How to secure and manage modern IT - Ondrej Vysek
-
Upload
itcamp -
Category
Technology
-
view
322 -
download
0
Transcript of How to secure and manage modern IT - Ondrej Vysek
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
How to secure and manage modern IT
Ondrej Vysek
Lead Architect / Microsoft MVP / KPCS CZ
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Many thanks to our sponsors & partners!
GOLD
SILVER
PARTNERS
PLATINUM
POWERED BY
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Every IT job
Is a cybersecurity job
NOW
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
364And counting
GDPR in place on 25.5.2018
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
How difficult is the hacker’s life
(DEMO)
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report*** Verizon 2013 data breach investigation report****Forrester Application Adoption Trends: The Rise Of SaaS*****CEB IT Impact Report: Five Key Findings on Driving Employee Productivity Q1 2014.
World has changed (already) - Mobile First | Cloud First
of employees use
personal devices
for work purposes.*
of employees
admit to using
non-approved
software-as-a-
service (SaaS)
applications in
their jobs.**
percent of network
intrusions exploited
weak or stolen
credentials.***
of employees that
typically work on
employer
premises, also
frequently work
away from their
desks.*****
of all software will
be available on a
SaaS delivery by
2020.****
66%Millennials (93%) >80% >70% 25%
33%Millennials (88%)
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Devices Apps Data
Why change? Do you recognize?
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Intune
Azure Rights Management and Inform protection
Users, devices and apps management
Immediate threat detection and
behavioral analysis
Dataprotectioneverywhere
Extended centralized security for SaaS apps
Identity management, hybrid scenarios, identity attack
prevention
The solution – EM+S
Advanced Threat Analytics
Microsoft Cloud App Security
Azure Active Directory &Identity Manager
Computer and devices
management
SCCM
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Multi-layer security
Identity
Application
Device
Data
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Unified device management – IT view
IT Single AdminConsole
Android
Windows 8 RT
Windows 8.1Windows 10
Windows 10 Mobile Windows Phone 8.1
iOS
Mac OS X
Windows Computers
(x86, x64, Intel SoC),
Windows to Go
Windows Embedded
Linux and
UNIXSystem Center Configuration Manager
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Mobile application management
Personal apps
Managed apps
Maximize productivity while preventing leakage of company
data by restricting actions such as copy, cut, paste, and save
as between Intune-managed apps and unmanaged apps
User
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Conditional Access & Limited Session
ApplicationPer app policy
Client type
User attributesGroup membership
DevicesDomain Joined
Compliant
Platform type (OS)
LocationIP Range
RiskSession risk
User risk
ENFORCE MFA
ALLOW
LIMIT SESSION
BLOCK
A c c e s s P ro x y + S e s s i o n P ro x y
Cloud and
On-premises
applications
PROTECT
ACCESS
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
User Experience Demo for Conditional Access – less than 20
User has email
access!!!
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Cloud App Discovery / Security
Discovery
• Use traffic logs to discover and analyze which cloud apps are in use
• Manually or automatically upload log files for analysis from your firewalls and proxies
Sanctioning and un-sanctioning
• Sanction or block apps in your organization using the cloud app catalog
App connectors
• Leverage APIs provided by various cloud app providers
• Connect an app and extend protection by authorizing access to the app. Cloud App Security queries the app for activity logs and scans data, accounts, and cloud content
App connectors
Cloud discoveryProtected
Cloud apps
Cloud traffic
Cloud traffic logs
Firewalls
Proxies
Your organization from any location
API
Cloud App Security
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Azure Information Protection (RMS)
Client integration
User
Authentication
Integration
Authentication and
collaboration
BYO/HYO Key
Client integration
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Microsoft Advanced Threat Analytics
Detect threats fast with Behavioral
Analytics
Adapt as fast as your enemies
Focus on what is important fast
using the simple attack timeline
Reduce the fatigue of false positives
No need to create rules or policies, deploy agents or monitoring a flood of security reports. The intelligence needed is ready to analyze and continuously learning.
ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise.
The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who-what-when-and how” of your enterprise. It also provides recommendations for next steps
Alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path.
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
How Microsoft Advanced Threat Analytics works
Abnormal Behavior▪ Anomalous logins
▪ Remote execution
▪ Suspicious activity
Security issues and risks▪ Broken trust
▪ Weak protocols
▪ Known protocol vulnerabilities
Malicious attacks▪ Pass-the-Ticket (PtT)
▪ Pass-the-Hash (PtH)
▪ Overpass-the-Hash
▪ Forged PAC (MS14-068)
▪ Golden Ticket
▪ Skeleton key malware
▪ Reconnaissance
▪ BruteForce
▪ Unknown threats
▪ Password sharing
▪ Lateral movement
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Identity management Azure AD Join
Intune auto enrollment
Self Service Password Reset
Azure Multi Factor Authentication
SSO for SaaS apps (twitter,…)
SSO for on-prem apps
Self Service Bitlocker Key Recovery
Self Service Groups
Dynamic groups
Detailed (not only security) repoting
Azure AD PremiumIdentity ManagerAAD Connect
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
One identity? YES!
HR system
MIM
Manager
Windows ServerActive Directory
LDAP
Oracle DB
Finance
ExchangeOnline
SharePointOnline
Azure
SaaS app
Microsoft AzureActive DirectoryAzure AD Connect
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
2500+ pre-integrated SaaS apps
https://azuremarketplace.microsoft.com/en-us/marketplace/apps/category/azure-active-directory-apps
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Management options (Traditional vs. Modern)
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Microsoft Solution3rd party Solution
Okta
Ping Identity
Centrify
Salesforce Identity
Amazon Web Services
AirWatch MobileIron
GoodKaseyaSymantec
Seclore
FasooAdobe LiveCycle
Azure Active
Directory
Premium
Microsoft
Intune
Azure Rights
Management
serviceFile protection
Mobile device &
app management
Cloud identity
management
And what about the others?
Desktop
management
Symantec LANdesk
CA BMC
System Center
Config Mgr
Intune
En
terp
rise
Mo
bilit
y S
uit
e
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
C Core CAL a Enterprise CAL Suite komponenty
E Enterprise CAL Suite komponenty
Access to the cloud services
Access to On-premises products
Windows Enterprise Windows SA per User
Skype for Business Plus CAL
Office Professional Plus 2013
Exchange Server Standard CAL
SharePoint Server Standard CAL
Skype for Business Standard CAL
Skype for Business Enterprise CAL
SharePoint Server Enterprise CAL
Exchange Server Enterprise CAL
Exchange Online Archiving for ES
SC Client Management Suite
Windows RMS CAL
SCCM CML
SC Endpoint Protection SL
Windows Server CAL
E1
E3
EM+SE3
Office 365 ProPlus
Exchange Online Plan 1
SharePoint Online Plan 1
Skype for Business Online Plan 1
Skype for Business Online Plan 2*
SharePoint Online Plan 2*
Exchange Online Plan 2*
Exchange Online Archiving for EO*
Azure RMS
Microsoft Intune
Azure AD Premium
C
E
C
C
E
E
E
E
E
C
C
C
Se
cure
Pro
du
ctiv
e E
nte
rpri
se
MIM CAL
PowerBI a Delve Analytics
Skype for Business Voice
E5
Advanced Threat Analytis
Cloud App Security
Azure Information Protection
EM+SE5
Office Teams
Office Planner
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Advanced Threat Protection
Windows Defender ATP
Azure Active Directory
Azure Information Protection
Advanced Threat Analytics
Cloud App Security
Intune
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
Build on Azure, secure
and scalable by design
No investment needed,
pay-as-you go, even free (forever)
Focus on most important leverage expert knowledge
Targeting GDPR, Security,
IT operations
Detailed report every weekAny server, any cloud
@ITCAMPRO #ITCAMP17Community Conference for IT Professionals
DO IT MODERN (AND SECURE) WAY
Ondrej Vysek | the good guy | Microsoft MVP | [email protected]