Combatendo Crimes Digitais Corporativos com Ferramentas na NuvemMarden MenezesMobility and [email protected]
The current reality…EC2
On-Premises Private CloudManaged devices
* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report*** Verizon 2013 data breach investigation report
61 percent of workers mix personal and work tasks in their devices*
61%
>70%>70 percent of network intrusions exploited weak or stolen credentials ***
>80 percent of employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs**
>80%
Mobile and cloud: challenging security paradigms
Secure your Data/Files
Secure your identities
Secure your Apps
Secure yourDevices
Self-serviceMFA
Single sign on
•••••••••••
Username
Identity as the control planeSimple connection
Cloud
SaaSAzure
Office 365Publiccloud
Other Directories
Windows ServerActive Directory
On-premises
Microsoft Azure Active Directory
1 trillionAzure AD authentications since the release of the service
>80kthird-party applications used with Azure AD each month
>1.3 billion authentications every day on Azure AD
More than
600 M user accounts on Azure AD
Azure AD Directories>9 M
86% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI)
Every Office 365 and Microsoft Azure customer uses Azure Active Directory
Azure Active DirectoryMicrosoft’s “Identity Management as a Service (IDaaS)” for organizations.Millions of independent identity systems controlled by enterprise and government “tenants.”Information is owned and used by the controlling organization—not by Microsoft.Born-as-a-cloud directory for Office 365. Extended to manage across many clouds.Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B).
Conditions
Allow access or
Block access
Actions
Enforce MFA per user/per app
User, App sensitivityDevice state
LocationUser
NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES
CLOUD APP DISCOVERY
PRIVILEGED IDENTITY MANAGEMENT
MFA
IDENTITY PROTECTION
Risk
Identity-driven securityCLOUD-POWERED PROTECTION
Azure Active Directory Identity ProtectionCLOUD-POWERED PROTECTION
Identity Protection at its best
Risk severity calculation
Remediation recommendations
Risk-based conditional access automatically protects against suspicious logins and compromised credentials
Gain insights from a consolidated view of machine learning based threat detection
Leaked credentials
Infected devices Configuration
vulnerabilities Risk-based policiesMFA Challenge Risky Logins
Block attacks
Change bad credentials
Machine-Learning Engine
Brute force attacks
Suspicious sign-in
activities
Azure Active Directory Identity ProtectionCLOUD-POWERED PROTECTION
Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools
Security/Monitoring/Reporting SolutionsNotifications
Data Extracts/Downloads
Reporting APIs
Power BI
Apply Microsoft learnings to your existing security tools
SIEM Monitor Tools
Microsoft machine - learning engine
Leaked credentials
Infected devices Configuration
vulnerabilities Brute force attacks
Suspicious sign-in
activities
Identity Protection
Privileged Identity ManagementCLOUD-POWERED PROTECTION
Discover, restrict, and monitor privileged identities
Enforce on-demand, just-in-time administrative access when neededUse Alert, Audit Reports and Access Review
Global Administrato
r
Billing Administrato
r
Service Administrato
r
User Administrato
r
Password Administrato
r
Privileged Identity ManagementCLOUD-POWERED PROTECTION
How time-limited activation of privileged roles works
MFA is enforced during the activation process
Alerts inform administrators about out-of-band changes
Users need to activate their privileges to perform a task
Users will retain their privileges for a pre-configured amount of time
Security admins can discover all privileged identities, view audit reports and review everyone who has is eligible to activate via access reviews
Audit
SECURITY ADMIN
Configure Privileged Identity Management
USER
PRIVILEGED IDENTITY MANAGEMENT
Identityverificati
onMonitor
Access reports
MFA
ALERT
Read only
ADMIN PROFILESBilling Admin
Global Admin
Service Admin
CLOUD-POWERED PROTECTION
Removes unneeded permanent admin role assignments
Limits the time a user has admin privileges
Ensures MFA validation prior to admin role activation
Reduces exposure to attacks targeting admins Separates role
administration from other tasks
Adds roles for read-only views of reports and history
Asks users to review and justify continued need for admin role
Simplifies delegation
Enables least privilege role assignments
Alerts on users who haven’t used their role assignments
Simplifies reporting on admin activity
Increases visibility and finer-grained control
Benefits: Privileged Identity Management
Detect threats fast with behavioral
analytics
Adapt as fast as your enemies
Focus on what is important fast using
the simple attack timeline
Reduce the fatigue of false
positives
No need to create rules or policies, deploy agents, or monitor a flood of security reports. The intelligence needed is ready to analyze and is continuously learning.
ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly evolving enterprise.
The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who, what, when, and how” of your enterprise. It also provides recommendations for next steps.
Alerts only happen once suspicious activities are contextually aggregated; not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path.
Microsoft Advanced Threat AnalyticsCLOUD-POWERED PROTECTION
How Microsoft Advanced Threat Analytics works
Abnormal Behavior Anomalous
logins Remote
execution Suspicious
activity
Security issues and risks Broken trust Weak protocols Known protocol
vulnerabilities
Malicious attacks Pass-the-Ticket (PtT) Pass-the-Hash (PtH) Overpass-the-Hash Forged PAC (MS14-
068)
Golden Ticket Skeleton key
malware Reconnaissance BruteForce
Unknown threats Password sharing Lateral
movement
Introducing Microsoft Cloud App SecurityCLOUD-POWERED PROTECTION
Extending visibility and control to cloud appsCreate policies for access, activities, and data sharingAutomatically identify risky activities, abnormal behaviors, and threatsPrevent data leakage (DLP)Minimize risk and automated threat prevention and policy enforcement
Mobile application management
PC managementMobile device management
Enterprise mobility management with Intune
Intune helps organizations provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
User IT
Devicesenrolled
Apply policies
Company PortalRecommended apps for user’s devices
Mobile device management
ITUser
Conditional access to email
Policy verification
•••••••••
Username Microsoft Intune
Required settings defined by IT admin:Enrolled deviceEncrypted devicePasscode set
Admin console
Not jailbroken/rooted
ITITUser
Conditional access to email
Policy verification
•••••••••
Username Microsoft Intune
Required settings defined by IT admin:Enrolled deviceEncrypted devicePasscode set
Admin console
Not jailbroken/rooted
ITITUser
ConditionalAccessto E-mail
Conditional Access to Sharepoint
Personal apps
Selective wipeManaged apps Company Portal
Are you sure you want to wipe corporate data and applications from the user’s device?OK Cancel
Perform selective wipe via self-service company portal or admin console
Remove managed apps and data
Keep personal apps and data intact
ITIT
Mobile application management
Maximize mobile productivity and protect corporate resources with Office mobile apps
Extend these capabilities to existing line-of-business apps using the Intune app wrapperEnable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps
Managed apps
Personal appsPersonal apps
Managed apps
ITUser
Mobile application management
Personal apps
Managed apps
Copy Paste Save
Maximize productivity while preventing leakage of company data by restricting actions such as copy/cut/paste/save in your managed app ecosystem
Save to personal storage
Paste to personal app
User
Email attachment
32
Secret Cola Formula
WaterHFCS
Brown #16
Secret Cola Formula
WaterHFCS
Brown #16
#!@#!#!@#!()&)(*&)(@#!#!@#!#!@#!()&)(*&)(@#!#!@#!#!@#!()&)(*&)(@#!
Use Rights +
Protect Unprotect
Rights ManagementUsage rights + symmetric key stored in file as ‘license’
License protected by customer owned RSA key
File is protected by its own, unique AES symmetric key.
Brad uses Share Protected
The document is sent with instant revocation
Bob receives an email with the document
Bob opens the document
Brad wants to track the document
Looks like Bob shared the document with Mary, but she couldn’t open it. Brad sends the document to Mary himself.
Brad wants to track a document he sends to his staff
Brad reaches the Document Tracking site
40
Brad tracks a document he sends to his staff
Summary View
42
Timeline View
43
Map View
44
Brad wants to revoke the document
Microsoft Confidential - EU RMS User Group / Oct 2014
45
Intune
Azure Rights Management and Secure
Islands Protect your users, devices,
and apps
Detect problems early with
visibility and threat analytics
Protect your data, everywhere
Extend enterprise-grade security to your cloud and
SaaS apps
Manage identity with hybrid integration to protect
application access from identity attacks
Enterprise mobility + security
Advanced Threat Analytics
Microsoft Cloud App Security
Azure Active Directory Identity
Protection
Marden [email protected]
© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.