Microsoft - Combatendo Crimes Digitais Corporativos com Ferramentas na Nuvem

Combatendo Crimes Digitais Corporativos com Ferramentas na NuvemMarden MenezesMobility and Securitymardenm@microsoft.com

The current reality…EC2

On-Premises Private CloudManaged devices

* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report*** Verizon 2013 data breach investigation report

61 percent of workers mix personal and work tasks in their devices*

61%

>70%>70 percent of network intrusions exploited weak or stolen credentials ***

>80 percent of employees admit to using non-approved software-as-a-service (SaaS) applications in their jobs**

>80%

Mobile and cloud: challenging security paradigms

Secure your Data/Files

Secure your identities

Secure your Apps

Secure yourDevices

Self-serviceMFA

Single sign on

•••••••••••

Username

Identity as the control planeSimple connection

Cloud

SaaSAzure

Office 365Publiccloud

Other Directories

Windows ServerActive Directory

On-premises

Microsoft Azure Active Directory

1 trillionAzure AD authentications since the release of the service

>80kthird-party applications used with Azure AD each month

>1.3 billion authentications every day on Azure AD

More than

600 M user accounts on Azure AD

Azure AD Directories>9 M

86% of Fortune 500 companies use Microsoft Cloud (Azure, O365, CRM Online, and PowerBI)

Every Office 365 and Microsoft Azure customer uses Azure Active Directory

Azure Active DirectoryMicrosoft’s “Identity Management as a Service (IDaaS)” for organizations.Millions of independent identity systems controlled by enterprise and government “tenants.”Information is owned and used by the controlling organization—not by Microsoft.Born-as-a-cloud directory for Office 365. Extended to manage across many clouds.Evolved to manage an organization’s relationships with its customers/citizens and partners (B2C and B2B).

Conditions

Allow access or

Block access

Actions

Enforce MFA per user/per app

User, App sensitivityDevice state

LocationUser

NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES

CLOUD APP DISCOVERY

PRIVILEGED IDENTITY MANAGEMENT

MFA

IDENTITY PROTECTION

Risk

Identity-driven securityCLOUD-POWERED PROTECTION

Azure Active Directory Identity ProtectionCLOUD-POWERED PROTECTION

Identity Protection at its best

Risk severity calculation

Remediation recommendations

Risk-based conditional access automatically protects against suspicious logins and compromised credentials

Gain insights from a consolidated view of machine learning based threat detection

Leaked credentials

Infected devices Configuration

vulnerabilities Risk-based policiesMFA Challenge Risky Logins

Block attacks

Change bad credentials

Machine-Learning Engine

Brute force attacks

Suspicious sign-in

activities

Azure Active Directory Identity ProtectionCLOUD-POWERED PROTECTION

Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools

Security/Monitoring/Reporting SolutionsNotifications

Data Extracts/Downloads

Reporting APIs

Power BI

Apply Microsoft learnings to your existing security tools

SIEM Monitor Tools

Microsoft machine - learning engine

Leaked credentials

Infected devices Configuration

vulnerabilities Brute force attacks

Suspicious sign-in

activities

Identity Protection

Privileged Identity ManagementCLOUD-POWERED PROTECTION

Discover, restrict, and monitor privileged identities

Enforce on-demand, just-in-time administrative access when neededUse Alert, Audit Reports and Access Review

Global Administrato

r

Billing Administrato

r

Service Administrato

r

User Administrato

r

Password Administrato

r

Privileged Identity ManagementCLOUD-POWERED PROTECTION

How time-limited activation of privileged roles works

MFA is enforced during the activation process

Alerts inform administrators about out-of-band changes

Users need to activate their privileges to perform a task

Users will retain their privileges for a pre-configured amount of time

Security admins can discover all privileged identities, view audit reports and review everyone who has is eligible to activate via access reviews

Audit

SECURITY ADMIN

Configure Privileged Identity Management

USER

PRIVILEGED IDENTITY MANAGEMENT

Identityverificati

onMonitor

Access reports

MFA

ALERT

Read only

ADMIN PROFILESBilling Admin

Global Admin

Service Admin

CLOUD-POWERED PROTECTION

Removes unneeded permanent admin role assignments

Limits the time a user has admin privileges

Ensures MFA validation prior to admin role activation

Reduces exposure to attacks targeting admins Separates role

administration from other tasks

Adds roles for read-only views of reports and history

Asks users to review and justify continued need for admin role

Simplifies delegation

Enables least privilege role assignments

Alerts on users who haven’t used their role assignments

Simplifies reporting on admin activity

Increases visibility and finer-grained control

Benefits: Privileged Identity Management

Detect threats fast with behavioral

analytics

Adapt as fast as your enemies

Focus on what is important fast using

the simple attack timeline

Reduce the fatigue of false

positives

No need to create rules or policies, deploy agents, or monitor a flood of security reports. The intelligence needed is ready to analyze and is continuously learning.

ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly evolving enterprise.

The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who, what, when, and how” of your enterprise. It also provides recommendations for next steps.

Alerts only happen once suspicious activities are contextually aggregated; not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path.

Microsoft Advanced Threat AnalyticsCLOUD-POWERED PROTECTION

How Microsoft Advanced Threat Analytics works

Abnormal Behavior Anomalous

logins Remote

execution Suspicious

activity

Security issues and risks Broken trust Weak protocols Known protocol

vulnerabilities

Malicious attacks Pass-the-Ticket (PtT) Pass-the-Hash (PtH) Overpass-the-Hash Forged PAC (MS14-

068)

Golden Ticket Skeleton key

malware Reconnaissance BruteForce

Unknown threats Password sharing Lateral

movement

Introducing Microsoft Cloud App SecurityCLOUD-POWERED PROTECTION

Extending visibility and control to cloud appsCreate policies for access, activities, and data sharingAutomatically identify risky activities, abnormal behaviors, and threatsPrevent data leakage (DLP)Minimize risk and automated threat prevention and policy enforcement

Mobile application management

PC managementMobile device management

Enterprise mobility management with Intune

Intune helps organizations provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure.

User IT

Devicesenrolled

Apply policies

Company PortalRecommended apps for user’s devices

Mobile device management

ITUser

Conditional access to email

Policy verification

•••••••••

Username Microsoft Intune

Required settings defined by IT admin:Enrolled deviceEncrypted devicePasscode set

Admin console

Not jailbroken/rooted

ITITUser

Conditional access to email

Policy verification

•••••••••

Username Microsoft Intune

Required settings defined by IT admin:Enrolled deviceEncrypted devicePasscode set

Admin console

Not jailbroken/rooted

ITITUser

ConditionalAccessto E-mail

Conditional Access to Sharepoint

Personal apps

Selective wipeManaged apps Company Portal

Are you sure you want to wipe corporate data and applications from the user’s device?OK Cancel

Perform selective wipe via self-service company portal or admin console

Remove managed apps and data

Keep personal apps and data intact

ITIT

Mobile application management

Maximize mobile productivity and protect corporate resources with Office mobile apps

Extend these capabilities to existing line-of-business apps using the Intune app wrapperEnable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps

Managed apps

Personal appsPersonal apps

Managed apps

ITUser

Mobile application management

Personal apps

Managed apps

Copy Paste Save

Maximize productivity while preventing leakage of company data by restricting actions such as copy/cut/paste/save in your managed app ecosystem

Save to personal storage

Paste to personal app

User

Email attachment

32

Secret Cola Formula

WaterHFCS

Brown #16

Secret Cola Formula

WaterHFCS

Brown #16

#!@#!#!@#!()&)(*&)(@#!#!@#!#!@#!()&)(*&)(@#!#!@#!#!@#!()&)(*&)(@#!

Use Rights +

Protect Unprotect

Rights ManagementUsage rights + symmetric key stored in file as ‘license’

License protected by customer owned RSA key

File is protected by its own, unique AES symmetric key.

Brad uses Share Protected

The document is sent with instant revocation

Bob receives an email with the document

Bob opens the document

Brad wants to track the document

Looks like Bob shared the document with Mary, but she couldn’t open it. Brad sends the document to Mary himself.

Brad wants to track a document he sends to his staff

Brad reaches the Document Tracking site

40

Brad tracks a document he sends to his staff

Summary View

42

Timeline View

43

Map View

44

Brad wants to revoke the document

Microsoft Confidential - EU RMS User Group / Oct 2014

45

Intune

Azure Rights Management and Secure

Islands Protect your users, devices,

and apps

Detect problems early with

visibility and threat analytics

Protect your data, everywhere

Extend enterprise-grade security to your cloud and

SaaS apps

Manage identity with hybrid integration to protect

application access from identity attacks

Enterprise mobility + security

Advanced Threat Analytics

Microsoft Cloud App Security

Azure Active Directory Identity

Protection

Marden Menezesmardenm@microsoft.com

© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.