Data-driven security insights Machine Learning Intelligent Automation … · 2019-06-20 ·...
Transcript of Data-driven security insights Machine Learning Intelligent Automation … · 2019-06-20 ·...
Data-driven security insights
Machine Learning
Intelligent Automation
Cloud Scale
Extensive machine learning to:• Reduce manual effort• Reduce wasted effort
on false positives• Speed up detection
Defense-in-depth
This Photo by Unknown Author is licensed under CC BY-SA-NC
Resilience: Designed to recover quickly
THEN NOWReliability:Designed not to fail
!
!
!
!
Prevent:Every possible attackProtect, Detect, & Respond along the kill chain
!
!
!
!!
!
Assume
Compromise:
Securing Privileged Access
Office 365 Security
Rapid Cyberattacks (Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording StrategiesOffice 365
Dynamics 365
+Monitor
Azure Sentinel – Cloud Native SIEM and SOAR (Preview)
SQL Encryption &
Data Masking
Data Loss Protection
Data Governance
eDiscovery
Data-driven security insights
Machine Learning
Intelligent Automation
Cloud Scale
Data-driven security insights
Microsoft Trust Center
Microsoft Threat Protection
Threat & Business Prioritization Helping customers focus on the right things at the right time
Threat Context
Business Context
Automated Compensation Bridging between the IT and Security admins
Game changing IT/Security bridge scenarios
DEMO:Threat Vulnerability Management
Data-driven security insights
Help you continuously improve your security posture by
decreasing attack surface in a very targeted way
Machine learning
Early adopters are finding that Azure Sentinel reduces
threat hunting from hours to seconds.
AZURE AD PASSWORD PROTECTION
https://www.microsoft.com/en-
us/research/publication/password-
guidance/
https://pages.nist.gov/800-63-
3/sp800-63b.html
Passwordless
CRITICAL BEST PRACTICES
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview
• Azure AD reporting - Risk events are part of Azure AD's security reports.
For more information, see the users at risk security report and the risky sign-
ins security report.
• Azure AD Identity Protection - Risk events are also part of the reporting
capabilities of Azure Active Directory Identity Protection.
• Use the Identity Protection risk events API to gain programmatic access to
security detections using Microsoft Graph.
0. Do Nothing (Not Recommended)
DEMO:Azure Sentinel
Machine learning
Helps protect you by looking for what you cannot see
Intelligent automation
DEMO:Workflow automation
Intelligent automation
Helps you come to the right conclusion, fast, and helps
you respond & recover quickly
Leveraging cloud scale
Security Dashboards
Deliver Rapid Insights into
Security State Across All
Workloads
API
Microsoft Intelligent Security Graph
Knowledge of detections
shared
Knowledge of detections
shared
Knowledge of detections
shared
Azure ATP, Azure AD Identity Protection
Behavioral-based detection of
advanced credential theft attacks &
lateral movement, on premises &
cloud identities. Build automated
response policies based on
anomalous behavior.
Office 365 TI & AIR, Microsoft Secure Score, Threat Experts, Threat
AnalyticsInvestigate and respond to attacks
by seeing activity, correlating signals
and taking remediation actions –
manually or using automation.
Improve security posture and
educate users. Allow Microsoft
Threat Hunters to have your back,
Microsoft Defender ATP Exploit Guard & Antivirus
Protect against malicious files on
disk and in memory with advanced
local & cloud Machine Learning.
Hardening through Dynamic
Application Whitelisting,
Ransomware Protection and
outbound connection blocking.
Office 365 Advanced Threat Protection
Protect from dangerous links, phishing
attempts & malicious attachments.
Detect potential malicious
collaboration behavior
Microsoft Defender ATP Detection & Response, Auto Investigation & Remediation
Behavioral based detection of advanced
attacks on the endpoint using deeply
integrated sensors. AI-based investigation
and remediation
Graph Security API
Email attachment
Email message
1st and 3rd
party Threat Intelligence
added
Malicious File
Leverage SIEM connector options
to consume alerts
MO
NIT
OR
Microsoft Cloud App Security
Discover and assess risks, control
access in real time, protect your
information and detect and
protect against threats. Integrate
to uncover data exfiltration,
block unsanctioned cloud apps.
Conditional AccessProtect your data from
malicious hackers with a risk-
based conditional access policy
that can be applied to all apps
and all users, whether on-
premises or in the cloud
Microsoft Defender ATP SmartScreen, Firewall, Threat & Vulnerability
ManagementHelps protect against
phishing and malware
websites and malicious
downloads. Risk-driven
approach to the discovery,
prioritization, and
remediation of endpoint
vulnerabilities and
misconfigurations
SIEMSecurity Incident Event
Management
MONITOR?
Microsoft Intelligent Security Graph
SOAR!
Azure SentinelSecurity Orchestration, Automation
& Response
Analytics
Correlation
Categorization
Normalizing
Cloud born SIEM
Better Integration
Graph API based
Fast Analytics
Security Data Lake
No Data on prem
Workflow automation
Leveraging cloud scale
Ensures reduced complexity, lower TCO and always
enough capacity so you can absorb the blows
Data-driven security insightshelp you continuously improve your security posture by decreasing attack surface in a very targeted way
Machine Learninghelps protect you by looking for what you cannot see
Intelligent Automationhelps you come to the right conclusion, fast, and helps you respond & recover quickly
Cloud Scaleensures reduced complexity, lower TCO and always enough capacity so you can absorb the blows