securing your hybrid/multiple cloud environment … 2019 ms...october 2017 –cloud-based detonation...
TRANSCRIPT
Securing your Hybrid/Multiple Cloud environment with Azure Security & Management
David Feng 馮立偉
台灣微軟 Azure 事業群資深協理
Built-in controls
橫跨營運、技術和合作夥伴關係的絕佳安全性
每年十億美金網路安全投資
3500+ 全球安全專家
數以萬億的各種訊息, 提供獨特的資安智慧
安全基礎和智慧化
For a heterogeneous world
© Microsoft Corporation
450B monthly
authentications
18B+ Bing web pages scanned
750M+ Azure user accounts
Enterprise security
for 90% of
Fortune 500
930M threats detected
on devices every month
Shared threat data from partners,
researchers, and law enforcement
worldwide
Botnet data from Microsoft
Digital Crimes Unit
1.2B devices scanned
each month
400B emails
analyzed 200+global cloud
consumer and commercial
services
OneDrive
Xbox Live
Microsoft
accounts
Bing
Azure
Outlook
Windows
Microsoft Intelligent Security Graph通過數萬億的信號提供獨特的見解與分析
© Microsoft Corporation
內建智慧檢測與進階分析
Powered by Microsoft Intelligent Security Graph
威脅智能系統利用 Microsoft global
threat intelligence偵測已知的惡意攻擊者
合作夥伴整合來自防火牆和反惡意軟件等合作夥伴解決方案
的警示 融合將狙殺鍊(Kill chain)中的事件和警報整合出攻擊之時間軸
行為分析尋找已知的模式和惡意行為
異常偵測利用統計分析來構建歷史數據基準
發出警報以提醒與正常情況有偏差的潛在攻擊媒介者
Real-world intelligence at work
Intelligent Edge
Intelligent Cloud
Local ML models, behavior-based detection algorithms, generics, heuristics
Metadata-based ML models
Sample analysis-based ML models
Detonation-based ML models
Big data analytics
March 6 – Behavior-based detection
algorithms blocked more than 400,000
instances of the Dofoil trojan.
February 3 – Client machine learning
algorithms automatically stopped the
malware attack Emotet in real time.
October 2017 – Cloud-based detonation ML
models identified Bad Rabbit, protecting users
14 minutes after the first encounter.
2017 2018
August 2018 – Cloud machine learning
algorithms blocked a highly targeted campaign
to deliver Ursnif malware to under 200 targets
藉由 Azure 服務簡化資安管理
Microsoft Antimalwarefor Azure
Azure Log Analytics
Azure Security Center + Azure SentinelVNET, VPN, NSG
Application Gateway(WAF), Azure Firewall
DDoS ProtectionStandard
ExpressRoute
Encryption (Disks, Storage, SQL)
Azure Key Vault
Confidential Computing
Azure Active Directory
Multi-Factor Authentication
Role Based Access Control
Azure Active Directory(Identity Protection)
+ Partner Solutions
Data protection
Network security
Threat protection
Identity & access management
Security management
Workspace Machine Learning
安全性管理
Azure Security Center
Overview Dashboard
© Microsoft Corporation Azure
Data / control feed
地端 & 多雲
Azure
ASC
IaaS
VM on
VMware
ASC
PaaS
VM on
Hyper-V
ASC
TI & network data
AWS
agent
Azure Security Center 架構
隆重介紹 Microsoft Azure Sentinel
Collect
DetectRespond
無上限的雲速度和延展性
運用 AI 機制提供更快的威脅防護
免費整合 Office 365 資料
輕鬆與現有資安產品整合
Investigate
雲端原生之 SIEM 提供企業智慧型安全分析
Security data across your enterprise
Rapidly and automate protection
Threats with vast threat intelligence
and AI
Critical incidents guided by AI
SIEM + SOAR as a Service - Azure Sentinel (Preview)
核心功能
© Microsoft Corporation Azure
Microsoft
Services
分析& 偵測威脅 調查 & 獵補可疑活動 自動化 & 協調回應
Data Ingestion Data Repository Data Search
Enrichment (Geo location, IP Reputation)
整合收集
預先整合 Microsoft 解決方案
連接眾多合作夥伴資料
標準化 log 格式支援所有資料來源
運用雲端規模收集企業內所有資安資料
強大的 Log 升級及分析平臺, 超過10 Perabytes 的每日 Log 收入量
Microsoft 365
連接到流行的安全解決方案,並與現有工具整合
© Microsoft Corporation Azure
And many more…..
Pre-built connectors for growing partner solutions
Connect to all sources with standard format support (CEF, Syslog)
Integrate with existing tools like ticketing systems (ServiceNow) or HR Management
Correlated rules
User Entity Behavior Analysis integrated with Microsoft 365
Bring your own ML models
Pre-built Machine Learning models
Threat Detection and
Analysis
基於數十年 Microsoft 安全經驗和學習的 ML 模型
無與倫比的威脅情報,每天分析多達 6.5 萬億個信號資料
數百萬個信號被過濾到幾個重要相關和優先事件
將減少高達90%無效警報
運用 AI 快速偵測威脅及分析資安資料
ActivityGraph powered ML
+ Probabilistic Kill
Chain
Additional ML
analysis
Identity
(300
Billion)
O365
Activity
(500
billion)
Azure
Activity
(320
billion)
+
90 Incidents
across 70 tenants
2.4 1.5 2.3 1.1
….
Anomalous Signals
Identity Signals
(28 million)
Anomalous O365
Signals
(20 million)
Anomalous Azure
Signals
(2 million)
All metrics across all Azure and O365 Tenants for 30 days
Suspicious
Candidates
(320)
Example : Compromise identity → Suspicious document Access→ Exfiltrate data
通過機器學習減少無關事件,讓您專注於最重要的事件
進行使用者實體行為分析以監視異常情況
© Microsoft Corporation Azure
透過機器學習方式分析及監視使用者、實體行為和活動
識別可疑使用者活動和優先判斷調查事項
UBA 與 Azure ATP 整合
大規模獵補可疑活動, 利用微軟多年的網路安全經驗
© Microsoft Corporation Azure
使用基於 Microsoft 預構建查詢和 Azure 筆記本搜索可疑活動
創建新查詢和 Azure 筆記本, 或使用 Azure Sentinel GitHub community 上所提供的範本
透過內建協調和自動化機制快速回應
橫跨各工具建立自動化和可擴展角本
! Security Products
Ticketing Systems (ServiceNow)
Additional tools
我們的合作夥伴和先期採用者對 Azure Sentinel 的看法
© Microsoft Corporation Azure
“Azure Sentinel provides a unique and cloud
centric security incident and event
management solution that is both simple to
deploy and able to manage complex
hybrid customer environments.”
Jeff Dunmall
Executive Vice President of Global
Managed Services
“My team has the upper hand with Azure
Sentinel. I get unbridled capacity, and the built-in
AI and threat intelligence based on Microsoft’s
years of cybersecurity experience really helps my
team focus on keeping our clients secure vs
managing infrastructure and threat feeds”.
Andrew Winkelmann
Global Security Consulting Practice
Lead
Take actions today- Get started with the Azure Sentinel Trial
Open Azure Sentinel preview dashboard
in Azure Portal
Connect data sources
To learn more, visit
https://aka.ms/AzureSentinel
https://git.io/azuresentinel
Start Microsoft Azure trial