황민주 / cyber security solutions group
TRANSCRIPT
황민주 / Cyber Security Solutions Group
언택트
(untact)
XaaS
Office free
Location Indefendent
AR /VR
Privacy
AI
Big Data
Cloud
WFH
일하는방식의변화,
Digital Transformation의가속화
mobile business apps
accessed daily by
employees3
5.2of organizations
using cloud294%
of organizations
currently have a formal
BYOD program in place3
60%
internet-
connected devices
in use worldwide17B
How the world changed
Bring your own devices and IoT
Explosion of cloud apps
Expanding Perimeters
Explosion of signal
Composite apps & public restful APIs
Employees, partners, customers, bots
Old World vs. New World
AI, Automation 보안이필요한이유
새로운환경에맞는새로운보안원칙이필요
Verify explicitly
Zero Trust
Zero Trust 패러다임이변화
Zero Trust is a long term strategy
Microsoft Zero Trust architecture
Visibility and Analytics
Automation
Roadmap to deploy
Go Go Passwordless!
Centralise Centralise management of 3rd party SaaS Applications
Deploy Deploy conditional access & MFA for both users & guest
Manage Configure MAM/MDM for phones, tablets & PCs
Protect Protect against Threats in Office 365
Enable Enable Multi-factor Authentication
Zero Trust Objective:
Verify identities with Multi-Factor Authentication (MFA)
Block access
Require MFA
Allow access
Limit access
위험평가를통한 Access Control
Zero Trust Objective:
Device information detection:
Malicious Apps
Device manipulation
Network exploits
Data privacy violations
Device health
Encryption
OS version
Email profile
Microsoft Defender ATP
Mobile threat defense with Defender
Visibility into device
health and
compliance
Mobile Application
Management (MAM)
Conditional Access:Restrict which apps can be
used to access email or files
Mobile Device
Management (MDM)
Conditional Access:Restrict access to managed
and compliant devices
Managed apps
(Corporate
data)
Personal apps
(Personal data)
Multi-identitypolicy
모바일장치및앱에대한제로트러스트준수
Zero Trust Objective:
Continuous policy assessment and
enforcement
Update user’s session risk through additional evaluation
In-session monitoring and policy enforcement
Edit filesView files online Open in Word/print blocked
사용자세션에대한정책적용방안
Risky user behavior logged for future
analysis and Investigation
User behavior analyzed against
session policy
Classify, label and protect data across cloud apps
Monitor, investigate and remediate data risks
• Visibility into application-based file
sharing, collaborators and
classification labels
• Report out on data exposure and
compliance risks of applications
• Govern data in the cloud with
granular DLP policies for
applications
• Classify and label data to
automatically protect,
encrypt and restrict access to
sensitive files across applications
• Generate alerts on policy
violations and trigger automatic
governance actions across
applications
• Investigate incident, quarantine
files, remove permissions and
notify users across applications
Protect sensitive data in cloud apps
Zero Trust Objective:
Discover and classify your data
데이터및파일에대한포괄적인보호적용
Monitor and remediate
Zero Trust Objective:
Gain insights across your enterprise
Azure Sentinel 아키텍쳐
AWS
SOAR and UEBA
Azure Sentinel – SIEM + SOAR + UEBA
UEBA (User Entity Behavior Analytics)
199
122
40
Provide actionable securityalerts, raw logs, or both
일하는방식의변화가기업미래경쟁력의요소?
Iden
tity
Man
ag
em
en
t
Zerto Trust Network 보안에서중점을두어야할사항
36
Iden
tity
Man
ag
em
en
t
37
Zero Trust
보안에서중점을두어야할사항
Major phases of Zero Trust Networking
Verify Identity
Verify Device
Verify Access
Verify Services✓ All user accounts set
up for strong identity
enforcement
✓ Strong identity
enforced for
Exchange
✓ Least privilege user
rights
✓ Eliminate passwords
– biometric based
model
✓ Device health required
for SharePoint, Exchange,
Teams on iOS, Android,
Mac, and Windows
✓ Usage data for
Application & Services
✓ Device Management
required to access
corporate wireless
✓ Internet Only for
users
✓ Establish solutions for
unmanaged devices
✓ Least privilege access
model
✓ Device health
required for
wired/wireless
corporate network
✓ Grow coverage in
Device health
requirement
✓ Service health concept
and POC (Distant Future)
✓ Device
management
not required
✓ Single factor
authentication
to resources
✓ Capability to
enforce strong
identity exists
Pre-Zero Trust
User and Access Telemetry
$1B+ annual investments
Over 3500 security experts
Trillions of diverse signals
How Microsoft
helps strengthen
securityControls
Magic Quadrant
Access
Management
Cloud Access
Security Broker
Enterprise
Information Archiving
Endpoint
Protection Platform
Unified Endpoint
Management
*Gartner “Magic Quadrant for Access Management,” by Michael Kelley, Abhyuday Data, Henrique, Teixeira, August 2019*Gartner “Magic Quadrant for Cloud Access Security Brokers,” by Steve Riley, Craig Lawson, October 2019
*Gartner “Magic Quadrant for Enterprise Information Archiving,” by Julian Tirsu, December 2018
*Gartner “Magic Quadrant for Endpoint Protection Platforms,” by Peter Firstbrook, Dionisio Zumerle, Prateek Bhajanka, Lawrence Pingree, Paul Webber, August 2019
*Gartner “Magic Quadrant for Unified Endpoint Management Tools,” by Chris Silva, Manjunath Bhat, Rich Doheny, Rob Smith, August 2019
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only
those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular
purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.
Microsoft Security
© Copyright Microsoft Corporation. All rights .