How to secure and manage modern IT - Ondrej Vysek

@ITCAMPRO #ITCAMP17Community Conference for IT Professionals

How to secure and manage modern IT

Ondrej Vysek

Lead Architect / Microsoft MVP / KPCS CZ


Many thanks to our sponsors & partners!

GOLD

SILVER

PARTNERS

PLATINUM

POWERED BY


Every IT job

Is a cybersecurity job

NOW


364And counting

GDPR in place on 25.5.2018


How difficult is the hacker’s life

(DEMO)


IT Admin a good guy


Can you see the difference?


* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report*** Verizon 2013 data breach investigation report****Forrester Application Adoption Trends: The Rise Of SaaS*****CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.

World has changed (already) - Mobile First | Cloud First

of employees use

personal devices

for work purposes.*

of employees

admit to using

non-approved

software-as-a-

service (SaaS)

applications in

their jobs.**

percent of network

intrusions exploited

weak or stolen

credentials.***

of employees that

typically work on

employer

premises, also

frequently work

away from their

desks.*****

of all software will

be available on a

SaaS delivery by

2020.****

66%Millennials (93%) >80% >70% 25%

33%Millennials (88%)


Devices Apps Data

Why change? Do you recognize?


Are you using collaboration tools?


Intune

Azure Rights Management and Inform protection

Users, devices and apps management

Immediate threat detection and

behavioral analysis

Dataprotectioneverywhere

Extended centralized security for SaaS apps

Identity management, hybrid scenarios, identity attack

prevention

The solution – EM+S

Advanced Threat Analytics

Microsoft Cloud App Security

Azure Active Directory &Identity Manager

Computer and devices

management

SCCM


Multi-layer security

Identity

Application

Device

Data


Unified device management – IT view

IT Single AdminConsole

Android

Windows 8 RT

Windows 8.1Windows 10

Windows 10 Mobile Windows Phone 8.1

iOS

Mac OS X

Windows Computers

(x86, x64, Intel SoC),

Windows to Go

Windows Embedded

Linux and

UNIXSystem Center Configuration Manager


Mobile application management

Personal apps

Managed apps

Maximize productivity while preventing leakage of company

data by restricting actions such as copy, cut, paste, and save

as between Intune-managed apps and unmanaged apps

User


Conditional Access & Limited Session

ApplicationPer app policy

Client type

User attributesGroup membership

DevicesDomain Joined

Compliant

Platform type (OS)

LocationIP Range

RiskSession risk

User risk

ENFORCE MFA

ALLOW

LIMIT SESSION

BLOCK

A c c e s s P ro x y + S e s s i o n P ro x y

Cloud and

On-premises

applications

PROTECT

ACCESS


User Experience Demo for Conditional Access – less than 20

User has email

access!!!


Cloud App Discovery / Security

Discovery

• Use traffic logs to discover and analyze which cloud apps are in use

• Manually or automatically upload log files for analysis from your firewalls and proxies

Sanctioning and un-sanctioning

• Sanction or block apps in your organization using the cloud app catalog

App connectors

• Leverage APIs provided by various cloud app providers

• Connect an app and extend protection by authorizing access to the app. Cloud App Security queries the app for activity logs and scans data, accounts, and cloud content

App connectors

Cloud discoveryProtected

Cloud apps

Cloud traffic

Cloud traffic logs

Firewalls

Proxies

Your organization from any location

API

Cloud App Security


Azure Information Protection (RMS)

Client integration

User

Authentication

Integration

Authentication and

collaboration

BYO/HYO Key

Client integration


Microsoft Advanced Threat Analytics

Detect threats fast with Behavioral

Analytics

Adapt as fast as your enemies

Focus on what is important fast

using the simple attack timeline

Reduce the fatigue of false positives

No need to create rules or policies, deploy agents or monitoring a flood of security reports. The intelligence needed is ready to analyze and continuously learning.

ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise.

The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who-what-when-and how” of your enterprise. It also provides recommendations for next steps

Alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path.


How Microsoft Advanced Threat Analytics works

Abnormal Behavior▪ Anomalous logins

▪ Remote execution

▪ Suspicious activity

Security issues and risks▪ Broken trust

▪ Weak protocols

▪ Known protocol vulnerabilities

Malicious attacks▪ Pass-the-Ticket (PtT)

▪ Pass-the-Hash (PtH)

▪ Overpass-the-Hash

▪ Forged PAC (MS14-068)

▪ Golden Ticket

▪ Skeleton key malware

▪ Reconnaissance

▪ BruteForce

▪ Unknown threats

▪ Password sharing

▪ Lateral movement


Identity management Azure AD Join

Intune auto enrollment

Self Service Password Reset

Azure Multi Factor Authentication

SSO for SaaS apps (twitter,…)

SSO for on-prem apps

Self Service Bitlocker Key Recovery

Self Service Groups

Dynamic groups

Detailed (not only security) repoting

Azure AD PremiumIdentity ManagerAAD Connect


One identity? YES!

HR system

MIM

Manager

Windows ServerActive Directory

LDAP

Oracle DB

Finance

ExchangeOnline

SharePointOnline

Azure

SaaS app

Microsoft AzureActive DirectoryAzure AD Connect


2500+ pre-integrated SaaS apps

https://azuremarketplace.microsoft.com/en-us/marketplace/apps/category/azure-active-directory-apps


Management options (Traditional vs. Modern)


Microsoft Solution3rd party Solution

Okta

Ping Identity

Centrify

Salesforce Identity

Google

Amazon Web Services

AirWatch MobileIron

GoodKaseyaSymantec

Seclore

FasooAdobe LiveCycle

Azure Active

Directory

Premium

Microsoft

Intune

Azure Rights

Management

serviceFile protection

Mobile device &

app management

Cloud identity

management

And what about the others?

Desktop

management

Symantec LANdesk

CA BMC

System Center

Config Mgr

Intune

En

terp

rise

Mo

bilit

y S

uit

e


C Core CAL a Enterprise CAL Suite komponenty

E Enterprise CAL Suite komponenty

Access to the cloud services

Access to On-premises products

Windows Enterprise Windows SA per User

Skype for Business Plus CAL

Office Professional Plus 2013

Exchange Server Standard CAL

SharePoint Server Standard CAL

Skype for Business Standard CAL

Skype for Business Enterprise CAL

SharePoint Server Enterprise CAL

Exchange Server Enterprise CAL

Exchange Online Archiving for ES

SC Client Management Suite

Windows RMS CAL

SCCM CML

SC Endpoint Protection SL

Windows Server CAL

E1

E3

EM+SE3

Office 365 ProPlus

Exchange Online Plan 1

SharePoint Online Plan 1

Skype for Business Online Plan 1

Skype for Business Online Plan 2*

SharePoint Online Plan 2*

Exchange Online Plan 2*

Exchange Online Archiving for EO*

Azure RMS

Microsoft Intune

Azure AD Premium

C

E

C

C

E

E

E

E

E

C

C

C

Se

cure

Pro

du

ctiv

e E

nte

rpri

se

MIM CAL

PowerBI a Delve Analytics

Skype for Business Voice

E5

Advanced Threat Analytis

Cloud App Security

Azure Information Protection

EM+SE5

Office Teams

Office Planner


Advanced Threat Protection

Windows Defender ATP

Azure Active Directory

Azure Information Protection

Advanced Threat Analytics

Cloud App Security

Intune


Build on Azure, secure

and scalable by design

No investment needed,

pay-as-you go, even free (forever)

Focus on most important leverage expert knowledge

Targeting GDPR, Security,

IT operations

Detailed report every weekAny server, any cloud


DO IT MODERN (AND SECURE) WAY

Ondrej Vysek | the good guy | Microsoft MVP | [email protected]

How to secure and manage modern IT - Ondrej Vysek

Technology

Transcript of How to secure and manage modern IT - Ondrej Vysek