This Deck, gives you an overview of the zero trust security posture, considerations you should have while looking to adopt that posture, and the advantages of doing so.
Understand the concepts of the NIST Zero Trust Architecture (ZTA). We will use a parenting analogy and show how it applies to protecting file as an enterprise resource.
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
[Round table] zeroing in on zero trust architectureDenise Bailey
Idea of Zero Trust
Frameworks e.g. NIST framework
Building a Zero Trust Architecture
Building Tech stack for transition to Zero Trust Architecture
Building Tech stack for directly implementing Zero Trust Architecture
Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
The Zero Trust Model of information #security simplifies how #information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users. It takes the old model— “trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify
Understand the concepts of the NIST Zero Trust Architecture (ZTA). We will use a parenting analogy and show how it applies to protecting file as an enterprise resource.
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
[Round table] zeroing in on zero trust architectureDenise Bailey
Idea of Zero Trust
Frameworks e.g. NIST framework
Building a Zero Trust Architecture
Building Tech stack for transition to Zero Trust Architecture
Building Tech stack for directly implementing Zero Trust Architecture
Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
The Zero Trust Model of information #security simplifies how #information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users. It takes the old model— “trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
Based on 6 years of creating zero trust networks at Google, the BeyondCorp framework has led to the popularization of a new network security model within enterprises, called the software-defined perimeter.
Understanding Zero Trust Security for IBM iPrecisely
As security threats continue to evolve and increase, companies need to also adapt their approach to IT security. One important concept that is gaining in popularity and adoption is zero trust security. The main concept behind the zero trust security model is "never trust, always verify,” which means that devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified.
Zero Trust means moving beyond a perimeter security strategy. As companies offer customers and business partners new digital experiences and processes, networks can be local, in the cloud, or a combination or hybrid with resources anywhere as well as workers in any location. This dynamic is impacting IBM i customers and zero trust security is an important element of a modern security strategy.
Join us for this webcast to hear about:
• Understanding zero trust security concepts
• Zero trust security in the real world
• Zero trust security for IBM i environments
Identity and Access Management (IAM): Benefits and Best Practices Veritis Group, Inc
Identity and Access Management (IAM) enables more cost-effective and efficient access management, authentication, identity management, and governance across your enterprise.
Read more on How IAM benefits your business and best practices for an effective IAM implementation.
Read more: https://www.veritis.com/solutions/identity-and-access-management-services/
In this webinar you’ll gain the insights you need to solve business problems proactively with IT Service (ITSM) and IT Asset Management (ITAM) working together.
Our panel of speakers will discuss real-world use cases where combining ITSM and ITAM processes, data and insights can be part of an overall plan to maximize operational efficiencies and improve service delivery, while also optimizing compliance and cost.
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
A Zero Trust network abolishes the quaint idea of a “trusted” internal network demarcated by a corporate perimeter. Instead it advocates microperimeters of control and visibility around the enterprise’s most sensitive data assets and the ways in which the enterprise uses its data to achieve its business objectives.
In this webinar, guest speaker John Kindervag, Vice President and Principal Analyst at Forrester Research, and Nimmy Reichenberg, VP of Strategy at AlgoSec will explain why a Zero Trust network should be the foundation of your security strategy, and present best practices to help companies achieve a Zero Trust state.
The webinar will cover:
• What is a Zero Trust network, and why it should be a core component of your threat detection and response strategy
• Turning theory into practice: Five steps to achieve Zero Trust information security
• How security policy management can help you define and enforce a Zero Trust network
Zero Trust: the idea that all access to corporate resources should be restricted until the user has proven their identity and access permissions, and the device has passed a security profile check. A core concept for Okta.
The material discusses Quest's "future-ready" approach to IAM in the perspective of covering the EU GDPR compliance. We discuss about the five foundational concepts of the One Identity family of solutions, and our advantage and approach on covering the four IAM pillars.
With regards to the present audience, we also included an overview of the One Identity platform.
The presentation was developed for the RISK 2018 Conference in Lasko, Slovenia
In 2018, Zero Trust Security gained popularity due to its simplicity and effectiveness. Yet despite a rise in awareness, many organizations still don’t know where to start or are slow to adopt a Zero Trust approach.
The result? Breaches affected as many as 66% of companies just last year. And as hackers become more sophisticated and resourceful, the number of breaches will continue to rise.
Unless organizations adopt Zero Trust Security. In 2019, take some time to assess your company’s risk factors and learn how to implement Zero Trust Security in your organization.
What is zero trust model of information security?Ahmed Banafa
The Zero Trust Model of information security simplifies how information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users. It takes the old model—“trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify. (Forrester)
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
Introduzione agli scenari di autenticazione per i servizi informativi nei contesti lavorativi moderni. Panoramica delle soluzioni offerte dalla soluzione Enterprise Mobility and Security per la messa in sicurezza delle identità e delle informazioni nel loro completo ciclo di vita. Prevenzione, rilevamento, contenimento e risposta a minacce di tipo avanzato con riferimenti alla cyber kill chain (focus su Endpoint, Identità, servizi di produttività e cloud app).
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
Based on 6 years of creating zero trust networks at Google, the BeyondCorp framework has led to the popularization of a new network security model within enterprises, called the software-defined perimeter.
Understanding Zero Trust Security for IBM iPrecisely
As security threats continue to evolve and increase, companies need to also adapt their approach to IT security. One important concept that is gaining in popularity and adoption is zero trust security. The main concept behind the zero trust security model is "never trust, always verify,” which means that devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified.
Zero Trust means moving beyond a perimeter security strategy. As companies offer customers and business partners new digital experiences and processes, networks can be local, in the cloud, or a combination or hybrid with resources anywhere as well as workers in any location. This dynamic is impacting IBM i customers and zero trust security is an important element of a modern security strategy.
Join us for this webcast to hear about:
• Understanding zero trust security concepts
• Zero trust security in the real world
• Zero trust security for IBM i environments
Identity and Access Management (IAM): Benefits and Best Practices Veritis Group, Inc
Identity and Access Management (IAM) enables more cost-effective and efficient access management, authentication, identity management, and governance across your enterprise.
Read more on How IAM benefits your business and best practices for an effective IAM implementation.
Read more: https://www.veritis.com/solutions/identity-and-access-management-services/
In this webinar you’ll gain the insights you need to solve business problems proactively with IT Service (ITSM) and IT Asset Management (ITAM) working together.
Our panel of speakers will discuss real-world use cases where combining ITSM and ITAM processes, data and insights can be part of an overall plan to maximize operational efficiencies and improve service delivery, while also optimizing compliance and cost.
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
A Zero Trust network abolishes the quaint idea of a “trusted” internal network demarcated by a corporate perimeter. Instead it advocates microperimeters of control and visibility around the enterprise’s most sensitive data assets and the ways in which the enterprise uses its data to achieve its business objectives.
In this webinar, guest speaker John Kindervag, Vice President and Principal Analyst at Forrester Research, and Nimmy Reichenberg, VP of Strategy at AlgoSec will explain why a Zero Trust network should be the foundation of your security strategy, and present best practices to help companies achieve a Zero Trust state.
The webinar will cover:
• What is a Zero Trust network, and why it should be a core component of your threat detection and response strategy
• Turning theory into practice: Five steps to achieve Zero Trust information security
• How security policy management can help you define and enforce a Zero Trust network
Zero Trust: the idea that all access to corporate resources should be restricted until the user has proven their identity and access permissions, and the device has passed a security profile check. A core concept for Okta.
The material discusses Quest's "future-ready" approach to IAM in the perspective of covering the EU GDPR compliance. We discuss about the five foundational concepts of the One Identity family of solutions, and our advantage and approach on covering the four IAM pillars.
With regards to the present audience, we also included an overview of the One Identity platform.
The presentation was developed for the RISK 2018 Conference in Lasko, Slovenia
In 2018, Zero Trust Security gained popularity due to its simplicity and effectiveness. Yet despite a rise in awareness, many organizations still don’t know where to start or are slow to adopt a Zero Trust approach.
The result? Breaches affected as many as 66% of companies just last year. And as hackers become more sophisticated and resourceful, the number of breaches will continue to rise.
Unless organizations adopt Zero Trust Security. In 2019, take some time to assess your company’s risk factors and learn how to implement Zero Trust Security in your organization.
What is zero trust model of information security?Ahmed Banafa
The Zero Trust Model of information security simplifies how information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users. It takes the old model—“trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify. (Forrester)
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
Introduzione agli scenari di autenticazione per i servizi informativi nei contesti lavorativi moderni. Panoramica delle soluzioni offerte dalla soluzione Enterprise Mobility and Security per la messa in sicurezza delle identità e delle informazioni nel loro completo ciclo di vita. Prevenzione, rilevamento, contenimento e risposta a minacce di tipo avanzato con riferimenti alla cyber kill chain (focus su Endpoint, Identità, servizi di produttività e cloud app).
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonAdam Levithan
The evolution of Cyber security is complete and no longer is the outer perimeter the key to successful system security. Identity Access Management is the new key to your success. Here is a model to talk to anyone about security and why Identity is the new area to focus on.
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
We're currently living Part 1 of the Content Security Journey and now we've reached a critical juncture where technologies have evolved to support Part 2. Our journey to reach the Secure Productive Enterprise (SPE) includes understanding users, their roles, what devices they're working on, and how to protect that content at rest and flying across the network. Based on real-life use cases in the Aerospace & Defence and Life Sciences industries you will walk away with an understanding of the technologies available to you, and a clear way to communicate with business stakeholders.
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityDavid J Rosenthal
Digital transformation with freedom and peace of mind
Holistic, identity-driven protection
Help guard your data from attacks on multiple levels using innovative, identity-driven security techniques.
Productivity without compromise
Preserve the mobile and desktop experiences your workers need to stay working with familiar apps and tools.
Flexible, comprehensive solutions
Do more with less—protect users, devices, apps, and data with intuitive mobile management on a future-ready platform.
microsoft@atidan.com
An overview of current cyber security concerns and ways to combat them, as well as an introduction to some of the capabilities of Azure Active Directory
Global Azure Bootcamp 2018 completed recently across the world with a huge success, and I had the opportunity to co-organize the event in Chennai, India. Also delivered a session under the IT Pro track on "Securing Your Organization with Microsoft 365. Uploaded the Session Slides here.
Event url: http://chennai-gab2018.azurewebsites.net/
Microsoft Intune y Gestión de Identidad Corporativa Plain Concepts
Gestiona todos tus dispositivos corporativos Windows 10 desde Microsoft Intune. Entornos híbridos de autenticación, autenticación multi factor y acceso seguro a aplicaciones SaaS. Por Jose María Genzor
Microsoft Enterprise Mobility + Security
Control identity + access in the cloud
Centrally manage single sign-on across devices, your datacenter, and the cloud.
Get identity-driven security
Comprehensive, intelligent protection against today's advanced attacks.
Manage mobile devices + apps
Securely manage apps and data on iOS, Android, and Windows from one place.
Protect your information
Intelligently safeguard your corporate data and enable secured collaboration.
Virtualize your desktops
Efficiently deliver and manage Windows desktops and apps on all devices.
Kaasaegsed ettevõtted muutuvad üha mobiilsemaks, kuna töötajad suudavad üha enam tööd teha kontorisse tulemata. Kuidas sellises uues situatsioonis säilitada kontroll organisatsiooni andmete üle ning tagada kasutajate ja seadmete turvalisus.
Esineja: Tõnis Tikerpäe
19.10.2016 klo 9.30 järjestimme webinaarin, jossa kävimme teknisen tietoturvan keskeiset osa-alueet lävitse ja kerromme, mitkä ovat kunkin osa-alueen asiat, jotka vähintään pitää olla kunnossa, jotta voi yöllä nukkua rauhallisin mielin. Asiantuntijavieraana webinaarissa on Microsoftin Partner Technology Strategist, Ari Auvinen, joka osaltaan kertoi, millaisia teknisiä ratkaisuja tietoturva-asioiden kunnostamiseen on olemassa.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
9. Why are we having a Zero Trust conversation?
1. IT Security is Complex
• Many Devices, Users, & Connections
2. “Trusted network” security
strategy
• Initial attacks were network based
• Seemingly simple and economical
• Accepted lower security within network
3. Assets increasingly leave network
• BYOD, WFH, Mobile, and SaaS
4. Attackers shift to identity attacks
• Phishing and credential theft
• Security teams often overwhelmed
Access Control: Keep away from
11. Zero Trust Principles
Always authenticate and
authorize based on all
available data points, including
user identity, location, device
health, data classification, and
anomalies.
Verify Explicitly
Minimize user access with
Just-In-Time and Just-Enough
Access (JIT/JEA), risk-based
adaptive polices, and data
protection which protects data
and productivity.
Least Privilege
Minimize scope of breach damage
and prevent lateral movement by
segmenting access via network, user,
devices and application awareness.
Verify all sessions are encrypted end
to end. Use analytics to get visibility
and drive threat detection
Assume Breach
12. Zero Trust Access Control Strategy
Never Trust. Always verify.
Allow
full access
Block
access
Allow
limited
Access
Signal
to make an informed decision
Device Risk
• Device Management
• Threat Detection
• and more…
User Risk
• Multi-factor Authentication
• Behavior Analytics
• and more…
based on organization’s policy
Apply to inbound requests
Re-evaluate during session
Decision
of policy across resources
Modern Applications
SaaS Applications
Legacy Applications
And more…
Enforcement
Remediate
Risk
Increase
Assurance
13. Zero Trust Model
Modern Approach to Access
Integrated Threat Intelligence
Organization Policy
14. Corporate
Network
Geo-location
Cloud SaaS
apps
On-premises
& web apps
Microsoft
Cloud App SecurityMacOS
Android
iOS
Windows
Windows
Defender ATP
Client apps
Browser apps
Google ID
MSA
Azure AD
ADFS
Require
MFA
Allow/block
access
Block legacy
authentication
Force
password
reset******
Limited
access
ControlsConditions
Machine
learning
Policies
Real time
Evaluation
Engine
Session
Risk
3
40TB
Effective
policy
Microsoft Cloud
Azure AD conditional access (Zero Trust)
Employee & Partner
Users and Roles
Trusted &
Compliant Devices
Physical &
Virtual Location
Client apps &
Auth Method
Conditions
15. Visibility and Control at the Perimeter
User
Role
Group
Device
Config
Location
Last Sign-in
Conditional
access risk
Health/Integrity
Client
Config
Last seen
High
Medium
Low
Firewall
Intrusion
Detection/Prevention
Forward/Reverse
Proxy
Source: IP Address/Port
Destination: IP Address/Port
Signatures
Analytics
Allow List
Authentication
Intranet Resources
Actions:
• Allow
• Allow Restricted
• Require MFA
• Block
• Force Remediation
Actions:
• Allow
• Block
Device
16. Conditional Access Example
User
Role: Sales Account Representative
Group: London Users
Device: Windows
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
Office resource
Conditional
access risk
Health: Device compromised
Client: Browser
Config: Anonymous
Last seen: Asia
High
Medium
Low
Anonymous IP
Unfamiliar sign-in location for this user
Malicious activity detected on device
Device
Sensitivity: Medium
Block access
Force threat
remediation
Your Pa$$word doesn't matter
17. SharePoint Online
& Office 365 apps
Identity and Access Management
Use Cases
Assign B2B users access
to any app or service
your organization owns
Add B2B users
with accounts in
other Azure AD
organizations
3
I need my customers and partners
to access the apps they need from
everywhere and collaborate seamlessly
Other
organizations
Add B2B users with MSA, Google,
or other Identity Provider accounts
Other Identity
Providers*
Google ID* Microsoft
Account
On-
premises
18. Why you Should Do this.
Reduce your Risk and take control.
19. Increasing attack cost
User credential theft
Increasing attack cost
User credential theft
Link
Link
Link
Link
Link Link
Link
25. Deploy
Configure an industry standard Identity & access management
solution
Protect Data throughout it’s full lifecycle with
Information protection
Use Security & Compliance intelligence to learn
about YOUR environment and allow informed
security decisions
Enable Threat protection capabilities and monitoring
solution
Ensure device level Zero trust with industry standard
configured Unified Endpoint Management
First steps to Zero trust Model
26. Azure AD Identity & Access Management
Secure Admin privileged identity
Configure recommended Industry practice for
global admin strategy
Enable PIM & enable specific admin roles to IT
user accounts
Configure Privileged Role Administrator
Enable and configure Azure Identity Protection
Configure Alerts on admin account resets
Additional security features
Configure Company branding
Configure Dynamic Group Membership & automated licence provisioning
Configure Self-service user groups with naming standard and expiration
Secure User identity
Restrict 3rd party app registration capabilities
Enable & harden Self-service password reset
(SSPR)
Expand authentication methods
Configure Single sign-on to cloud applications
27. Device Management
W10/macOS
Automatic Enrolment on new W10 devices
Automated BitLocker Encryption on new W10
devices
W10 Device Configuration / Application Deployment
based on identity
NCSC Device Configuration policies (User / System
hardening and Endpoint Protection)
Automated W10 Device refresh / Fresh Start
MacOS Compliance and Configuration policies
iOS/Android
Apple Business Manager / Managed Google Play portals integration with Intune
Apple Business Manager / DEP enrolment integration with Intune / Device Supplier
Apple VPP / Managed Google Play application management, approval and deployment
Android Enterprise Work Profile and Corporate Owned Fully Managed enrolments
Locked enrolment / Factory Reset Prevention
Platform
Define and configure enrolment process for all
Operating Systems for both new and "in use" devices
Application Management and Deployment
Device Compliance policies per OS
Device Configuration policies per OS
Application Protection
Lost / Stolen device Data Loss Protection
Conditional Access
28. Data & Threat Protection
Securing Exchange Online
ü Validate SPF Sender Policy Framework, which enables the receiving mail server to verify the Mail From
address of the email is genuine.
ü Enable DomainKeys Identified Mail (DKIM) to prevent spoofers from sending messages that
look like they are coming from your domain.
ü Configure Domain-based Message Authentication (DMARC) to tell other mail servers what to do
with messages which fail SPF and DKIM checks.
ü Increased Encryption keys from 1024 to 2048 length for additional security
Configure data loss and advanced threat
protection polices
Apply ATP policy configurations as per
recommended security settings
Configure DLP, Retention and sensitivity
labels
Workshops to determine information
protection and compliance strategies
External Sharing capability enablement
Enable external sharing to allow internal users
securely share content with people outside the
organization
Controlled via "allowed external
domains”, user groups, , limitations on guest
permissions & secure specific invite links
29. Enterprise Mobility + Security
Azure Information
Protection
Protect your data,
everywhere
Microsoft Cloud App Security
Azure Active Directory
Detect threats early
with visibility and
threat analytics
Advanced
Threat Analytics
Extend enterprise-grade
security to your cloud
and SaaS apps
Intune
Protect your users,
devices, and apps
Manage identity with hybrid
integration to protect application
access from identity attacks
Privileged Identity
Management
Identity
Protection
ENFORCE
MFA
ALLOW
BLOCK
Conditional Access
Windows 10
Azure AD Join,
Health Attestation,
Windows Hello,
BitLocker
30. Key Challenges and Strategic
Opportunities
Identity-based attacks
are up 300% this year
Information is your
most attractive target
Attackers constantly
evolving techniques
Most enterprises report using
more than 60 security solutions
32. Identity is the best starting point for Zero Trust.
• 1. Realign around identity
• Identity is the best starting point for Zero Trust.
• Users can have multiple devices and access enterprise
resources from a variety of networks and app
1. Realign around identity
33. 2. Device level Zero trust -Implement conditional
access controls
• Hackers routinely compromise identity credentials
and use them to access systems and move laterally
in the network.
• Trust cannot, therefore, be inferred solely from
whether a particular user or their device is inside or
outside the corporate network.
34. 3. Strengthen your credentials
• Making multi-factor authentication a part of
conditional access restrictions can help
enable better user verification and limit the
ability of hackers to misuse stolen
credentials.
35. 4. Plan for a dual-perimeter strategy
• Maintain existing network-based protections
while adding new identity-based controls to
your environment.
36. 5. Integrate intelligence and behavior
analytics
• Your ability to make good access control
decisions depends on the quality, quantity
and diversity of signals you integrate into
those decisions
37. 6. Reduce your attack surface
• Implementing privileged identity
management will minimise the likelihood of a
compromised account being used in an
administrator or other privileged role.
• It’s also a good idea to block apps using
legacy authentication protocol
38. 7. Increase security awareness
• Use a Security Information and Event
Management (SIEM) system to aggregate
and correlate the data to better detect
suspicious activities and patterns that
indicate potential network intrusions and
events, such as leaked credentials, bad IP
addresses and access from infected
devices.
39. 8. Enable end-user self-help
• Empower users to carry out certain security
tasks, such as self-service password resets
& implementing self-service group
management allows owners to create and
manage groups without needing an
administrator to do the job.
40. • Achieving Zero trust is takes time. It requires
• support from key stakeholders with clear
communication throughout the organization,
throughout the project life cycle.
9. Don’t overpromise
41. 10. Show value along the way
• One of the most effective ways to build long-
term support for a Zero Trust initiative is to
demonstrate incremental value with each
investment.
43. Identity & Access
Management
Threat
Protection
Data &
Information
Protection
Security &
Management
Azure Active Directory
Multi-Factor
Authentication
Role Based Access
Control (PIM)
Microsoft Defender
Advanced Threat
Protection
Office 365 Advanced
Threat Protection
Azure Information
Protection
Intune
Microsoft Security and
Compliance Center
+ CWSI Solutions
Self Service Password
Reset
Credential
Guard/Windows Hello
Azure Advanced Threat
Protection
Microsoft Cloud App
Security
Office 365 Data Loss
Prevention
Microsoft Information
Protection
BitLocker/File Vault
Microsoft Cloud App
Security
Mobile Threat Defense
Secure Score
Device
Management
Windows 10
Autopilot
BitLocker/File Vault
Compliance Score
Managed Service
Consulting
Zero Trust Solutions
Key Takeaway: Many businesses are transforming rapidly to compete with digital native startups, this change is driving the need for security transformation.
These are the IT transformation components to support the business’s digital transformation that will provide both challenges and opportunities for information security. While the challenges are significant, there is also a massive opportunity to solve longstanding security problems with this next generation of computing.
This represents a classic enterprise security strategy with a network perimeter and a mobile device management component bolted on.
CLICK 1
To be competitive in the marketplace, businesses are seeking to transform using new powerful technologies. The availability of cloud, mobile, and Internet of Things (IoT) technologies is fueling major disruptions in once-settled markets as
Digital native startups leverage this new technology to disrupt longstanding business models
Existing organizations are driving digital transformation to adopt the way they engage customers, empower employees, optimize operations, and offer products to customers
CLICK 2
This instantiates in a couple of different ways that each provide unique challenges for security
Software as a Service (SaaS) adoption to increase collaboration and agility – SaaS provides rapid value without many of the challenges of traditional software deployment and maintenance. While security doesn’t have to update this software, they do need to be aware of their use, assess their trustworthiness, and manage the available security controls
CLICK 3
Demand for a 1st class mobile experience – Business users increasingly have a choice of what devices and apps they can use to get their job done, requiring security to better meet their demands for a great user experience on a secure mobile devices. Business users need full functionality applications for creating value on corporate data beyond the limited functionality email/productivity applications that come with most Mobile Device Management (MDM) providers.
CLICK 4
Internet of things (IoT) is proliferating, and the manageability and visibility of these devices vary greatly from PC and mobile devices such as
Higher volume and limited functionality
Limited resources to run traditional agents
Frequently collect new forms of telemetry with new privacy and security implications
Cloud required to support analytics and IoT management – Even if IT isn’t adopting cloud platforms and infrastructure for its own value propositions, many of the new IoT architectures require cloud services to collect and report on IoT scenarios, requiring Information Security to evaluate the trust and integrate the controls for these platforms.
CLICK 5
This leads to a modern enterprise whose resources and risk are no longer defined by IP subnet addresses.
These changes bring new security challenges, but they also bring new opportunities for security to leverage the same massive storage and computing analytics capabilities to solve these new challenges as well as longstanding classic security challenges.
Note: We have chosen to represent this as a “new perimeter” rather than “perimeter-less” because the core concepts of a security perimeter still apply well to identity control (separation of threats from resources using a consistent set of controls)
We will talk in more depth about how we see this identity-based security perimeter later in the identity and access management module.
Additional Commentary
Security organizations will need to manage different aspects of this shift including the people (culture) and processes (Training) and technology to be successful
Manufacturers of IoT devices will also face new challenges like ensuring and proving the security and safety assurances of their products
Key Takeaway: Attacker techniques have been evolving rapidly recently
We have also noted an increased maturity in attacker business models where new criminal entrants are able quickly become effective using attack kits and affiliate models (where the new criminals pay the kit authors a percentage of the profits rather than buying it outright)
Mass Distribution Malware - Mass distribution malware has been with us for several decades
Tailored/Targeted Malware - This evolved into malware targeted at individual organization, which has matured into a mainstream attack method
‘File-Less’ Malware - The past few years saw increased investment into evasion of file-based detection using PowerShell to load attack code directly into memory and other similar methods
Malware-Less Attacks - Recently, we have seen the rise of attack campaigns that involve no malware. These frequently target online software as a service (such as Office 365) and involve methods like social engineering, credential theft, and native platform capabilities like document download, forged emails, delegation/forwarding rules, and PowerShell scripts.
Key Takeaway: We are in a transition period where we will be managing two styles of security perimeters to protect both legacy workloads and modern scenarios
The forces that are driving the adoption of the identity perimeter are
The prevalence of attackers using identity tactics (which bypass classic network perimeters)
The need to protect assets where network controls are not available such as cloud services/applications, mobile devices, and Internet of Things (IoT) devices
CLICK 1
An organization will reach a full “zero trust” state once they have migrated all legacy workloads to modern platforms where authorization decisions are based on integrated signals from identity (authentication), devices (configuration, integrity, etc.), the application (data/system sensitivity, and others. This will take some time to achieve for most enterprises.
Key Takeaway: Integrate for one identity. SSO.
Key Takeaway – Zero trust represents a generational shift in security strategy that reflects major changes in assets being protected and evolution of attack techniques.
See video at this site for more information/context - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/ciso-workshop-module-3#part-1-identity-and-zero-trust-history-933
Key Takeaway: Defender need to transition to using an identity security perimeter as our primary defense strategy
CLICK 1
The first thing to note is that the network security perimeters we built still work against the attacks they were designed to repel. This is quickly confirmed by anyone exposes an unpatched operating system or application to the direct internet without a firewall.
CLICK 2
Unfortunately attackers have also developed a new generation of techniques that include phishing and credential theft. These techniques allow attackers to reliably penetrate the network security perimeter and navigate around behind it.
CLICK 3
Additionally, newer technologies to increase productivity are causing data to move outside the corporate network onto managed and unmanaged devices, cloud services (both sanctioned/managed and unauthorized/Shadow IT applications). The trustworthiness of these devices and services are not defined by which IP subnet they are hosted on, so we need to manage the identities of these users, devices, services, and data.
CLICK 4
Both of these trends diminish the effectiveness of the network as the sole security perimeter. We now need to establish an identity based perimeter so we can draw a line (of consistent security controls) between our assets and the threats to them.
Key Takeaway – These are the principles for zero trust
See video at this site for more information/context - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/ciso-workshop-module-3#part-2-zero-trust-definition-and-models-1537
Key Takeaway – These are the key basic components of a Zero Trust Strategy
See video at this site for more information/context - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/ciso-workshop-module-3#part-2-zero-trust-definition-and-models-1537
Key Takeaway – This is an overview of the Zero Trust model
See video at this site for more information/context – https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/ciso-workshop-module-3#part-5-zero-trust-user-access-reference-architecture-842
Expanded view of all the conditions that are taken into account for access and the controls that you have based on the risk.
Our 40 TB of data from all the conditions, integrated EMS/M365 apps, and our security intelligence network are analyzed in real-time to determine the right policy.
Example: If an ADFS user signs in on a Windows machine with Windows Defender ATP we can take into account the health of the account and the device, as well as their location and if they are on the corporate network and what type of app they are trying to access. If they are on the corporate network in their normal office then the data produces a low risk score. The effective policy is to all access to the app. If, however, the person was logging in from a location across the world (in a short amount of time – impossible travel) and/or the Windows Defender ATP finds that the machine has been infected, the access can be blocked. If the user login and device are healthy, but it was a location they haven’t signed in from before (on a trip or other computer) then the user could be prompted with MFA or have limited access to certain applications.
Key Takeaway: This is a comparison of the visibility and control you get with classic network perimeters vs a modern identity perimeter (based on Azure Active Directory Conditional Access)
A network perimeter is composed of several functions (often combined into the same appliance) that uses data available from the network traffic to make a decision on whether to allow or block a connection. While this provides security visibility and control against some attacks, it has several significant limitations including:
Scope is limited to resources hosted on a controlled network such as an intranet/extranet
Visibility is limited to what is available on the network, which is often encrypted and frequently lacks important context on application function, user identity, data sensitivity, and other factors.
Control is limited to allow and block, which doesn’t allow for managing the user experience and providing self service corrections, exception management, etc.
CLICK 1
In contrast, an identity perimeter is aware of the user, device, and a number of attributes about each of them including the user's role, whether they logged on with MFA, when and where the device was last seen, the security health of the device, and more.
The conditional access engine uses this information to calculate the relative risk of the operation as high, medium or low.
The actions available include allow and block as well as
Allow Restricted – Users may be allowed to authenticate, but only granted limited access (e.g. a user would be granted only online access to document in SharePoint online vs. being allowed to download)
Require MFA - For authentication attempts with a medium risk (such as authentications from an unexpected time/geography), conditional access can require additional proof of identity before granting access (where this wouldn’t happen within their normal time/geography)
Force Remediation – For high risk scenarios such as a known compromised password or computer, conditional access can force the issue to be remediated (e.g. force the user to change a password that has been leaked, requiring defender to remediate the device
Network based perimeters provided needed controls for legacy workloads and PaaS components where the workload is under the control of the IT department (e.g. web applications), but protecting data and protecting newer asset types like Software as a Service (SaaS) requires and identity perimeter to provide the needed visibility and control.
Key Takeaway: This is an example of conditional access enforcing policy on an authentication attempt
In this example, a user is logging in with a device and attempting to access an internal file in Office 365 with a medium sensitivity
CLICK 1
The user provides valid credentials and the user/device information checks out (so far), so the conditional risk level would be low.
CLICK 2
As other factors are considered in the authentication decision, conditional access finds risk factors that would set risk to
Medium
An anonymous IP as the connection is coming in over the Tor network
The device was last seen in an unfamiliar sign in location
High
Defender ATP has indicated that this device has been compromised
Because of this, the conditional access engine blocks the authentication attempt and forces threat remediation (through Defender ATP)
Reference
https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa-word-doesn-t-matter/ba-p/731984
Key Takeaway: An organization can reduce their risk by adopting technology like Azure B2B
By moving partner accounts from enterprise directories to a B2B solution, you are effectively lowering their access to your environment to the least privilege required.
Key Takeaway: Microsoft has invested into raising cost of attacks for attackers attempting to steal your credentials
Zero Touch - The cheapest and easiest way for an attacker to get your users’ credentials it to download stolen credentials from a public password compromise, frequently called a “breach replay” attack
CLICK 1
BLUE/DEFENSE
Microsoft monitors sites where attackers post these credentials and reports on these leaked credentials in Azure Active Directory so you can have these users reset the password they shared between sites. (Note that the password hashes have to be synched to Azure AD for this feature to work)
RED/ATTACK
Low Touch - This drives attackers into more expensive attacksl the next cheapest is a low touch attack using a phishing email that either
a. Directs the user to enter their credentials into a fake logon website
b. Uses a script or malware to steal credentials from the local machine (non-persistent)
CLICK 2
BLUE/DEFENSE
a. Office 365 ATP protects against malicious links in phishing email and Windows Defender Smartscreen is integrated into Microsoft browsers to protect against malicious websites
b. Windows 10 includes TPM hardware protections to prevent theft of both legacy enterprise credentials (Kerberos and NTLM protected by Credential Guard) as well as modern biometric credentials (Windows Hello)
RED/ATTACK
High Touch - This drives attackers to a high touch operation that requires them to compromise a trusted device in order to steal your credentials. Attackers can either
Research and target the right person with spearphishing to install malware on their computer
Enter the environment through phishing any user and then perform lateral traversal to install malware on the targeted user’s computer and steal the credential
CLICK 3
BLUE/DEFENSE
By using advanced host mitigation and detections built into Windows 10 that, you increase the chances the attack will fail or be detected/cleaned, forcing the attacker to start the operation over again, all of which further adds to the attacker cost.
Key Takeaway: Microsoft has invested into raising cost of attacks for attackers attempting to abuse stolen credentials to access your cloud assets
This sequence assumes the adversary already has possession of a a valid credential in your Azure Active Directory
The cheapest and easiest way to use it to access cloud assets is to simply log on with the credential
CLICK 1
BLUE/DEFENSE
Microsoft (and several partners) offer multi-factor authentication that sends single use codes to a mobile phone to validate possession of the phone
RED/ATTACK
Low Touch - This drives attackers into more expensive attacks that requires them to compromise the user’s mobile device or set up a fake website for the user
(note that this will not work for a user that is running a trusted application for the MFA authentication such as the Azure MFA application)
CLICK 2
BLUE/DEFENSE
Azure AD Identity protections includes the ability to detect risky sign ins that reflect many risk factors. (Note that on-premises AD accounts need to have passwords synchronized to Azure AD in order to take advantage of this capability)
Azure AD Conditional access allows you to set policy based on the authentication risk level and the security health of the device being used for authentication, raising the amount of work (and cost) to mimic the valid user behavior so they can evade these defenses.
RED/ATTACK
High Touch - This drives attackers to a high touch operation that requires them to compromise a trusted device in order to steal your credentials. The attacker would need to either
Research and target the right person with spearphishing to install malware on their computer
Enter the environment through phishing any user and then perform lateral traversal to install malware on the targeted user’s computer and steal the credential
CLICK 3
BLUE/DEFENSE
By using advanced host mitigation and detections built into Windows 10 that, you increase the chances the attack will fail or be detected/cleaned, forcing the attacker to start the operation over again, all of which further adds to the attacker cost.
Additionally, if the account being used for lateral traversal is an on-premises Active Directory account, this can be detected using Azure Advanced Threat Protection (or Advanced Threat Analytics capability that builds a profile for each user’s normal behavior and reports anomalies.
Key Takeaway: Microsoft has invested into raising cost of attacks for attackers attempting to steal credentials to access your on-premises assets
Assuming the adversary has stolen a valid Active Directory user credential, the cheapest and easiest way to use it to access on premises assets is to simply log on with the credential directly to a published application (Outlook Web App (OWA)or other corporate application in the extranet) or use it to VPN into your corporate network.
CLICK 1
BLUE/DEFENSE
Several Microsoft partners offer solutions to require multi-factor authentication for VPNs and published websites
RED/ATTACK
High Touch - This drives attackers to a high touch operation that requires them to compromise a trusted device in order to steal your credentials. Attacker would need to either
Research and target the right person with spearphishing to install malware on their computer
Enter the environment through phishing any user and then perform lateral traversal to install malware on the targeted user’s computer and steal the credential
CLICK 2
BLUE/DEFENSE
You can further increase the attacker’s cost by using advanced host detections built into Windows 10 that increase the chances the attacker will be detected and have to start the operation over before achieving their objective.
Additionally, the attack can be detected using Azure Advanced Threat Protection (or Advanced Threat Analytics) capability that builds a profile for each user’s normal behavior and reports anomalies.
CLICK 3
Additionally, we see attackers use 3rd party suppliers and partners to get access to these on premises resources. They compromise the 3rd party and take advantage of the access path that the organization has opened for these suppliers to do business with the target organization.
Additional Information
Note that accessing an asset shared via Azure Application Proxy or similar capability that leverages Azure AD authentication would be categorized as a cloud scenario
5/19/2020
Common
Key Takeaway: The first 30 days should include focused effort on identifying and classifying the assets in your infrastructure
29
Key Takeaway: Microsoft is focused on building solutions for 4 key solution areas: Identity and Access Management, Information protection, Threat Protection, and Security Management
Presenter notes:
It’s evolution, not revolution.
Carefully thought through, carefully executed.
And that’s where we help.