Seguridad en un Mundo móvil #MicrosoftSecure...

Protección integral frente a las amenazas

#MicrosoftSecure

Victor Recuero - Consultor Cloud en Seguridad e Identidad

Sergio Medina - Ingeniero de Soporte en Identidad

Alberto López - Consultor Cloud en Seguridad e Identidad

David Marin – Especialista Técnico en Windows 10

Seguridad en un

Mundo móvil

Unmanaged & Mobile Clients

Sensitive

Workloads

Cybersecurity Reference Architecture

Intranet

Extranet

Azure Key Vault

Azure Security Center• Security Hygiene

• Threat Detection

System Management + Patching (SCCM + Intune)

Microsoft Azure

On Premises Datacenter(s)

NGFW

IPS

DLP

SSL Proxy

Nearly all customer breaches that Microsoft’s Incident

Response team investigates involve credential theft

63% of confirmed data breaches involve weak, default, or

stolen passwords (Verizon 2016 DBR)

Colocation

$ Windows 10

EPP - Windows Defender

EDR - Windows Defender ATPMac

OS

Multi-Factor

Authentication

MIM PAMAzure App Gateway

Network Security Groups

AAD PIM

Azure Antimalware

Disk & Storage Encryption

SQL Encryption & Firewall

Hello for

Business

Windows

Info Protection

Enterprise Servers

VPN

VPN

VMs VMs

Certification

Authority (PKI)

Incident

Response

Vulnerability

Management

Enterprise

Threat

Detection

Analytics

Managed

Security

Provider OMS

ATA

SIEM

Security Operations

Center (SOC)

Logs & AnalyticsActive Threat Detection

Hunting

Teams

Investigation

and Recovery

WEF

SIEM

Integration

IoT

Identity &

Access

80% + of employees admit using

non-approved SaaS apps for work

(Stratecast, December 2013)

UEBA

Windows 10 Security

• Secure Boot

• Device Guard

• Application Guard

• Credential Guard

• Windows Hello

Managed ClientsLegacy

Windows

Security

Appliances

Windows Server 2016 Security

Secure Boot, Nano Server, Just Enough Admin, Hyper-V Containers,

Device Guard, Credential Guard, Remote Credential Guard, …

Software as a Service

AAD Identity

Protection

ATA

Privileged Access Workstations (PAWs)

Internet of Things

• Device Health

Attestation

• Remote

Credential Guard

Intune MDM/MAM

Conditional Access

Cloud App Security

Azure

Information

Protection (AIP)• Classify

• Label

• Protect

• Report

Office 365 DLP

Endpoint DLP

Structured Data &

3rd party Apps

DDoS attack prevention

Cla

ssif

icati

on

Lab

els

ASM

Lockbox

Office 365

Information Protection

Backup and Site Recovery

Shielded VMs

Domain Controllers

Office 365 ATP• Email Gateway

• Anti-malware

Hold Your Own

Key (HYOK)

ESAE

Admin Forest

https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication/

http://aka.ms/pam

https://azure.microsoft.com/en-us/documentation/articles/active-directory-privileged-identity-management-configure/

https://technet.microsoft.com/en-us/itpro/windows/keep-secure/manage-identity-verification-using-microsoft-passport

https://www.microsoft.com/en-us/cloud-platform/security-and-compliance

http://www.microsoft.com/ata

http://newsroom.mcafee.com/press-release/mcafee-finds-eighty-percent-employees-use-unapproved-apps-work

https://azure.microsoft.com/en-us/documentation/articles/active-directory-identityprotection/


https://azure.microsoft.com/en-us/services/site-recovery/

Azure AD Identity Protection

CLOUD-POWERED PROTECTION

Identity Protection at its best

Risk severity calculation

Remediation recommendations

Risk-based conditional access automatically protects against suspicious logins and compromised credentials

Gain insights from a consolidated view of machine learning based threat detection

Leaked credentials

Infected devices Configuration

vulnerabilities Risk-based

policies

MFA Challenge Risky Logins

Block attacks

Change bad credentials

Machine-Learning Engine

Brute force attacks

Suspicious sign-in activities


Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools

Security/Monitoring/Reporting SolutionsNotifications

Data Extracts/Downloads

Reporting APIs

Apply Microsoft learnings to your existing security tools

Microsoft machine - learning engine

Leaked credentials

Infected devices Configuration

vulnerabilities Brute force

attacksSuspicious sign-

in activities

Azure AD Privileged Identity Management


Discover, restrict, and monitor privileged identities

Enforce on-demand, just-in-time administrative access when needed

Provides more visibility through alerts, audit reports and access reviews

Global Administrator

Billing Administrator

Exchange Administrator

User Administrator

Password Administrator


How time-limited activation of privileged roles works

MFA is enforced during the activation process

Alerts inform administrators about out-of-band changes

Users need to activate their privileges to perform a task

Users will retain their privileges for a pre-configured amount of time

Security admins can discover all privileged identities, view audit reports and review everyone who has is eligible to activate via access reviews

Audit

SECURITY ADMIN

Configure Privileged

Identity Management

USER

PRIVILEGED IDENTITY MANAGEMENT

Identity

verificationMonitor

Access reports

MFA

ALERT

Read only

ADMIN PROFILES

Billing Admin

Global Admin

Service Admin


Removes unneeded permanent

admin role assignments

Limits the time a user has admin

privileges

Ensures MFA validation prior to

admin role activation

Reduces exposure to attacks targeting admins

Separates role administration

from other tasks

Adds roles for read-only views

of reports and history

Asks users to review and justify

continued need for admin role

Simplifies delegation

Enables least privilege role

assignments

Alerts on users who haven’t

used their role assignments

Simplifies reporting on admin

activity

Increases visibility and finer-grained control

Azure AD Conditional Access

Conditions

Allow access or

Block access

Actions

Enforce MFA per

user/per app

User, App sensitivity

Device state

LocationUser

NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES

CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT

MFA

IDENTITY PROTECTION

Risk


Azure Key Vault

Microsoft Azure

IaaS SaaSPaaS

Key Vault offers an easy, cost-effective way to

safeguard keys and other secrets used by

cloud apps and services using HSMs.

Import

keys

HSM

Key Vault

Monitoring

Encrypt keys and small secrets

like passwords using keys

stored in tightly controlled and

monitored Hardware Security

Modules (HSMs)

Import or generate your keys

in HSMs for added assurance -

keys never leave the HSM

boundary

Comply with regulatory

standards for secure key

management, including the US

Government FIPS 140-2 Level

2 and Common Criteria EAL 4+

Monitor and audit key use through Azure logging – pipe logs into HDInsight or your SIEM for additional analysis

Creates a Key Vault in Azure

Adds keys / secrets to the Vault

Grants permission to specific application(s) to perform specific operations using keys e.g. decrypt, unwrap

Enables usage logs

Manages keys Deploys application

Tells application the URI of the key / secret

Application programmatically uses key / secret (and may abuse) but never sees the keys

Reviews usage logs to confirm proper key use and compliance with data security standards

Monitors access to keys


Sensitive

Workloads


Intranet

Extranet

Azure Key Vault




Microsoft Azure


NGFW

IPS

DLP

SSL Proxy





Colocation

$ Windows 10



OS

Multi-Factor

Authentication



AAD PIM

Azure Antimalware



Hello for

Business

Windows

Info Protection

Enterprise Servers

VPN

VPN

VMs VMs

Certification

Authority (PKI)

Incident

Response

Vulnerability

Management

Enterprise

Threat

Detection

Analytics

Managed

Security

Provider OMS

ATA

SIEM

Security Operations

Center (SOC)


Hunting

Teams

Investigation

and Recovery

WEF

SIEM

Integration

IoT

Identity &

Access




UEBA

Windows 10 Security

• Secure Boot

• Device Guard



• Windows Hello


Windows

Security

Appliances





AAD Identity

Protection

ATA


Internet of Things

• Device Health

Attestation

• Remote

Credential Guard

Intune MDM/MAM

Conditional Access

Cloud App Security

Azure

Information


• Label

• Protect

• Report

Office 365 DLP

Endpoint DLP

Structured Data &

3rd party Apps


Cla

ssif

icati

on

Lab

els

ASM

Lockbox

Office 365



Shielded VMs

Domain Controllers


• Anti-malware

Hold Your Own

Key (HYOK)

ESAE

Admin Forest


http://aka.ms/pam









Device protection

Device Health attestation

Device Guard

Device Control

Security policies

Device protection

Device Integrity

Device Control

Cryptographic

Processor

Virtualization based

Security

Information protection

Device protection / Drive encryption

Enterprise Data Protection

Conditional access


BitLocker and

BitLocker to Go

Windows

Information

Protection

Threat resistance

SmartScreen

AppLocker

Device Guard

Windows Defender

Network/Firewall

Threat resistance

SmartScreen

Windows Firewall

Microsoft Edge

Device Guard

Windows Defender AV

Built-in 2FA

Account lockdown

Credential Guard Microsoft Passport

Windows Hello ;)

Identity protection

Windows Hello :)

Credential Guard

Identity protection

THE WINDOWS 10 DEFENSE STACK

TRADITIONAL PLATFORM STACK

Device Hardware

Kernel

Windows Platform Services

Apps

VIRTUALIZATION BASED SECURITY WINDOWS 10

Kernel

Windows Platform Services

Apps

Kernel

SystemContainer

Tru

stle

t#

1

Tru

stle

t#

2

Tru

stle

t#

3

Hypervisor

Device Hardware

Windows Operating System

Hyper-VHyper-V

Device protection


Device Guard

Device Control

Security policies

Device protection

Device Integrity

Device Control

Cryptographic

Processor


Security




Conditional access


BitLocker and

BitLocker to Go

Windows

Information

Protection

Threat resistance

SmartScreen

AppLocker

Device Guard

Windows Defender

Network/Firewall

Threat resistance

SmartScreen

Windows Firewall

Microsoft Edge

Device Guard

Windows Defender AV

Built-in 2FA

Account lockdown


Windows Hello ;)

Identity protection

Windows Hello :)

Credential Guard

Identity protection


PRE-BREACH

Device protection


Device Guard

Device Control

Security policies

Device protection

Device Integrity

Device Control

Cryptographic

Processor


Security




Conditional access


BitLocker and

BitLocker to Go

Windows

Information

Protection

Threat resistance

SmartScreen

AppLocker

Device Guard

Windows Defender

Network/Firewall

Threat resistance

SmartScreen

Windows Firewall

Microsoft Edge

Device Guard

Windows Defender AV

Built-in 2FA

Account lockdown


Windows Hello ;)

Identity protection

Windows Hello :)

Credential Guard

Identity protection


POST-BREACH

Windows Defender ATP

Breach detection

investigation &

response

Breach detection

investigation &

response

Windows Defender

Advanced Threat

Protection (ATP)

ADDING A POST-BREACH MINDSET

Device protection


Device Guard

Device Control

Security policies

Device protection

Device Integrity

Device Control

Cryptographic

Processor


Security




Conditional access


BitLocker and

BitLocker to Go

Windows

Information

Protection

Threat resistance

SmartScreen

AppLocker

Device Guard

Windows Defender

Network/Firewall

Threat resistance

SmartScreen

Windows Firewall

Microsoft Edge

Device Guard

Windows Defender AV

Built-in 2FA

Account lockdown


Windows Hello ;)

Identity protection

Windows Hello :)

Credential Guard

Identity protection

PRE-BREACH

Median number of days attackers are

present on a victims network before

detection

200+Days after detection

to full recovery

80Impact of lost

productivity and growth

$3Trillion

Average cost of a data breach (15% YoY

increase)

$3.5Million

“ THERE ARE TWO KINDS OF BIG COMPANIES, THOSE WHO’VE BEEN HACKED, AND THOSE WHO DON’ T

KNOW THEY’VE BEEN HACKED.”

- J A M E S C O M E Y , F B I D I R E C T O R

HOW DO BREACHES OCCUR?

Malware and vulnerabilities are not the only thing

to worry about

99.9%of exploited Vulnerabilities were used more than a year after the CVE was published

46%of compromised systems had no malware on them

50%of those who open and click attachments do so within the first hour

23%of recipients opened phishing messages (11% clicked on attachments)

Fast and effective phishing attacks

give you little time to react

WHAT MAKES IT AN ADVANCED ATTACK?

The attacker’s challenge

What makes is an APT?

Recon DeliveryExploitatio

nC&C

EoP &

Lateral

movement

Asset Exfiltration

Targeted attacksare often and complex and

lengthy operation

Much like in real-life attacks, planning, control and time is required for a

successful attack to take place

The attacker’s “kill-chain”

While the compromise itself may

take minutes, planning, lateral

movement and exfiltration of

data can take days, weeks or

months

helps enterprise customers detect and remediate

Advanced Attacks and data breaches

Windows Defender ATP

Powered by cloud

Machine Learning

Analytics over the largest

sensor array in the world

Universal end-point

behavioral sensor,

built into Win10,

with no additional

deployment

requirements

Enhanced by the

community of our

Hunters,

researchers and

threat intelligence

Built into

Why Microsoft is in a unique position

Over 1M Microsoft corporate machines

New code, new products, new files

Most are local admins

Hundreds of labs, malware enclaves

1.2 Billion Windowsmachines reporting

1M files detonated daily

Advanceddetection algorithms

& Statistical modelling

APT hunters –OS Security, Exploit & Malware Researchers, & Threat Intelligence

11M Enterprise machines reporting

2.5T URLs indexed and 600M reputation

look ups

Combined Microsoft Stack:

Maximize detection coverage throughout the attack stages

User browses

to a website

http://

User runs a

program

Office 365 ATP ATAWindows Defender ATPEmail protection User protectionEnd Point protection

User receives

an email

Opens an

attachment

Clicks on a URL Exploitation Installation C&C channel PersistencePrivilege

escalation Reconnaissance

Lateral

movement

Access to shared

resources

PIVOT - ACROSS MICROSOFT ATP SERVICES


Sensitive

Workloads


Intranet

Extranet

Azure Key Vault




Microsoft Azure


NGFW

IPS

DLP

SSL Proxy





Colocation

$ Windows 10



OS

Multi-Factor

Authentication



AAD PIM

Azure Antimalware



Hello for

Business

Windows

Info Protection

Enterprise Servers

VPN

VPN

VMs VMs

Certification

Authority (PKI)

Incident

Response

Vulnerability

Management

Enterprise

Threat

Detection

Analytics

Managed

Security

Provider OMS

ATA

SIEM

Security Operations

Center (SOC)


Hunting

Teams

Investigation

and Recovery

WEF

SIEM

Integration

IoT

Identity &

Access




UEBA

Windows 10 Security

• Secure Boot

• Device Guard



• Windows Hello


Windows

Security

Appliances





AAD Identity

Protection

ATA


Internet of Things

• Device Health

Attestation

• Remote

Credential Guard

Intune MDM/MAM

Conditional Access

Cloud App Security

Azure

Information


• Label

• Protect

• Report

Office 365 DLP

Endpoint DLP

Structured Data &

3rd party Apps


Cla

ssif

icati

on

Lab

els

ASM

Lockbox

Office 365



Shielded VMs

Domain Controllers


• Anti-malware

Hold Your Own

Key (HYOK)

ESAE

Admin Forest


http://aka.ms/pam









Azure SQL Server

Control AccessDatabase Access: Azure Active Directory Authentication (AAD)

Application Access: Row-Level Security (RLS), Dynamic Data Masking

Proactive MonitoringTracking & Detecting : Auditing & Threat Detection

Protect Data Encryption at rest :Transparent Data Encryption (TDE)

Encryption in use (client) : Always Encrypted (AE)

Security :

✓ Server-side encryption of the data on physical disk

✓ Simple to Use , Zero application changes

✓ Support for all database operations (ex. joins) on data

✓ SQL Database service manages your keys

✓ AES-NI Hardware Acceleration (2-3% performance impact )

Protect data on SQL database physical storage

from unauthorized access,

SQL Database

Customer1

Customer2

Customer3

Client side

encryption

Client-side encryption of

sensitive data using keys that

are never given to the

database system.

Queries on

Encrypted Data

Support for equality

comparison, incl. join, group

by and distinct operators.

Application

Transparency

Minimal application changes

via server and client library

enhancements.

Protects the highly sensitive data in-use

from high privilege SQL users.

Encrypted sensitive data and corresponding keys are never seen in plaintext in SQL Server






Security :

✓ Alternative to SQL Server authentication

✓ Simplifies database permission management using

external Azure Active Directory groups

✓ Allows password rotation in a single place

A central place to manage users across services

Status: Preview

ADO

.NET 4.6

ADALSQLMultiple authentication methods

✓ Username/password for Azure AD managed accounts

✓Integrated Windows authentication , for federated domains

which is authenticated via Azure AD

✓ Certificate-based authentication, in case the certificate

registered with Azure Active Directory

Limit Access to

Sensitive Data

Protects against unauthorized

access to sensitive data in the

application, using built-in or

custom masking rules.

Privileged users can still see

unmasked data.

Application

Transparency

Data is masked on-the-fly,

underlying data in the database

remains intact. Transparent to

the application and applied

according to user privilege.

Limit the exposure of sensitive data by obfuscating query results for app users and engineer

APP Users Dev Users

Fine-grained

Access Control

Control both read- and write-

access to specific rows of data

in a shared database.

Flexible access criteria (user

identity, role/group

memberships, connection data,

time of day, etc).

Application

Transparency

• RLS works transparently at

query time, no app changes

needed.

• Reduces application

maintenance and code

complexity.

Centralize your row access logic within the database.






Security :

✓ Configurable audit policy via the Azure portal and

standard API

✓ Audit logs reside in your Azure Storage account

✓ Azure portal viewer and excel templates for

analysis of audit log

Gain insight into database events and

streamline compliance-related tasks

Azure DB Auditing

Audit

log

Azure Storage

✓ Configurable threat detection policy via the Azure portal

and standard API

✓ Multiple set of algorithms, which detect potential SQL

injections and unusual behavior patterns

✓ Immediate notification upon suspicious activities detection

✓ Investigate and mitigate threats using Azure portal.

Detects suspicious database activities indicating

possible malicious intent to access, breach or

exploit data in the database

SQL

Database

SQL

Threat

Detection

Web

App

External Attacker

Status: Preview

Malicious insider

Azure Multi Factor Authentication

What is Multi-Factor Authentication?

The use of two or more of the following factors:

It’s stronger when two different channels are used (out-of-band authentication).

What is Azure Multi-Factor Authentication?

It is an Azure Identity and Access management service that prevents unauthorized access to on-premises and cloud applications by providing an additional level of authentication.

It is trusted by thousands of enterprises to authenticate employee, customer, and partner access.

Text MessageSMS message

One way or two-way acknowledgement

Mobile AppNotification – verification code is delivered to mobile app

OATH TOTP

Verification Code – a verification code is xxx

Multi-platform: iOS, Android, Windows Phone

OATH TOTP Hard Tokens (MFA Server Only)OTP generated using algorithm based on shared secret and current time.

Phone CallCall placed to designated phone number (wireless or landline)

Simple Acknowledgement (#) or special PIN

Mobile AppNotification – verification code is delivered to mobile app

OATH TOTP

Verification Code – a verification code is xxx







Mobile AppNotification is delivered to mobile app –


Software OATH Time-based-One-Time-Password (TOTP)


•

•

•

•

• -> Trusted IP networks on MFA Server

▪

▪

▪

▪

▪

▪

▪

▪

▪

•

•

•

Adapter between RADIUS MFA Benefits

▪

▪ https://azure.microsoft.com/en-us/documentation/services/multi-factor-authentication/

▪ https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-server/

▪ https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-advanced-vpn-configurations/

▪

▪

▪

https://azure.microsoft.com/en-us/documentation/services/multi-factor-authentication/

https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-server/

https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-advanced-vpn-configurations/


Sensitive

Workloads


Intranet

Extranet

Azure Key Vault




Microsoft Azure


NGFW

IPS

DLP

SSL Proxy





Colocation

$ Windows 10



OS

Multi-Factor

Authentication



AAD PIM

Azure Antimalware



Hello for

Business

Windows

Info Protection

Enterprise Servers

VPN

VPN

VMs VMs

Certification

Authority (PKI)

Incident

Response

Vulnerability

Management

Enterprise

Threat

Detection

Analytics

Managed

Security

Provider OMS

ATA

SIEM

Security Operations

Center (SOC)


Hunting

Teams

Investigation

and Recovery

WEF

SIEM

Integration

IoT

Identity &

Access




UEBA

Windows 10 Security

• Secure Boot

• Device Guard



• Windows Hello


Windows

Security

Appliances





AAD Identity

Protection

ATA


Internet of Things

• Device Health

Attestation

• Remote

Credential Guard

Intune MDM/MAM

Conditional Access

Cloud App Security

Azure

Information


• Label

• Protect

• Report

Office 365 DLP

Endpoint DLP

Structured Data &

3rd party Apps


Cla

ssif

icati

on

Lab

els

ASM

Lockbox

Office 365



Shielded VMs

Domain Controllers


• Anti-malware

Hold Your Own

Key (HYOK)

ESAE

Admin Forest


http://aka.ms/pam









Advanced Threat Analytics

Microsoft Advanced Threat Analytics

brings the behavioral analytics concept

to IT and the organization’s users.

Behavioral

Analytics

Detection of advanced

attacks and security risks

Advanced Threat

Detection

An on-premises platform to identify advanced security attacks and insider threats before

they cause damage

Detect threats fast with Behavioral Analytics

Adapt as fast as your enemies

Focus on what is important fast using the simple attack timeline

Reduce the fatigue of false positives

Prioritize and plan for next steps

How Microsoft Advanced Threat Analytics Works4/12/2017 62

Analyze1After installation:

• Simple nonintrusive port-mirroring, or

deployed directly onto domain

controllers

• Remains invisible to the attackers

• Analyzes all Active Directory network

traffic

• Collects relevant events from SIEM and

information from Active Directory (titles,

group membership and more)

How Microsoft Advanced Threat Analytics Works

ATA:

• Automatically starts learning and

profiling entity behavior

• Identifies normal behavior for entities

• Learns continuously to update the

activities of the users, devices, and

resources

Learn2

What is an entity?

An entity represents users, devices, or resources


Detect3 Microsoft Advanced Threat Analytics:

• Looks for abnormal behavior and identifies

suspicious activities

• Only alerts if abnormal activities are contextually

aggregated

• Uses world-class security research to detect known

attacks and security issues (regional or global)

ATA not only compares the entity’s behavior to its own, but also to the behavior of other entities in the environment.


Alert4

ATA reports all suspicious

activities on a simple,

functional, usable attack

timeline

ATA identifies

Who?

What?

When?

How?

For each suspicious

activity, ATA provides

recommendations for

the investigation and

remediation

4/12/2017 66

Abnormal resource access

Account enumeration

Net Session enumeration

DNS enumeration

Abnormal working hours

Brute force using NTLM, Kerberos or LDAP

Sensitive accounts exposed in plain text authentication

Service accounts exposed in plain text authentication

Honey Token account suspicious activities

Unusual protocol implementation

Malicious Data Protection Private Information (DPAPI) Request

Abnormal authentication requests

Abnormal resource access

Pass-the-Ticket

Pass-the-Hash

Overpass-the-Hash

MS14-068 exploit (Forged PAC)

MS11-013 exploit (Silver PAC)

Skeleton key malware

Golden ticket

Remote execution

Malicious replication requests

ATA detects a wide range of suspicious activities

Reconnaissance

Compromised

Credential

Lateral

Movement

Privilege

Escalation

Domain

Dominance

Azure Security Center

Enable security

at cloud speed

Gain visibility

and control Detect cyber

attacksIntegrate partner

solutions

Provides a unified view of security across all your Azure subscriptions, including

vulnerabilities and threats detected

Enables you to define security policies for hardening cloud configurations

APIs, SIEM connector and Power BI dashboards make it easy to access, integrate, and

analyze security information using existing tools and processes

Gain visibility and control

Preview

Log

Analytics/

SIEMStandard Log

Connector(ArcSight, Splunk, etc)

REST APIs(Activity Logs, Security

Center Alerts, AAD Logs)Azure Monitor Eventhub

(Service Diagnostics -NSG, Key Vault)

Azure LogIntegration

Azure Monitor Service(VM Diagnostics)

Continuously assesses the security of your workloads even as they change

Creates policy-driven recommendations and guides users through the process

of remediating security vulnerabilities

Enables rapid deployment of built-in security controls as well as products and

services from security partners (firewalls, endpoint protection, and more)

Recommends and streamlines provisioning of partner solutions

Integrates signals for centralized alerting and advanced detection

Enables monitoring and basic management with easy access to advanced configuration

using the partner solution

Leverages Azure Marketplace for commerce and billing

Analyzes security data from your Azure virtual machines, Azure services (like Azure

SQL databases), the network, and connected partner solutions

Leverages security intelligence and advanced analytics to detect threats more

quickly and reduce false positives

Creates prioritized security alerts and incidents that provide insight into the attack

and recommendations on how to remediate


Sensitive

Workloads


Intranet

Extranet

Azure Key Vault




Microsoft Azure


NGFW

IPS

DLP

SSL Proxy





Colocation

$ Windows 10



OS

Multi-Factor

Authentication



AAD PIM

Azure Antimalware



Hello for

Business

Windows

Info Protection

Enterprise Servers

VPN

VPN

VMs VMs

Certification

Authority (PKI)

Incident

Response

Vulnerability

Management

Enterprise

Threat

Detection

Analytics

Managed

Security

Provider OMS

ATA

SIEM

Security Operations

Center (SOC)


Hunting

Teams

Investigation

and Recovery

WEF

SIEM

Integration

IoT

Identity &

Access




UEBA

Windows 10 Security

• Secure Boot

• Device Guard



• Windows Hello


Windows

Security

Appliances





AAD Identity

Protection

ATA


Internet of Things

• Device Health

Attestation

• Remote

Credential Guard

Intune MDM/MAM

Conditional Access

Cloud App Security

Azure

Information


• Label

• Protect

• Report

Office 365 DLP

Endpoint DLP

Structured Data &

3rd party Apps


Cla

ssif

icati

on

Lab

els

ASM

Lockbox

Office 365



Shielded VMs

Domain Controllers


• Anti-malware

Hold Your Own

Key (HYOK)

ESAE

Admin Forest


http://aka.ms/pam









#MicrosoftSecure

Seguridad en un

Mundo móvil

Seguridad en un Mundo móvil #MicrosoftSecure...

Documents

Transcript of Seguridad en un Mundo móvil #MicrosoftSecure...