agility – SaaS provides rapid value without many of the challenges of traditional software deployment and maintenance. While security doesn’t have to update this software, they do need to be aware of their use, assess their trustworthiness, and manage the available security controls CLICK 3 Demand for a 1st class mobile experience – Business users increasingly have a choice of what devices and apps they can use to get their job done, requiring security to better meet their demands for a great user experience on a secure mobile devices. Business users need full functionality applications for creating value on corporate data beyond the limited functionality email/productivity applications that come with most Mobile Device Management (MDM) providers. CLICK 4 Internet of things (IoT) is proliferating, and the manageability and visibility of these devices vary greatly from PC and mobile devices such as Higher volume and limited functionality Limited resources to run traditional agents Frequently collect new forms of telemetry with new privacy and security implications Cloud required to support analytics and IoT management – Even if IT isn’t adopting cloud platforms and infrastructure for its own value propositions, many of the new IoT architectures require cloud services to collect and report on IoT scenarios, requiring Information Security to evaluate the trust and integrate the controls for these platforms.  CLICK 5 This leads to a modern enterprise whose resources and risk are no longer defined by IP subnet addresses. These changes bring new security challenges, but they also bring new opportunities for security to leverage the same massive storage and computing analytics capabilities to solve these new challenges as well as longstanding classic security challenges. Note: We have chosen to represent this as a “new perimeter” rather than “perimeter-less” because the core concepts of a security perimeter still apply well to identity control (separation of threats from resources using a consistent set of controls) We will talk in more depth about how we see this identity-based security perimeter later in the identity and access management module. Additional Commentary Security organizations will need to manage different aspects of this shift including the people (culture) and processes (Training) and technology to be successful Manufacturers of IoT devices will also face new challenges like ensuring and proving the security and safety assurances of their products
  2. Key Takeaway: Attacker techniques have been evolving rapidly recently We have also noted an increased maturity in attacker business models where new criminal entrants are able quickly become effective using attack kits and affiliate models (where the new criminals pay the kit authors a percentage of the profits rather than buying it outright) Mass Distribution Malware - Mass distribution malware has been with us for several decades Tailored/Targeted Malware - This evolved into malware targeted at individual organization, which has matured into a mainstream attack method ‘File-Less’ Malware - The past few years saw increased investment into evasion of file-based detection using PowerShell to load attack code directly into memory and other similar methods Malware-Less Attacks - Recently, we have seen the rise of attack campaigns that involve no malware. These frequently target online software as a service (such as Office 365) and involve methods like social engineering, credential theft, and native platform capabilities like document download, forged emails, delegation/forwarding rules, and PowerShell scripts.
  3. Key Takeaway: We are in a transition period where we will be managing two styles of security perimeters to protect both legacy workloads and modern scenarios The forces that are driving the adoption of the identity perimeter are The prevalence of attackers using identity tactics (which bypass classic network perimeters) The need to protect assets where network controls are not available such as cloud services/applications, mobile devices, and Internet of Things (IoT) devices CLICK 1 An organization will reach a full “zero trust” state once they have migrated all legacy workloads to modern platforms where authorization decisions are based on integrated signals from identity (authentication), devices (configuration, integrity, etc.), the application (data/system sensitivity, and others. This will take some time to achieve for most enterprises.
  4. Key Takeaway: Integrate for one identity. SSO.
  5. Key Takeaway – Zero trust represents a generational shift in security strategy that reflects major changes in assets being protected and evolution of attack techniques. See video at this site for more information/context - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/ciso-workshop-module-3#part-1-identity-and-zero-trust-history-933
  6. Key Takeaway: Defender need to transition to using an identity security perimeter as our primary defense strategy CLICK 1 The first thing to note is that the network security perimeters we built still work against the attacks they were designed to repel. This is quickly confirmed by anyone exposes an unpatched operating system or application to the direct internet without a firewall. CLICK 2 Unfortunately attackers have also developed a new generation of techniques that include phishing and credential theft. These techniques allow attackers to reliably penetrate the network security perimeter and navigate around behind it. CLICK 3 Additionally, newer technologies to increase productivity are causing data to move outside the corporate network onto managed and unmanaged devices, cloud services (both sanctioned/managed and unauthorized/Shadow IT applications). The trustworthiness of these devices and services are not defined by which IP subnet they are hosted on, so we need to manage the identities of these users, devices, services, and data. CLICK 4 Both of these trends diminish the effectiveness of the network as the sole security perimeter. We now need to establish an identity based perimeter so we can draw a line (of consistent security controls) between our assets and the threats to them.
  7. Key Takeaway – These are the principles for zero trust See video at this site for more information/context - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/ciso-workshop-module-3#part-2-zero-trust-definition-and-models-1537
  8. Key Takeaway – These are the key basic components of a Zero Trust Strategy See video at this site for more information/context - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/ciso-workshop-module-3#part-2-zero-trust-definition-and-models-1537
  9. Key Takeaway – This is an overview of the Zero Trust model See video at this site for more information/context – https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/ciso-workshop-module-3#part-5-zero-trust-user-access-reference-architecture-842
  10. Expanded view of all the conditions that are taken into account for access and the controls that you have based on the risk. Our 40 TB of data from all the conditions, integrated EMS/M365 apps, and our security intelligence network are analyzed in real-time to determine the right policy. Example: If an ADFS user signs in on a Windows machine with Windows Defender ATP we can take into account the health of the account and the device, as well as their location and if they are on the corporate network and what type of app they are trying to access. If they are on the corporate network in their normal office then the data produces a low risk score. The effective policy is to all access to the app. If, however, the person was logging in from a location across the world (in a short amount of time – impossible travel) and/or the Windows Defender ATP finds that the machine has been infected, the access can be blocked. If the user login and device are healthy, but it was a location they haven’t signed in from before (on a trip or other computer) then the user could be prompted with MFA or have limited access to certain applications.
  11. Key Takeaway: This is a comparison of the visibility and control you get with classic network perimeters vs a modern identity perimeter (based on Azure Active Directory Conditional Access) A network perimeter is composed of several functions (often combined into the same appliance) that uses data available from the network traffic to make a decision on whether to allow or block a connection. While this provides security visibility and control against some attacks, it has several significant limitations including: Scope is limited to resources hosted on a controlled network such as an intranet/extranet Visibility is limited to what is available on the network, which is often encrypted and frequently lacks important context on application function, user identity, data sensitivity, and other factors. Control is limited to allow and block, which doesn’t allow for managing the user experience and providing self service corrections, exception management, etc. CLICK 1 In contrast, an identity perimeter is aware of the user, device, and a number of attributes about each of them including the user's role, whether they logged on with MFA, when and where the device was last seen, the security health of the device, and more. The conditional access engine uses this information to calculate the relative risk of the operation as high, medium or low. The actions available include allow and block as well as Allow Restricted – Users may be allowed to authenticate, but only granted limited access (e.g. a user would be granted only online access to document in SharePoint online vs. being allowed to download) Require MFA - For authentication attempts with a medium risk (such as authentications from an unexpected time/geography), conditional access can require additional proof of identity before granting access (where this wouldn’t happen within their normal time/geography) Force Remediation – For high risk scenarios such as a known compromised password or computer, conditional access can force the issue to be remediated (e.g. force the user to change a password that has been leaked, requiring defender to remediate the device Network based perimeters provided needed controls for legacy workloads and PaaS components where the workload is under the control of the IT department (e.g. web applications), but protecting data and protecting newer asset types like Software as a Service (SaaS) requires and identity perimeter to provide the needed visibility and control.
  12. Key Takeaway: This is an example of conditional access enforcing policy on an authentication attempt In this example, a user is logging in with a device and attempting to access an internal file in Office 365 with a medium sensitivity CLICK 1 The user provides valid credentials and the user/device information checks out (so far), so the conditional risk level would be low. CLICK 2 As other factors are considered in the authentication decision, conditional access finds risk factors that would set risk to Medium An anonymous IP as the connection is coming in over the Tor network The device was last seen in an unfamiliar sign in location High Defender ATP has indicated that this device has been compromised Because of this, the conditional access engine blocks the authentication attempt and forces threat remediation (through Defender ATP) Reference https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa-word-doesn-t-matter/ba-p/731984
  13. Key Takeaway: An organization can reduce their risk by adopting technology like Azure B2B By moving partner accounts from enterprise directories to a B2B solution, you are effectively lowering their access to your environment to the least privilege required.
  14. Key Takeaway: Microsoft has invested into raising cost of attacks for attackers attempting to steal your credentials Zero Touch - The cheapest and easiest way for an attacker to get your users’ credentials it to download stolen credentials from a public password compromise, frequently called a “breach replay” attack CLICK 1 BLUE/DEFENSE Microsoft monitors sites where attackers post these credentials and reports on these leaked credentials in Azure Active Directory so you can have these users reset the password they shared between sites. (Note that the password hashes have to be synched to Azure AD for this feature to work) RED/ATTACK Low Touch - This drives attackers into more expensive attacksl the next cheapest is a low touch attack using a phishing email that either a. Directs the user to enter their credentials into a fake logon website b. Uses a script or malware to steal credentials from the local machine (non-persistent) CLICK 2 BLUE/DEFENSE a. Office 365 ATP protects against malicious links in phishing email and Windows Defender Smartscreen is integrated into Microsoft browsers to protect against malicious websites b. Windows 10 includes TPM hardware protections to prevent theft of both legacy enterprise credentials (Kerberos and NTLM protected by Credential Guard) as well as modern biometric credentials (Windows Hello) RED/ATTACK High Touch - This drives attackers to a high touch operation that requires them to compromise a trusted device in order to steal your credentials. Attackers can either Research and target the right person with spearphishing to install malware on their computer Enter the environment through phishing any user and then perform lateral traversal to install malware on the targeted user’s computer and steal the credential CLICK 3 BLUE/DEFENSE By using advanced host mitigation and detections built into Windows 10 that, you increase the chances the attack will fail or be detected/cleaned, forcing the attacker to start the operation over again, all of which further adds to the attacker cost.
  15. Key Takeaway: Microsoft has invested into raising cost of attacks for attackers attempting to abuse stolen credentials to access your cloud assets This sequence assumes the adversary already has possession of a a valid credential in your Azure Active Directory The cheapest and easiest way to use it to access cloud assets is to simply log on with the credential CLICK 1 BLUE/DEFENSE Microsoft (and several partners) offer multi-factor authentication that sends single use codes to a mobile phone to validate possession of the phone RED/ATTACK Low Touch - This drives attackers into more expensive attacks that requires them to compromise the user’s mobile device or set up a fake website for the user (note that this will not work for a user that is running a trusted application for the MFA authentication such as the Azure MFA application) CLICK 2 BLUE/DEFENSE Azure AD Identity protections includes the ability to detect risky sign ins that reflect many risk factors. (Note that on-premises AD accounts need to have passwords synchronized to Azure AD in order to take advantage of this capability) Azure AD Conditional access allows you to set policy based on the authentication risk level and the security health of the device being used for authentication, raising the amount of work (and cost) to mimic the valid user behavior so they can evade these defenses. RED/ATTACK High Touch - This drives attackers to a high touch operation that requires them to compromise a trusted device in order to steal your credentials. The attacker would need to either Research and target the right person with spearphishing to install malware on their computer Enter the environment through phishing any user and then perform lateral traversal to install malware on the targeted user’s computer and steal the credential CLICK 3 BLUE/DEFENSE By using advanced host mitigation and detections built into Windows 10 that, you increase the chances the attack will fail or be detected/cleaned, forcing the attacker to start the operation over again, all of which further adds to the attacker cost. Additionally, if the account being used for lateral traversal is an on-premises Active Directory account, this can be detected using Azure Advanced Threat Protection (or Advanced Threat Analytics capability that builds a profile for each user’s normal behavior and reports anomalies.
  16. Key Takeaway: Microsoft has invested into raising cost of attacks for attackers attempting to steal credentials to access your on-premises assets Assuming the adversary has stolen a valid Active Directory user credential, the cheapest and easiest way to use it to access on premises assets is to simply log on with the credential directly to a published application (Outlook Web App (OWA)or other corporate application in the extranet) or use it to VPN into your corporate network. CLICK 1 BLUE/DEFENSE Several Microsoft partners offer solutions to require multi-factor authentication for VPNs and published websites RED/ATTACK High Touch - This drives attackers to a high touch operation that requires them to compromise a trusted device in order to steal your credentials. Attacker would need to either Research and target the right person with spearphishing to install malware on their computer Enter the environment through phishing any user and then perform lateral traversal to install malware on the targeted user’s computer and steal the credential CLICK 2 BLUE/DEFENSE You can further increase the attacker’s cost by using advanced host detections built into Windows 10 that increase the chances the attacker will be detected and have to start the operation over before achieving their objective. Additionally, the attack can be detected using Azure Advanced Threat Protection (or Advanced Threat Analytics) capability that builds a profile for each user’s normal behavior and reports anomalies. CLICK 3 Additionally, we see attackers use 3rd party suppliers and partners to get access to these on premises resources. They compromise the 3rd party and take advantage of the access path that the organization has opened for these suppliers to do business with the target organization. Additional Information Note that accessing an asset shared via Azure Application Proxy or similar capability that leverages Azure AD authentication would be categorized as a cloud scenario
  17. 5/19/2020
  18. Common
  19. Key Takeaway: The first 30 days should include focused effort on identifying and classifying the assets in your infrastructure
  20. 29
  21. Key Takeaway: Microsoft is focused on building solutions for 4 key solution areas: Identity and Access Management, Information protection, Threat Protection, and Security Management
  22. Presenter notes:  It’s evolution, not revolution.  Carefully thought through, carefully executed.  And that’s where we help.