securing your hybrid/multiple cloud environment … 2019 ms...october 2017 –cloud-based detonation...

Securing your Hybrid/Multiple Cloud environment with Azure Security & Management

David Feng 馮立偉

台灣微軟 Azure 事業群資深協理

混合雲需要新的安全方法來防禦

分散式的資源資訊安全人員技能短缺日益複雜的攻擊

越來越多的基礎架構分佈在公共雲和本地資料中心

微軟混合雲監控範圍 – 應用程式 & 基礎架構

基礎架構應用程式

網路

Built-in controls

橫跨營運、技術和合作夥伴關係的絕佳安全性

每年十億美金網路安全投資

3500+ 全球安全專家

數以萬億的各種訊息, 提供獨特的資安智慧

安全基礎和智慧化

For a heterogeneous world

© Microsoft Corporation

450B monthly

authentications

18B+ Bing web pages scanned

750M+ Azure user accounts

Enterprise security

for 90% of

Fortune 500

930M threats detected

on devices every month

Shared threat data from partners,

researchers, and law enforcement

worldwide

Botnet data from Microsoft

Digital Crimes Unit

1.2B devices scanned

each month

400B emails

analyzed 200+global cloud

consumer and commercial

services

OneDrive

Xbox Live

Microsoft

accounts

Bing

Azure

Outlook

Windows

Microsoft Intelligent Security Graph通過數萬億的信號提供獨特的見解與分析

© Microsoft Corporation

內建智慧檢測與進階分析

Powered by Microsoft Intelligent Security Graph

威脅智能系統利用 Microsoft global

threat intelligence偵測已知的惡意攻擊者

合作夥伴整合來自防火牆和反惡意軟件等合作夥伴解決方案

的警示融合將狙殺鍊(Kill chain)中的事件和警報整合出攻擊之時間軸

行為分析尋找已知的模式和惡意行為

異常偵測利用統計分析來構建歷史數據基準

發出警報以提醒與正常情況有偏差的潛在攻擊媒介者

Real-world intelligence at work

Intelligent Edge

Intelligent Cloud

Local ML models, behavior-based detection algorithms, generics, heuristics

Metadata-based ML models

Sample analysis-based ML models

Detonation-based ML models

Big data analytics

March 6 – Behavior-based detection

algorithms blocked more than 400,000

instances of the Dofoil trojan.

February 3 – Client machine learning

algorithms automatically stopped the

malware attack Emotet in real time.

October 2017 – Cloud-based detonation ML

models identified Bad Rabbit, protecting users

14 minutes after the first encounter.

2017 2018

August 2018 – Cloud machine learning

algorithms blocked a highly targeted campaign

to deliver Ursnif malware to under 200 targets

http://aka.ms/dofoil

https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak/

https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/

https://cloudblogs.microsoft.com/microsoftsecure/2018/09/06/small-businesses-targeted-by-highly-localized-ursnif-campaign/

藉由 Azure 服務簡化資安管理

Microsoft Antimalwarefor Azure

Azure Log Analytics

Azure Security Center + Azure SentinelVNET, VPN, NSG

Application Gateway(WAF), Azure Firewall

DDoS ProtectionStandard

ExpressRoute

Encryption (Disks, Storage, SQL)

Azure Key Vault

Confidential Computing

Azure Active Directory

Multi-Factor Authentication

Role Based Access Control

Azure Active Directory(Identity Protection)

+ Partner Solutions

Data protection

Network security

Threat protection

Identity & access management

Security management

太多分散的產品

大量的安全警報

安全技能短缺

缺乏自動化

不斷上升的基礎設施成本和前期投資

IT 部署和維護

複雜的威脅

傳統 SOC 面臨的挑戰

Cloud + Artificial Intelligence

企業資安小組

更快地獲得安全保障

Azure Security Center

強化安全狀態

雲安全狀態管理

安全評分

政策和合規性

防範威脅

伺服器雲原生工作負載資料庫和存儲

Workspace Machine Learning

安全性管理

Azure Security Center

Overview Dashboard

© Microsoft Corporation Azure

Data / control feed

地端 & 多雲

Azure

ASC

IaaS

VM on

VMware

ASC

PaaS

VM on

Hyper-V

ASC

TI & network data

AWS

agent

Azure Security Center 架構

Demo - Azure Security Center

隆重介紹 Microsoft Azure Sentinel

Collect

DetectRespond

無上限的雲速度和延展性

運用 AI 機制提供更快的威脅防護

免費整合 Office 365 資料

輕鬆與現有資安產品整合

Investigate

雲端原生之 SIEM 提供企業智慧型安全分析

Security data across your enterprise

Rapidly and automate protection

Threats with vast threat intelligence

and AI

Critical incidents guided by AI

SIEM + SOAR as a Service - Azure Sentinel (Preview)

核心功能


Microsoft

Services

分析& 偵測威脅調查 & 獵補可疑活動自動化 & 協調回應

Data Ingestion Data Repository Data Search

Enrichment (Geo location, IP Reputation)

整合收集

收集企業的安全資料

預先整合 Microsoft 解決方案

連接眾多合作夥伴資料

標準化 log 格式支援所有資料來源

運用雲端規模收集企業內所有資安資料

強大的 Log 升級及分析平臺, 超過10 Perabytes 的每日 Log 收入量

Microsoft 365

連接到流行的安全解決方案，並與現有工具整合


And many more…..

Pre-built connectors for growing partner solutions

Connect to all sources with standard format support (CEF, Syslog)

Integrate with existing tools like ticketing systems (ServiceNow) or HR Management


優化的儀表板根據特定安全解決方案深入瞭解問題所在

透過 REST API 和進階查詢建立自訂收集器

與廣泛的合作夥伴生態系統合作

Demo- Overview dashboard and data collection


分析和偵測透過風險智能分析各式威脅

Correlated rules

User Entity Behavior Analysis integrated with Microsoft 365

Bring your own ML models

Pre-built Machine Learning models

Threat Detection and

Analysis

基於數十年 Microsoft 安全經驗和學習的 ML 模型

無與倫比的威脅情報，每天分析多達 6.5 萬億個信號資料

數百萬個信號被過濾到幾個重要相關和優先事件

將減少高達90%無效警報

運用 AI 快速偵測威脅及分析資安資料

ActivityGraph powered ML

+ Probabilistic Kill

Chain

Additional ML

analysis

Identity

(300

Billion)

O365

Activity

(500

billion)

Azure

Activity

(320

billion)

+

90 Incidents

across 70 tenants

2.4 1.5 2.3 1.1

….

Anomalous Signals

Identity Signals

(28 million)

Anomalous O365

Signals

(20 million)

Anomalous Azure

Signals

(2 million)

All metrics across all Azure and O365 Tenants for 30 days

Suspicious

Candidates

(320)

Example : Compromise identity → Suspicious document Access→ Exfiltrate data

通過機器學習減少無關事件，讓您專注於最重要的事件

進行使用者實體行為分析以監視異常情況


透過機器學習方式分析及監視使用者、實體行為和活動

識別可疑使用者活動和優先判斷調查事項

UBA 與 Azure ATP 整合

Demo- Threat Detection and analytics


調查 & 獵捕透過 AI 分析的重大事件

利用 AI 調查威脅並大規模追捕可疑活動


獲得優先順序警示和自動化專家指導

視覺化整個攻擊及其影響

自動關連不同資料來源和警示

大規模獵補可疑活動, 利用微軟多年的網路安全經驗


使用基於 Microsoft 預構建查詢和 Azure 筆記本搜索可疑活動

創建新查詢和 Azure 筆記本, 或使用 Azure Sentinel GitHub community 上所提供的範本

Demo- Investigation and hunting


回應快速及自動化保護

透過內建協調和自動化機制快速回應

橫跨各工具建立自動化和可擴展角本

! Security Products

Ticketing Systems (ServiceNow)

Additional tools

Demo- Automation and orchestration with playbooks


我們的合作夥伴和先期採用者對 Azure Sentinel 的看法


“Azure Sentinel provides a unique and cloud

centric security incident and event

management solution that is both simple to

deploy and able to manage complex

hybrid customer environments.”

Jeff Dunmall

Executive Vice President of Global

Managed Services

“My team has the upper hand with Azure

Sentinel. I get unbridled capacity, and the built-in

AI and threat intelligence based on Microsoft’s

years of cybersecurity experience really helps my

team focus on keeping our clients secure vs

managing infrastructure and threat feeds”.

Andrew Winkelmann

Global Security Consulting Practice

Lead

Take actions today- Get started with the Azure Sentinel Trial

Open Azure Sentinel preview dashboard

in Azure Portal

Connect data sources

To learn more, visit

https://aka.ms/AzureSentinel

https://git.io/azuresentinel

Start Microsoft Azure trial

https://aka.ms/AzureSentinel

https://git.io/azuresentinel

Azure 符合超過 70 個各式規範

THANK YOU

securing your hybrid/multiple cloud environment … 2019 ms...october 2017 –cloud-based detonation...

Documents