Security for the productive enterprise in a mobile-first ... · Security for the productive...
Transcript of Security for the productive enterprise in a mobile-first ... · Security for the productive...
Security for the productive enterprise in a mobile-first cloud-first world
Enterprise Mobility + Security (EMS)
Microsoft Enterprise Mobility + Security
Digital transformation
Protect at the front door
Protect your data, anywhere
Detect and remediate attacks
Agenda
of employees say mobile business apps change how they work
80%of employees use non-approved SaaS apps for work
41%
85%of enterprise organizations keep sensitive information in the cloud
On-premises
Devices AppsIdentity Data
On-premises
On-premises
THE PROBLEM
The security you need integrated with the productivity tools you want
Productivity
Secure
On-premises
OR
Security
It’s a delicate balance
Information
Rights
ManagementMobile Device
& Application
Management
Cloud Access
Security
Broker
SIEM
Data Loss
Prevention
User &
Entity
Behavioral
Analytics
Mobile
Data Loss
Prevention
Threat
Detection
Identity
governanceSingle-
sign on
Cloud
Data Loss
Prevention
Conditional
access
Discovery
Cloud
visibility
Secure
collaboration
Cloud
anomaly
detection
Identity & Access
Management
Identity & Access
Management
Mobile Device
& Application
Management
Data Loss
Prevention
User &
Entity
Behavioral
Analytics
Cloud Access
Security
Broker
Information
Rights
Management
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
Cloud Access Security Broker
Mobile Device &
App ManagementIdentity & Access
Management
User & Entity
Behavioral Analytics
Data Loss Prevention
Cloud Access Security Broker
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
Mobile device & app management
Information protection
Identity and access management
Threat protection
Holistic and innovative solutions for protection across users, devices, apps and data
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
Enterprise Mobility + Security
Protect at thefront door
Detect &remediate attacks
Protect yourdata anywhere
Protect at thefront door
Detect &remediate attacks
Protect yourdata anywhere
Enterprise Mobility + Security
of hacking breaches leverage stolen and/orweak passwords
81%Enterprise Mobility + Security
Protect at thefront door
Verizon 2017 Data Breach Investigation Report
Who is accessing? What is their role?
Is the account compromised?
Where is the user based? From where is
the user signing in? Is the IP anonymous?
Which app is being accessed?
What is the business impact?
Is the device healthy? Is it managed?
Has it been in a botnet?
What data is being accessed?
Is it classified? Is it allowed off premises?
Bing
Xbox Live
OneDrive
Microsoft Digital
Crimes Unit
Microsoft Cyber Defense
Operations Center
Azure
Microsoft
Accounts
Skype Enterprise Mobility
+ Security
Azure Active Directory
IF
Privileged user?
Credentials found in public?
Accessing sensitive app?
Unmanaged device?
Malware detected?
IP detected in Botnet?
Impossible travel?
Anonymous client?
High
Medium
Low
User risk
10TBper day
THEN
Require MFA
Allow access
Deny access
Force password reset******
Limit access
High
Medium
Low
Session risk
Enforce on-demand, just-in-time administrative access when needed
Use Alert, Audit Reports and Access Review
DomainUser
Global Administrator
Discover, restrict, and monitor privileged identities
DomainUser
Administrator privileges expire after
a specified interval
USER
Role: Sales Account Rep
Group: London Users
Client: Mobile
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
CONDITIONAL
ACCESS RISK
Health: Fully patched
Config:Managed
Last seen: London, UK
High
Medium
Low Allow access
TRAVEL EXPENSE
APP
USER
Role: VP Marketing
Group: Executive Users
Client: Mobile
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
CONDITIONAL
ACCESS RISK
Health: Fully patched
Config:Managed
Last seen: London, UK
High
Medium
Low Require MFA
CONFIDENTIAL
SALES APP
CONDITIONAL
ACCESS POLICY
User is a member of
a sensitive group.
Application is classified
High Business Impact.
USER
Role: Sales Account Representative
Group: London Users
Client: Mobile
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
SALES APP
CONDITIONAL
ACCESS RISK
Health: Unknown
Client: Browser
Config: Anonymous
Last seen: Asia
High
Medium
Low
Anonymous IP
Unfamiliar sign-in location for this user
Block access
Force password
reset
Enterprise Mobility + Security
Protect at thefront door
Demo
Protect at thefront door
Detect &remediate attacks
Protect yourdata anywhere
Enterprise Mobility + Security
Enterprise Mobility + Security
Protect yourdata anywhere
of workers have accidentally shared sensitive data to the wrong person
58%
Stroz Friedberg
How much control do you have over data?
OUT OF YOUR CONTROL
Who is accessing? What is their role?
Is the account compromised?
Where is the user based? From where is
the user signing in? Is the IP anonymous?
Which app is being accessed?
What is the business impact?
Is the device healthy? Is it managed?
Has it been in a botnet?
What data is being accessed?
Is it classified? Is it allowed off premises?
How do I protect corporate
files on mobile devices?
How do I protect the data
that’s shared externally?
How do I discover and
protect data in SaaS apps?
How do I protect sensitive data
on premises and in the cloud?
OUT OF YOUR CONTROL
Classification, labeling, and
protection for sensitive data
on-premises and in the cloud
Data protection
on mobile devices
Data visibility and
protection in cloud
and SaaS applications
Protect sensitive data on-premises and in the cloud
Classification
and labelingClassify data based on
sensitivity and add labels—
manually or automatically.
ProtectionEncrypt your sensitive
data and define usage
rights or add visual
markings when
needed.
MonitoringUse detailed tracking
and reporting to see
what’s happening with
your shared data and
maintain control over it.
Gain visibility and control over data in cloud apps
Cloud discoveryDiscover cloud apps used in your
organization, get a risk assessment
and alerts on risky usage.
Data visibilityGain deep visibility into where
data travels by investigating all
activities, files and accounts for
managed apps.
Data controlMonitor and protect personal and
sensitive data stored in cloud apps
using granular policies.
Role: Finance
Group: Contoso Finance
Office: London, UK
INTERNAL
Azure information
protection
Identifies document tagged
INTERNAL being shared publicly
Move to
quarantine
Restricted
to owner
USER
Uploaded to
public share
Admin notified
about problem.
CLOUD APP
SECURITY PORTAL
Advanced device management
Enforce device encryption,
password/PIN requirements,
jailbreak/root detection, etc.
Device security configuration
Restrict access to specific
applications or URL
addresses on mobile
devices and PCs.
Restrict apps and URLs
Managed apps
Personal appsPersonal appsMDM (3rd party or Intune) optional
Managed apps
Corporate data
Personaldata
Multi-identity policy
Control company data after
it has been accessed, and
separate it from personal
data.
Data control / separation
USER
User is prompted
to create a PIN
User edits
document stored
in OneDrive for
Business
User saves
document to…
User adds
business account
to OneDrive app
Intune configures
app protection policy
OneDrive
for BusinessAllow
access
• Copy/Paste/SaveAs controls
• PIN required
• Encrypt storage
Enterprise Mobility + Security
Protect yourdata anywhere
Demo
Protect at thefront door
Detect &remediate attacks
Protect yourdata anywhere
Enterprise Mobility + Security
Detect &remediate attacks
Enterprise Mobility + Security
PhishMe 2016
of cyberattacks and the resulting data breach begin with a spear phishing email
91%
How quickly are you able to detect attacks?
How do I detect attackers moving
laterally in my environment?
How do I detect Pass-the-Hash?
Pass-the-Ticket?
How do I detect compromised
credentials?
Aren’t rules-based security solutions
enough?
How can I remediate in real-time?
Automatically?
Unique insights, informed by trillions of signals
On-premises abnormal behavior and advanced threat detection
Identity-based attack and threat detection
Anomaly detectionfor cloud apps
!!
!
Monitors behaviors of users and other entities by using multiple data-sources
Profiles behavior and detects anomalies by using machine learning algorithms
Evaluates the activity of users and other entities to detect advanced attacks
Credit card companies monitor cardholders’ behavior.
By observing purchases, behavioral analytics learn what behavior is typical for each buyer.
If there is any abnormal activity, they will notify the cardholder to verify charge.
$$$$
3 hours
USER
Anonymous user behavior
Unfamiliar sign-in location
ATTACKER
Phishing attack
User account
is compromised
#
Attacker attempts
lateral movement
Attacker
accesses
sensitive data
Privileged
account
compromised
Anonymous user behavior
Lateral movement attacks
Escalation of privileges
Account impersonation
Data exfiltration
Attacker steals
sensitive dataCloud data &
SaaS apps
Zero-day /
brute-force attack
Detect &remediate attacks
Enterprise Mobility + Security
Demo
Apps
Risk
MICROSOFT INTUNE
Make sure your devices are
compliant and secure, while
protecting data at the
application level
AZURE ACTIVE
DIRECTORY
Ensure only authorized
users are granted access
to personal data using
risk-based conditional
access
MICROSOFT CLOUD
APP SECURITY
Gain deep visibility, strong
controls and enhanced
threat protection for data
stored in cloud apps
AZURE INFORMATION
PROTECTION
Classify, label, protect and
audit data for persistent
security throughout the
complete data lifecycle
MICROSOFT ADVANCED THREAT ANALYTICS
Detect breaches before they
cause damage by identifying
abnormal behavior, known
malicious attacks and security
issues
!
Device
!
Access granted to data
CONDITIONAL
ACCESS
Classify
LabelAudit
Protect
!
!
Location
Mobile device & app management
Information protection
Holistic and innovative solutions for protection across users, devices, apps and data
Azure Active Directory
Premium
Microsoft
Intune
Azure Information
Protection
Microsoft Cloud
App Security
Microsoft Advanced
Threat Analytics
Identity and access management
Threat protection
Technology Benefit E3 E5
Azure Active Directory
Premium P1Secure single sign-on to cloud and on-premises app
MFA, conditional access, and advanced security reporting ● ●
Azure Active Directory
Premium P2Identity and access management with advanced protection for
users and privileged identities ●
Microsoft IntuneMobile device and app management to protect corporate apps
and data on any device ● ●
Azure Information Protection P1Encryption for all files and storage locations
Cloud-based file tracking● ●
Azure Information Protection P2Intelligent classification and encryption for files shared inside
and outside your organization ●
Microsoft Cloud App SecurityEnterprise-grade visibility, control, and protection for your
cloud applications ●
Microsoft Advanced Threat AnalyticsProtection from advanced targeted attacks leveraging user
and entity behavioral analytics ● ●
Identity and access management
Managed mobileproductivity
Information protection
Threat protection
FastTrack experts work remotelywith you and your partner
Microsoft Virtual Academyand Immersion
Demos, videos and labs
Self-service resources
Success Plans tospeed-up deployment
EMS Success Workshop
Quick Start guides
How To’s andpersonalized videos
Trial: Experience EMS before
you subscribe
Proof of Concept (POC):
Model your deployment by
combining a trial and a
Success Plan
Assess: Determine the setup of your existing
environment and identify any issues
Remediate: Clean up any issues that might
prevent your preferred deployment approach
Enable: Set up EMS services, users, and
integration with your environment
Use: Help your users get their
work done better with EMS
Enhancements: Integrate your
environment with custom apps
and new capabilities
Drive ValueOnboardEnvision
..
Schedule a deep-dive session onEnterprise Mobility + Security
Get a free 90-day trial, evaluateEnterprise Mobility + Security
Deploy with FastTrack forEnterprise Mobility + Security
Analyze Learn Detect
Analyze the traffic and
identity traffic and data
related activities across the
network including relevant
events from SIEM and in
real-time.
Uses the organizational
security graph to detect
abnormal behavior, file
activity, protocol
attacks, and weak
security configurations.
Automatically learn the
common behaviors for users
and entities on the network
to build an organizational
security graph.
Alert
Intelligently use the learned
context to prevent false
positives and prioritize
alerts, remediate problems
automatically, and present
attack timelines.
ENVISION
Self-service help
Scenarios
Success Plan
Trial
ONBOARD
Getting Started
MVA
Immersion
MS Mechanics
ONBOARD
Remote guidance for your Success Plan and deployment help
DRIVE VALUE
Success Workshop
Quick Start guides
How To docs
Demos and videos
Yes Yes FastTrack Center Yes
Yes Yes FastTrack Center Yes
Yes Yes Request Help YesAzure Information Protection
Cloud App Security
Advanced Threat Analytics
Azure Active Directory
Microsoft Intune
FastTrack is included with your EMS purchase to accelerate your deployments
Chinese Simplified
Chinese Traditional
English
French
German
Italian
Japanese
Korean
Brazilian Portuguese
Spanish
Thai
Vietnamese
Remote guidance
is available in:
Apps
Risk
MICROSOFT INTUNE
Make sure your devices are
compliant and secure, while
protecting data at the
application level
AZURE ACTIVE
DIRECTORY
Ensure only authorized
users are granted access
to personal data using
risk-based conditional
access
MICROSOFT CLOUD
APP SECURITY
Gain deep visibility, strong
controls and enhanced
threat protection for data
stored in cloud apps
AZURE INFORMATION
PROTECTION
Classify, label, protect and
audit data for persistent
security throughout the
complete data lifecycle
MICROSOFT ADVANCED THREAT ANALYTICS
Detect breaches before they
cause damage by identifying
abnormal behavior, known
malicious attacks and security
issues
!
Device
!
Access granted to data
CONDITIONAL
ACCESS
Classify
LabelAudit
Protect
!
!
Location