Abstract image of a woman sitting on books and studying on a laptop

Concurrency Security Summit presentation

Concurrency, Inc., profile picture
Concurrency, Inc.

The document explores the challenges and solutions related to securing digital transformation amid rising cybercrime, outlining significant data breaches and their economic impacts. It emphasizes the evolving risks and necessary mitigation strategies, including the adoption of modern security frameworks and technologies. Key points include the importance of proactive security measures, continuous improvement, and effective management of identities and data to safeguard organizations in a digital landscape.

Technology
1 of 71
Downloaded 14 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
Securing the Digital Transformation Overview
2Digital Transformation Realized™ Latest 2015 2014 2013 Hacks resulting in loss of more than 30,000 records Source: Informationisbeautiful.net Largest Data Breaches JP Morgan Chase 76000000 Target 70000000 AOL 2400000 Ebay MySpace 164000000Experian / T-Mobile Anthem 800000000 Banner Health Mail.ru 25000000 Linux Ubuntu forums Clinton Campaign Carefirst British Airways AshleyMadison.com Adult Friend Finder Dominos Pizzas (France) Evernote 50000000 Home Depot 56000000 European Central Bank Kromtech MSpy Japan Airlines Philippines’ Commission on Elections 55000000 Telegram Securus Technologies 70000000 NASDAQ Sony Pictures Nintendo Neiman Marcus Staples OHV Scribd US Office of Personnel Management (2nd Breach) VK 100544934 Vtech UPS Yahoo Japan Washington State Court System Twitch TV Ubuntu Wendy’s Verizon uTorrent Syrian Government Adobe 36000000 Central Hudson Gas & Electric National Childbirth Trust Hacking TeamCarPhone Warehouse Invest Bank Community Health Services Apple A&B Altegrity Mac Rumours .com Premera LivingSocial 50000000 TalkTalk US Office of Personnel Management
3Digital Transformation Realized™ Economic Impact from Cybercrime $162m $1 billion $171m Target JPMorgan Sony
4Digital Transformation Realized™ Risk Mitigation and Digital Transformation The Digital Transformation is driving change in the way IT is leveraged throughout the business The way IT is secured and risks mitigated within the business will also rapidly evolve as threats enter new vectors The technologies for mitigating risks are a combination of longstanding best practices and modern capabilities The defense against the modern (and existing) threats of the Digital Transformation start now 1 2 3 4
The Digital Transformation is driving change in the way IT is leveraged throughout the business
6Digital Transformation Realized™ Companies are Becoming More Digital Enabling the customer experience with technology Enabling partner interactions through technology Driving efficiency in internal operations Customers Partners Employees
7Digital Transformation Realized™ Transformative vs. Non-Transformative
8Digital Transformation Realized™ Digital Transformation Modern Applications IoT, Mixed Reality, Collaboration, ECM, BPM SecureModern IT Management DevOps and IT Service, Business Process Transformation, Governance Customer Engagement CRM, Extranets, B2B solutions Cloud Data Center Identity & Device Management , Cloud Integration & Management, Unified Communications Analytics & Data BI, SQL, Predictive Analytics, Big Data Mobile SecureMobile
The way IT is secured and risks mitigated within the business will rapidly evolve as threats enter new vectors
10Digital Transformation Realized™ Top New Threats with Financial Impact Customer User Database Compromise IoT Device Compromise Internal Identity Compromise Confidential Data Compromise Predictive Analytics Compromise Source Code Compromise Social Engineering Theft Physical Access paired with Theft
11Digital Transformation Realized™ Modern Security Layers to Mitigate Risk Network Operating System Identity Application Information Communications Management Physical
12Digital Transformation Realized™ NIST Security Framework DetectRespond Recover Protect Digital Transformation Identify
13Digital Transformation Realized™ Risk Mitigation Combining Layers and NIST Detect  Big data detection patterns Respond  Automated response mechanisms Recover  Declarative configuration Protect  Cloud consistent protection patterns Digital Transformation Identify  Cloud threat identification Network Identity Application Information Communications Management Physical Operating System
14Digital Transformation Realized™ Modern Security Layers and NIST DetectRespond Recover Protect Digital Transformation Identify Network The extent to which traffic can reach the intended destination based on its qualities, being from a known source, appropriate port, and of certain characteristics. Millions of hacked agents Network boundary is everywhere Applications are customer facing
15Digital Transformation Realized™ Modern Security Layers and NIST DetectRespond Recover Protect Digital Transformation Identify Operating System The extent to which the operating system is protected from attack based on its inherent flaws, as well as the extent to which it provides for modern protections from modern invasive approaches. Out-of-Date Operating Systems Your clients are your network boundary IoT clients, mobile, and devices exposed
16Digital Transformation Realized™ Modern Security Layers and NIST Recover DetectRespond Protect Digital Transformation Identify Identity The extent to which authentication to an application provides a more important role in security in the modern age, as well as what access the authenticated person has based on role based access control. Weak passwords everywhere Applications not properly identity secured Brute force techniques increasing in capability
17Digital Transformation Realized™ Modern Security Layers and NIST Recover DetectRespond Protect Digital Transformation Identify Application The security of the actual application itself, as was tested and written using patterns and practices which mitigate known threats and attack vectors. Applications using APIs and features with known flaws Interaction between application components Boundary security flaws on endpoint
18Digital Transformation Realized™ Modern Security Layers and NIST DetectRespond Recover Protect Digital Transformation Identify Information The extent to which documents and data are protected regardless of location and are controlled based on their qualities. Confidential information is widely accessible Secure content is used to gain other content Users who “should” have access change
19Digital Transformation Realized™ Modern Security Layers and NIST Management The extent to which management tools have evolved to address modern threats which require analysis and response exceeding manual effort. These scenarios look more like “big data” and machine learning scenarios than manual reviews and responses that traditional security practices employed. DetectRespond Recover Protect Digital Transformation Identify Breadth of threats exceeds human capabilities Response needs are immediate Employees not properly trained
20Digital Transformation Realized™ Modern Security Layers and NIST Communications The extent to which application communications (or even personal communications) are protected and private based on identity and application qualities. No assurance that the network is secured Modern devices are connected to the internet Pass-the-Hash, Password Extraction DetectRespond Recover Protect Digital Transformation Identify
The technologies for mitigating risks are a combination of longstanding best practices and modern capabilities
22Digital Transformation Realized™ NIST CSF to Category / Microsoft technology map Mapping in Technology Solutions Protect(PR) Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information. PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition PR.DS-4: Adequate capacity to ensure availability is maintained Cloud Datacenter Operations Management Suite & System Center Modern IT Management PR.DS-5: Protections against data leaks are implemented Customer Enablement Enterprise Mobility Suite Cloud Datacenter Operations Management Suite & System Center Modern IT Management Azure Resource Management Standards Office365 PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity Customer Enablement Enterprise Mobility Suite Modern IT Management Operations Management Suite & System Center PR.DS-7: The development and testing environment(s) are separate from the production environment Cloud Datacenter Azure Resource Management Standards Modern IT Management Visual Studio Team Services PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained Modern IT Management Operations Management Suite &System Center ServiceNow PR.IP-2: A System Development Life Cycle to manage systems is implemented Modern IT Management Visual Studio Team Services Operations Management Suite & System Center ServiceNow
23Digital Transformation Realized™ Tool Categories and Mapping ServiceNow Operations Management Suite Visual Studio Team Services Azure Machine Learning Modern Service Management Platform Modern Operational and Automation Platform Modern Development Platform Predictive Analytics
24Digital Transformation Realized™ Tool Categories and Mapping Enterprise Mobility + Security Suite Office365 Dynamics 365 Azure Platform as a Service Azure Cloud Platform, Windows Server Azure Stack Windows 10 Microsoft IoT Platform Client Management Platform Collaboration and Business Process Platform Cloud Platform End User Computing Platform
25Digital Transformation Realized™ Anatomy of Attacks and Defense ServiceNow Dynamics Power BI System Center SCCM MIM ATA Azure Stack VM Ware Network EMS OMS USTS Azure ML Log Data ARM + DSC Code Inventory Log Data Log Data Inventory Automation Log Data/IDS ARM + Code DSC Log Data I I IoT Suite
Demo
The defense against the modern threats of the Digital Transformation start now
28Digital Transformation Realized™ Steps to Starting Out Admit that you can do better Know that you can always do better Make a plan for addressing the security threats that are most relevant based on risk and financial impact First Second Then
29Digital Transformation Realized™ Who Do You Want to Be? Disorganized, Hidden, Unprepared Organized, Transparent, Prepared
30Digital Transformation Realized™ Get Specific with Assessments Discover Assess ID System Owner Business Process Hardware Product Software Product Configuration Threat Vulnerability Controls Impact (Low-Med- High) Complexity (Low-Med- High) Risk (Low-Med- Hgih) Priority 00001 Workstations and Servers Denise Smith X Privilege Escalation Local Administrators LAPS High Low High 1 00002 Active Directory Qiong Wu X Unauthorized Use Privileged Accounts MIM PAM Med Med Low 4 00003 Workstations and Servers Naoki Sato X Code Execution Patching SCCM X Med Med 3 00004 Business Culture Daniel Roth X Social Engineering Phishing KnowBe4 High Low High 2 00005 WiFi Andrea Dunker X Unauthorized Use Pre-shared Key 802.1X Low High Med 5 00006 Workstations and Servers Eric Gruber X Business Data Loss Malicious Software Device Guard High High Med 6
31Digital Transformation Realized™ Concurrency’s Engagements Review, assess and make a plan, strategic and tactical, working with CISO Address threats through targeted process improvements, technologies, and education Develop a backlog and keep improving the security state Plan and Design Execution Continuous Improvement
32Digital Transformation Realized™ Key points Understand that security is not something to procrastinate on Leverage NIST CSF to develop a prioritized plan Address key operating system and identity threats first Don’t underestimate the importance of a security management platform 1 2 3 4
33Digital Transformation Realized™ Digging into the Details Presentations on individual scenarios for the Digital Transformation, including: Securing the Client to Application Threat: Part 1 Securing the Client to Application Threat: Part 2 Securing Content and Communications You will have access to the NIST to Technology Mapping, the whitepaper, and this presentation through a follow-up call
Part 1: Securing the Client An Employee, their Laptop and a Hacker walk into a Bar…
35Digital Transformation Realized™ We are not an appealing target for attackers, I’m probably fine. I couldn’t stop them anyway. An attacker would need to get someone’s password to start hacking on us. Breaking into our Network would require an experienced and sophisticated attacker. What do you think?
36Digital Transformation Realized™  I’m using some of the laziest methods  They are easy to demo and understand  Much better methods and tools are available  They are easy to use, but might feel abstract Attack Methods in this Demo
37Digital Transformation Realized™ Attack Pyramid Entry Reconn & Movement End Goal / Exfiltration
38Digital Transformation Realized™ Attack Plan
39Digital Transformation Realized™ BitLocker Would have prevented access to the file system  Is built-in to Windows Enterprise/Pro Edition  Manage with GPO, MBAM, AAD Join / Intune − “InstantGo” capable devices (aka Connected Standby) − Microsoft Surface/Book, Lenovo ThinkPad, Dell Venue What could have stopped that?
40Digital Transformation Realized™  Conditional Access  Single Sign On  Enterprise State Roaming  MDM Registration / Intune  New Intune Portal! Azure AD Join / Domain Join++
41Digital Transformation Realized™ Social Engineering  Walk-up Access in office  Phishing with Macros  Remote Command and Control What else could have happened?
Let’s go Phishing
43Digital Transformation Realized™ Macro Security settings GPO to “Disable all except digitally signed”  GPO for Trust Center/Trusted Locations  Client Activity Analysis with Defender ATP What could have stopped that?
What’s on this Laptop?
45Digital Transformation Realized™  BitLocker (indirectly) − Encrypts the file system, not files  Azure Information Protection (Azure RMS) − Encrypts individual files by user action*  Windows Information Protection (WIP, prev. EDP) − Encrypt “Enterprise Data” by device policy What could have stopped that?
Where’s the Network?
47Digital Transformation Realized™ Local Admins can export Wifi Profiles  Exports any network saved by any user  Also exports client-side certificates − Ensure the cert private key is not Exportable − Consider using RADIUS authentication  Consider managing Wifi setting with GPO/MDM What could have stopped that?
48Digital Transformation Realized™ Attack Pyramid Entry Reconn & Movement End Goal / Exfiltration
Part 2: Securing the Servers
50Digital Transformation Realized™ Attack Plan
51Digital Transformation Realized™ − LAPS / Better Passwords • Generate and Rotate STRONG Local Admin Passwords − Device Guard / AppLocker (for non-admins) • Prevent running unsigned applications (mimikatz) − Credential Guard • Prevent dumping hashes − Advanced Threat Analytics • Detected machine account querying AD What could have stopped that?
52Digital Transformation Realized™  LAPS − Randomize and Change STRONG Local Admin Passwords  Windows Firewall − Block RDP / Disable RDP, allow trusted sources  Group Policy − Prevent Remote Use of Local Accounts  Network Segmentation − Separate Client and Servers networks with ACLs What could have stopped that?
What’s on this Server?
54Digital Transformation Realized™ Group Managed Service Accounts − Passwords managed by Machines, not saved in registry  Device Guard / AppLocker − Prevent running unsigned applications  GPO / Access Control − Prevent Service Accounts from logging in remotely  Monitor with OMS / SysMon What could have stopped that?
55Digital Transformation Realized™ Attack Pyramid Entry Reconn & Movement End Goal / Exfiltration
56Digital Transformation Realized™ Digital Transformation Realized ™ @MrShannonFritz Attack Plan
Stealing AD from the Shadows
58Digital Transformation Realized™  Network Segmentation − Restrict network access to the DC’s  GPO / Access Control − Prevent Non-Domain Admin’s from logging in to DC’s − Prevent Domain Admin’s from being using on Non-DC’s  Isolation / Protection − Restrict access to the DC’s Physical / Virtual hardware What could have stopped that?
59Digital Transformation Realized™ Attack Plan
60Digital Transformation Realized™ Attack Mitigation Plan stickykeys hijack remote shell macro data theft wifi psk dump reconnaissance rdp vss copy ntds.dit bitlocker macro security gpo azure rms wip certifitate wifi defender atp service secrets gpo aad join / intune ata gmsa device guard isolation gpo / dsc skeleton key krbtgt golden ticket device guard oms / sysmon
61Digital Transformation Realized™ NIST Cybersecurity Framework Core Identify  Asset Inventory  Patches and Updates  Risk Management  Policies Protect  Credentials & Identity  Network Access  User Training  Data Security  Baseline Configuration Detect  Nefarious Activity  Malicious Code  Unauthorized Users  Unauthorized Devices  External Services Respond  Investigations  Forensics  Incidents  Containment  Public Relations Recover  Business Continuity  Communications Microsoft and 3rd Party Products  OMS : Operations Management Suite  SC Operations Mgr  SC Configuration Mgr  SC Service Manager  Intune  Cloud App Security  ServiceNOW  MIM : Identity Mgr  MIM PAM  AAD Premium / PIM  Azure MFA  Intune  Conditional Access  Azure App Proxy  BitLocker  Office 365 ATP  OMS  Advanced Threat Analytics  OMS  Azure AD Premium  Defender ATP  Cloud App Security  O365 Compliance Cntr  Lookout App Security  OMS  SC Service Manager  ServiceNOW  Hyper-V  Storage Replica  DFS  OneDrive for Business  OMS : Site Recovery  SC DPM  Veeam  ServiceNOW
62Digital Transformation Realized™  Sami Laiho – wioski.com  Sean Metcalf – adsecurity.org  Rob Fuller – mubix, room362.com, hak5  Paula Januszkiewicz – cqureacademy.com  Robert Reif – cynosure prime password research  Michael Goetzman – cyphercon.com  Marcus Murray & Hasain Alshakarti – Truesec  Troy Hunt – haveibeenpwned.com, troyhunt.com Acknowledgements / Learn More
Securing Content and Communication
64Digital Transformation Realized™ Securing Content and Communication Review of security issues with content and communications scenarios and live review of example Review of technologies to protect content and communications scenarios and live review of example How to get started with protecting content and communications scenarios through both policy and technology
65Digital Transformation Realized™ Data protection realities 87% of senior managers admit to regularly uploading work files to a personal email or cloud account.* 87% 58% have accidentally sent sensitive information to the wrong person.* 58% Focus on data leak prevention for personal devices, but ignore the issue on corporate owned devices where the risks are the same ? %
66Digital Transformation Realized™ Security Issues with Content and Communications Confidential content is everywhere Content needs to be shared, despite its security status Certain locations should never access content Content is shared when not intended to be
67Digital Transformation Realized™ Modern Content Security Needs Protect various content types Protect in-place and in-flight Share with anyone securely Important applications and services are enlightened Meet with varied organizational needs Protect everywhere and layer security
68Digital Transformation Realized™ Technical Solution Layers Applied Network • Location Awareness for Office365 w/ MFA Application • Office365 applies Azure Information Protection Information • Azure Information Protection Operating System • Local Bitlocker Encryption Identity • EM+S with Azure Active Directory Platform Management • Operations Management Suite (OMS) • Enterprise Mobility + Security • ServiceNow
69Digital Transformation Realized™ Steps to Starting Out Define corporate content types and scenarios based on business use cases and organizational policies Build rights management policies based on defined business requirements Incrementally roll out location awareness and Azure Information Protection based on the defined rights management policies and business requirements
70Digital Transformation Realized™ Concurrency’s engagements Plan and Design Review, assess and make a plan, strategic and tactical, working with CISO Execution Address threats through targeted process improvements, technologies, and education Continuous improvement Develop a backlog and keep improving the security state
Thank you!

More Related Content

PPTX
Csa summit seguridad en el sddc
CSA Argentina
 
PPTX
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...
CSA Argentina
 
PDF
Csa summit la transformación digital y el nuevo rol del ciso
CSA Argentina
 
PDF
Industrial IOT Data Connectivity Standard
Gerardo Pardo-Castellote
 
PPTX
Csa summit who can protect us education for cloud security professionals
CSA Argentina
 
PDF
Contractor Exposed Manufacturer's Sensitive Data
Digital Shadows
 
PDF
Cyfirma cybersecurity-predictions-2022-v1.0 c
Aanchal579958
 
PDF
How can i find my security blind spots in Oracle - nyoug - sep 2016
Ulf Mattsson
 
Csa summit seguridad en el sddc
CSA Argentina
 
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...
CSA Argentina
 
Csa summit la transformación digital y el nuevo rol del ciso
CSA Argentina
 
Industrial IOT Data Connectivity Standard
Gerardo Pardo-Castellote
 
Csa summit who can protect us education for cloud security professionals
CSA Argentina
 
Contractor Exposed Manufacturer's Sensitive Data
Digital Shadows
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Aanchal579958
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
Ulf Mattsson
 

What's hot (19)

PDF
Identity - building trust in a digital world
Conor Bronsdon
 
PDF
How can i find my security blind spots ulf mattsson - aug 2016
Ulf Mattsson
 
PDF
LIFT OFF 2017: IoT and MSS Deep Dive
Robert Herjavec
 
PDF
The Essential Ingredient for Today's Enterprise
ReadWrite
 
PDF
What is Cloud and what are the best practices?
IndSightsResearchSG
 
PDF
Cloud & Cybersecurity
IndSightsResearchSG
 
PPT
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
 
PPTX
Cloud is not an option, but is security?
Jody Keyser
 
PPTX
Csa summit argentina-reavis
CSA Argentina
 
PPTX
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
PDF
IBM per la sicurezza del Datacenter
Anna Landolfi
 
PDF
Iot security requirements will reshape enterprise it security programs
Market Engel SAS
 
PDF
Securing Manufacturing: How we can improve speed and efficiency while protect...
Conor Bronsdon
 
PPT
Avoiding data breach using security intelligence and big data to stay out of ...
IBM Security
 
PDF
How the latest trends in data security can help your data protection strategy...
Ulf Mattsson
 
PDF
Getting ahead of compromise
CMR WORLD TECH
 
PPTX
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Ulf Mattsson
 
PDF
Chris neely the future of cyber security events 3
Redazione InnovaPuglia
 
PDF
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon
Priyanka Aash
 
Identity - building trust in a digital world
Conor Bronsdon
 
How can i find my security blind spots ulf mattsson - aug 2016
Ulf Mattsson
 
LIFT OFF 2017: IoT and MSS Deep Dive
Robert Herjavec
 
The Essential Ingredient for Today's Enterprise
ReadWrite
 
What is Cloud and what are the best practices?
IndSightsResearchSG
 
Cloud & Cybersecurity
IndSightsResearchSG
 
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
 
Cloud is not an option, but is security?
Jody Keyser
 
Csa summit argentina-reavis
CSA Argentina
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
IBM per la sicurezza del Datacenter
Anna Landolfi
 
Iot security requirements will reshape enterprise it security programs
Market Engel SAS
 
Securing Manufacturing: How we can improve speed and efficiency while protect...
Conor Bronsdon
 
Avoiding data breach using security intelligence and big data to stay out of ...
IBM Security
 
How the latest trends in data security can help your data protection strategy...
Ulf Mattsson
 
Getting ahead of compromise
CMR WORLD TECH
 
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Ulf Mattsson
 
Chris neely the future of cyber security events 3
Redazione InnovaPuglia
 
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon
Priyanka Aash
 
Ad

Viewers also liked (20)

PPTX
Introducing NoSQL and MongoDB to complement Relational Databases (AMIS SIG 14...
Lucas Jellema
 
PDF
MongoDB NoSQL database a deep dive -MyWhitePaper
Rajesh Kumar
 
PDF
Tracxn Research - Mobile Advertising Landscape, February 2017
Tracxn
 
PDF
Tracxn Research - Construction Tech Landscape, February 2017
Tracxn
 
PPTX
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
Oleg Shalygin
 
PDF
Tracxn Research - Insurance Tech Landscape, February 2017
Tracxn
 
PPTX
Comparing 30 MongoDB operations with Oracle SQL statements
Lucas Jellema
 
PDF
Developing streaming applications with apache apex (strata + hadoop world)
Apache Apex
 
PDF
Predictive Analytics with Airflow and PySpark
Russell Jurney
 
PPTX
Gs08 modernize your data platform with sql technologies wash dc
Bob Ward
 
PPTX
Tugas 4 0317-imelda felicia-1412510545
imeldafelicia
 
PPTX
Salesforce Marketing Cloud Training | Salesforce Training For Beginners - Mar...
Edureka!
 
PDF
Tracxn Research - Finance & Accounting Landscape, February 2017
Tracxn
 
PDF
Tracxn Research - Healthcare Analytics Landscape, February 2017
Tracxn
 
PPTX
Google Cloud Spanner Preview
DoiT International
 
PDF
2017 iosco research report on financial technologies (fintech)
Ian Beckett
 
PDF
GE Predix 新手入门 赵锴 物联网_IoT
Kai Zhao
 
PDF
2015 Internet Trends Report
IQbal KHan
 
PDF
[Aurora事例祭り]Amazon Aurora を使いこなすためのベストプラクティス
Amazon Web Services Japan
 
PDF
IBM Storage for Analytics, Cognitive and Cloud
Tony Pearson
 
Introducing NoSQL and MongoDB to complement Relational Databases (AMIS SIG 14...
Lucas Jellema
 
MongoDB NoSQL database a deep dive -MyWhitePaper
Rajesh Kumar
 
Tracxn Research - Mobile Advertising Landscape, February 2017
Tracxn
 
Tracxn Research - Construction Tech Landscape, February 2017
Tracxn
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
Oleg Shalygin
 
Tracxn Research - Insurance Tech Landscape, February 2017
Tracxn
 
Comparing 30 MongoDB operations with Oracle SQL statements
Lucas Jellema
 
Developing streaming applications with apache apex (strata + hadoop world)
Apache Apex
 
Predictive Analytics with Airflow and PySpark
Russell Jurney
 
Gs08 modernize your data platform with sql technologies wash dc
Bob Ward
 
Tugas 4 0317-imelda felicia-1412510545
imeldafelicia
 
Salesforce Marketing Cloud Training | Salesforce Training For Beginners - Mar...
Edureka!
 
Tracxn Research - Finance & Accounting Landscape, February 2017
Tracxn
 
Tracxn Research - Healthcare Analytics Landscape, February 2017
Tracxn
 
Google Cloud Spanner Preview
DoiT International
 
2017 iosco research report on financial technologies (fintech)
Ian Beckett
 
GE Predix 新手入门 赵锴 物联网_IoT
Kai Zhao
 
2015 Internet Trends Report
IQbal KHan
 
[Aurora事例祭り]Amazon Aurora を使いこなすためのベストプラクティス
Amazon Web Services Japan
 
IBM Storage for Analytics, Cognitive and Cloud
Tony Pearson
 
Ad

Similar to Concurrency Security Summit presentation (20)

PDF
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
Cristian Garcia G.
 
PPTX
Cyber security within Organisations: A sneaky peak of current status, trends,...
Marco Casassa Mont
 
PDF
Cybersecurity Improvement eBook
Pablo Junco
 
PDF
Daniel Grabski | Microsofts cybersecurity story
Microsoft Österreich
 
PDF
New technologies - Amer Haza'a
Fahmi Albaheth
 
PPTX
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Cristian Garcia G.
 
PDF
Journey to the Perfect Application: Digital Transformation During a Crisis
Aggregage
 
PDF
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
PlatformSecurityManagement
 
PDF
The future of cyber security
Sandip Juthani
 
PDF
br-security-connected-top-5-trends
Christopher Bennett
 
PPTX
Monitoring security in the externalised organisation (Auscert 2013)
Huntsman Security
 
PDF
IDC- BMC Digital Enterprise Management Powers Digital Business Transformation
Eric Lightfoot
 
PDF
Digital Transformation Why Cybersecurity is More Crucial Than Ever.pdf
Diana Sunica
 
PDF
Revolutionizing Advanced Threat Protection
Blue Coat
 
PDF
Microsoft-365-Overview.pdf
madjidbabaci1
 
PDF
Secure the modern Enterprise
Microsoft Österreich
 
PDF
Cyber Security in Manufacturing
CentraComm
 
PDF
Okta Digital Enterprise Report
Okta-Inc
 
PPTX
Digital Transformation: Mission Meets Modernization
scoopnewsgroup
 
PDF
Securing Solutions Amid The Journey To Digital Transformation.pdf
Ciente
 
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
Cristian Garcia G.
 
Cyber security within Organisations: A sneaky peak of current status, trends,...
Marco Casassa Mont
 
Cybersecurity Improvement eBook
Pablo Junco
 
Daniel Grabski | Microsofts cybersecurity story
Microsoft Österreich
 
New technologies - Amer Haza'a
Fahmi Albaheth
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Cristian Garcia G.
 
Journey to the Perfect Application: Digital Transformation During a Crisis
Aggregage
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
PlatformSecurityManagement
 
The future of cyber security
Sandip Juthani
 
br-security-connected-top-5-trends
Christopher Bennett
 
Monitoring security in the externalised organisation (Auscert 2013)
Huntsman Security
 
IDC- BMC Digital Enterprise Management Powers Digital Business Transformation
Eric Lightfoot
 
Digital Transformation Why Cybersecurity is More Crucial Than Ever.pdf
Diana Sunica
 
Revolutionizing Advanced Threat Protection
Blue Coat
 
Microsoft-365-Overview.pdf
madjidbabaci1
 
Secure the modern Enterprise
Microsoft Österreich
 
Cyber Security in Manufacturing
CentraComm
 
Okta Digital Enterprise Report
Okta-Inc
 
Digital Transformation: Mission Meets Modernization
scoopnewsgroup
 
Securing Solutions Amid The Journey To Digital Transformation.pdf
Ciente
 

More from Concurrency, Inc. (12)

PDF
Workplace Productivity Summit
Concurrency, Inc.
 
PDF
Skype Summit 2017
Concurrency, Inc.
 
PPTX
Microsoft Unified Communications Summit
Concurrency, Inc.
 
PPTX
Azure unleashed
Concurrency, Inc.
 
PPTX
Concurrency Technology Roadmap
Concurrency, Inc.
 
PPTX
SharePoint Online v Onprem
Concurrency, Inc.
 
PPTX
PSIGEN Document Capture
Concurrency, Inc.
 
PPTX
SharePoint Online v Onprem - presented by Concurrency, Inc
Concurrency, Inc.
 
PPTX
Moving to the cloud azure, office365, and intune - concurrency
Concurrency, Inc.
 
PPTX
Concurrency presents Modern Datacenter
Concurrency, Inc.
 
PPTX
Concurrency presents Dynamics CRM 2013
Concurrency, Inc.
 
PPTX
Enterprise Social - SharePoint, Office 365, Lync, Yammer
Concurrency, Inc.
 
Workplace Productivity Summit
Concurrency, Inc.
 
Skype Summit 2017
Concurrency, Inc.
 
Microsoft Unified Communications Summit
Concurrency, Inc.
 
Azure unleashed
Concurrency, Inc.
 
Concurrency Technology Roadmap
Concurrency, Inc.
 
SharePoint Online v Onprem
Concurrency, Inc.
 
PSIGEN Document Capture
Concurrency, Inc.
 
SharePoint Online v Onprem - presented by Concurrency, Inc
Concurrency, Inc.
 
Moving to the cloud azure, office365, and intune - concurrency
Concurrency, Inc.
 
Concurrency presents Modern Datacenter
Concurrency, Inc.
 
Concurrency presents Dynamics CRM 2013
Concurrency, Inc.
 
Enterprise Social - SharePoint, Office 365, Lync, Yammer
Concurrency, Inc.
 

Recently uploaded (20)

PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
August Patch Tuesday
Ivanti
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PDF
Unlock new opportunities with location data.pdf
Precisely
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
August Patch Tuesday
Ivanti
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
Unlock new opportunities with location data.pdf
Precisely
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Modernising the Digital Integration Hub
Daniel Toomey
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 

Concurrency Security Summit presentation

  • 2. 2Digital Transformation Realized™ Latest 2015 2014 2013 Hacks resulting in loss of more than 30,000 records Source: Informationisbeautiful.net Largest Data Breaches JP Morgan Chase 76000000 Target 70000000 AOL 2400000 Ebay MySpace 164000000Experian / T-Mobile Anthem 800000000 Banner Health Mail.ru 25000000 Linux Ubuntu forums Clinton Campaign Carefirst British Airways AshleyMadison.com Adult Friend Finder Dominos Pizzas (France) Evernote 50000000 Home Depot 56000000 European Central Bank Kromtech MSpy Japan Airlines Philippines’ Commission on Elections 55000000 Telegram Securus Technologies 70000000 NASDAQ Sony Pictures Nintendo Neiman Marcus Staples OHV Scribd US Office of Personnel Management (2nd Breach) VK 100544934 Vtech UPS Yahoo Japan Washington State Court System Twitch TV Ubuntu Wendy’s Verizon uTorrent Syrian Government Adobe 36000000 Central Hudson Gas & Electric National Childbirth Trust Hacking TeamCarPhone Warehouse Invest Bank Community Health Services Apple A&B Altegrity Mac Rumours .com Premera LivingSocial 50000000 TalkTalk US Office of Personnel Management
  • 3. 3Digital Transformation Realized™ Economic Impact from Cybercrime $162m $1 billion $171m Target JPMorgan Sony
  • 4. 4Digital Transformation Realized™ Risk Mitigation and Digital Transformation The Digital Transformation is driving change in the way IT is leveraged throughout the business The way IT is secured and risks mitigated within the business will also rapidly evolve as threats enter new vectors The technologies for mitigating risks are a combination of longstanding best practices and modern capabilities The defense against the modern (and existing) threats of the Digital Transformation start now 1 2 3 4
  • 5. The Digital Transformation is driving change in the way IT is leveraged throughout the business
  • 6. 6Digital Transformation Realized™ Companies are Becoming More Digital Enabling the customer experience with technology Enabling partner interactions through technology Driving efficiency in internal operations Customers Partners Employees
  • 8. 8Digital Transformation Realized™ Digital Transformation Modern Applications IoT, Mixed Reality, Collaboration, ECM, BPM SecureModern IT Management DevOps and IT Service, Business Process Transformation, Governance Customer Engagement CRM, Extranets, B2B solutions Cloud Data Center Identity & Device Management , Cloud Integration & Management, Unified Communications Analytics & Data BI, SQL, Predictive Analytics, Big Data Mobile SecureMobile
  • 9. The way IT is secured and risks mitigated within the business will rapidly evolve as threats enter new vectors
  • 10. 10Digital Transformation Realized™ Top New Threats with Financial Impact Customer User Database Compromise IoT Device Compromise Internal Identity Compromise Confidential Data Compromise Predictive Analytics Compromise Source Code Compromise Social Engineering Theft Physical Access paired with Theft
  • 11. 11Digital Transformation Realized™ Modern Security Layers to Mitigate Risk Network Operating System Identity Application Information Communications Management Physical
  • 12. 12Digital Transformation Realized™ NIST Security Framework DetectRespond Recover Protect Digital Transformation Identify
  • 13. 13Digital Transformation Realized™ Risk Mitigation Combining Layers and NIST Detect  Big data detection patterns Respond  Automated response mechanisms Recover  Declarative configuration Protect  Cloud consistent protection patterns Digital Transformation Identify  Cloud threat identification Network Identity Application Information Communications Management Physical Operating System
  • 14. 14Digital Transformation Realized™ Modern Security Layers and NIST DetectRespond Recover Protect Digital Transformation Identify Network The extent to which traffic can reach the intended destination based on its qualities, being from a known source, appropriate port, and of certain characteristics. Millions of hacked agents Network boundary is everywhere Applications are customer facing
  • 15. 15Digital Transformation Realized™ Modern Security Layers and NIST DetectRespond Recover Protect Digital Transformation Identify Operating System The extent to which the operating system is protected from attack based on its inherent flaws, as well as the extent to which it provides for modern protections from modern invasive approaches. Out-of-Date Operating Systems Your clients are your network boundary IoT clients, mobile, and devices exposed
  • 16. 16Digital Transformation Realized™ Modern Security Layers and NIST Recover DetectRespond Protect Digital Transformation Identify Identity The extent to which authentication to an application provides a more important role in security in the modern age, as well as what access the authenticated person has based on role based access control. Weak passwords everywhere Applications not properly identity secured Brute force techniques increasing in capability
  • 17. 17Digital Transformation Realized™ Modern Security Layers and NIST Recover DetectRespond Protect Digital Transformation Identify Application The security of the actual application itself, as was tested and written using patterns and practices which mitigate known threats and attack vectors. Applications using APIs and features with known flaws Interaction between application components Boundary security flaws on endpoint
  • 18. 18Digital Transformation Realized™ Modern Security Layers and NIST DetectRespond Recover Protect Digital Transformation Identify Information The extent to which documents and data are protected regardless of location and are controlled based on their qualities. Confidential information is widely accessible Secure content is used to gain other content Users who “should” have access change
  • 19. 19Digital Transformation Realized™ Modern Security Layers and NIST Management The extent to which management tools have evolved to address modern threats which require analysis and response exceeding manual effort. These scenarios look more like “big data” and machine learning scenarios than manual reviews and responses that traditional security practices employed. DetectRespond Recover Protect Digital Transformation Identify Breadth of threats exceeds human capabilities Response needs are immediate Employees not properly trained
  • 20. 20Digital Transformation Realized™ Modern Security Layers and NIST Communications The extent to which application communications (or even personal communications) are protected and private based on identity and application qualities. No assurance that the network is secured Modern devices are connected to the internet Pass-the-Hash, Password Extraction DetectRespond Recover Protect Digital Transformation Identify
  • 21. The technologies for mitigating risks are a combination of longstanding best practices and modern capabilities
  • 22. 22Digital Transformation Realized™ NIST CSF to Category / Microsoft technology map Mapping in Technology Solutions Protect(PR) Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information. PR.DS-3: Assets are formally managed throughout removal, transfers, and disposition PR.DS-4: Adequate capacity to ensure availability is maintained Cloud Datacenter Operations Management Suite & System Center Modern IT Management PR.DS-5: Protections against data leaks are implemented Customer Enablement Enterprise Mobility Suite Cloud Datacenter Operations Management Suite & System Center Modern IT Management Azure Resource Management Standards Office365 PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity Customer Enablement Enterprise Mobility Suite Modern IT Management Operations Management Suite & System Center PR.DS-7: The development and testing environment(s) are separate from the production environment Cloud Datacenter Azure Resource Management Standards Modern IT Management Visual Studio Team Services PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained Modern IT Management Operations Management Suite &System Center ServiceNow PR.IP-2: A System Development Life Cycle to manage systems is implemented Modern IT Management Visual Studio Team Services Operations Management Suite & System Center ServiceNow
  • 23. 23Digital Transformation Realized™ Tool Categories and Mapping ServiceNow Operations Management Suite Visual Studio Team Services Azure Machine Learning Modern Service Management Platform Modern Operational and Automation Platform Modern Development Platform Predictive Analytics
  • 24. 24Digital Transformation Realized™ Tool Categories and Mapping Enterprise Mobility + Security Suite Office365 Dynamics 365 Azure Platform as a Service Azure Cloud Platform, Windows Server Azure Stack Windows 10 Microsoft IoT Platform Client Management Platform Collaboration and Business Process Platform Cloud Platform End User Computing Platform
  • 25. 25Digital Transformation Realized™ Anatomy of Attacks and Defense ServiceNow Dynamics Power BI System Center SCCM MIM ATA Azure Stack VM Ware Network EMS OMS USTS Azure ML Log Data ARM + DSC Code Inventory Log Data Log Data Inventory Automation Log Data/IDS ARM + Code DSC Log Data I I IoT Suite
  • 26. Demo
  • 27. The defense against the modern threats of the Digital Transformation start now
  • 28. 28Digital Transformation Realized™ Steps to Starting Out Admit that you can do better Know that you can always do better Make a plan for addressing the security threats that are most relevant based on risk and financial impact First Second Then
  • 29. 29Digital Transformation Realized™ Who Do You Want to Be? Disorganized, Hidden, Unprepared Organized, Transparent, Prepared
  • 30. 30Digital Transformation Realized™ Get Specific with Assessments Discover Assess ID System Owner Business Process Hardware Product Software Product Configuration Threat Vulnerability Controls Impact (Low-Med- High) Complexity (Low-Med- High) Risk (Low-Med- Hgih) Priority 00001 Workstations and Servers Denise Smith X Privilege Escalation Local Administrators LAPS High Low High 1 00002 Active Directory Qiong Wu X Unauthorized Use Privileged Accounts MIM PAM Med Med Low 4 00003 Workstations and Servers Naoki Sato X Code Execution Patching SCCM X Med Med 3 00004 Business Culture Daniel Roth X Social Engineering Phishing KnowBe4 High Low High 2 00005 WiFi Andrea Dunker X Unauthorized Use Pre-shared Key 802.1X Low High Med 5 00006 Workstations and Servers Eric Gruber X Business Data Loss Malicious Software Device Guard High High Med 6
  • 31. 31Digital Transformation Realized™ Concurrency’s Engagements Review, assess and make a plan, strategic and tactical, working with CISO Address threats through targeted process improvements, technologies, and education Develop a backlog and keep improving the security state Plan and Design Execution Continuous Improvement
  • 32. 32Digital Transformation Realized™ Key points Understand that security is not something to procrastinate on Leverage NIST CSF to develop a prioritized plan Address key operating system and identity threats first Don’t underestimate the importance of a security management platform 1 2 3 4
  • 33. 33Digital Transformation Realized™ Digging into the Details Presentations on individual scenarios for the Digital Transformation, including: Securing the Client to Application Threat: Part 1 Securing the Client to Application Threat: Part 2 Securing Content and Communications You will have access to the NIST to Technology Mapping, the whitepaper, and this presentation through a follow-up call
  • 34. Part 1: Securing the Client An Employee, their Laptop and a Hacker walk into a Bar…
  • 35. 35Digital Transformation Realized™ We are not an appealing target for attackers, I’m probably fine. I couldn’t stop them anyway. An attacker would need to get someone’s password to start hacking on us. Breaking into our Network would require an experienced and sophisticated attacker. What do you think?
  • 36. 36Digital Transformation Realized™  I’m using some of the laziest methods  They are easy to demo and understand  Much better methods and tools are available  They are easy to use, but might feel abstract Attack Methods in this Demo
  • 37. 37Digital Transformation Realized™ Attack Pyramid Entry Reconn & Movement End Goal / Exfiltration
  • 39. 39Digital Transformation Realized™ BitLocker Would have prevented access to the file system  Is built-in to Windows Enterprise/Pro Edition  Manage with GPO, MBAM, AAD Join / Intune − “InstantGo” capable devices (aka Connected Standby) − Microsoft Surface/Book, Lenovo ThinkPad, Dell Venue What could have stopped that?
  • 40. 40Digital Transformation Realized™  Conditional Access  Single Sign On  Enterprise State Roaming  MDM Registration / Intune  New Intune Portal! Azure AD Join / Domain Join++
  • 41. 41Digital Transformation Realized™ Social Engineering  Walk-up Access in office  Phishing with Macros  Remote Command and Control What else could have happened?
  • 43. 43Digital Transformation Realized™ Macro Security settings GPO to “Disable all except digitally signed”  GPO for Trust Center/Trusted Locations  Client Activity Analysis with Defender ATP What could have stopped that?
  • 44. What’s on this Laptop?
  • 45. 45Digital Transformation Realized™  BitLocker (indirectly) − Encrypts the file system, not files  Azure Information Protection (Azure RMS) − Encrypts individual files by user action*  Windows Information Protection (WIP, prev. EDP) − Encrypt “Enterprise Data” by device policy What could have stopped that?
  • 47. 47Digital Transformation Realized™ Local Admins can export Wifi Profiles  Exports any network saved by any user  Also exports client-side certificates − Ensure the cert private key is not Exportable − Consider using RADIUS authentication  Consider managing Wifi setting with GPO/MDM What could have stopped that?
  • 48. 48Digital Transformation Realized™ Attack Pyramid Entry Reconn & Movement End Goal / Exfiltration
  • 51. 51Digital Transformation Realized™ − LAPS / Better Passwords • Generate and Rotate STRONG Local Admin Passwords − Device Guard / AppLocker (for non-admins) • Prevent running unsigned applications (mimikatz) − Credential Guard • Prevent dumping hashes − Advanced Threat Analytics • Detected machine account querying AD What could have stopped that?
  • 52. 52Digital Transformation Realized™  LAPS − Randomize and Change STRONG Local Admin Passwords  Windows Firewall − Block RDP / Disable RDP, allow trusted sources  Group Policy − Prevent Remote Use of Local Accounts  Network Segmentation − Separate Client and Servers networks with ACLs What could have stopped that?
  • 53. What’s on this Server?
  • 54. 54Digital Transformation Realized™ Group Managed Service Accounts − Passwords managed by Machines, not saved in registry  Device Guard / AppLocker − Prevent running unsigned applications  GPO / Access Control − Prevent Service Accounts from logging in remotely  Monitor with OMS / SysMon What could have stopped that?
  • 55. 55Digital Transformation Realized™ Attack Pyramid Entry Reconn & Movement End Goal / Exfiltration
  • 56. 56Digital Transformation Realized™ Digital Transformation Realized ™ @MrShannonFritz Attack Plan
  • 57. Stealing AD from the Shadows
  • 58. 58Digital Transformation Realized™  Network Segmentation − Restrict network access to the DC’s  GPO / Access Control − Prevent Non-Domain Admin’s from logging in to DC’s − Prevent Domain Admin’s from being using on Non-DC’s  Isolation / Protection − Restrict access to the DC’s Physical / Virtual hardware What could have stopped that?
  • 60. 60Digital Transformation Realized™ Attack Mitigation Plan stickykeys hijack remote shell macro data theft wifi psk dump reconnaissance rdp vss copy ntds.dit bitlocker macro security gpo azure rms wip certifitate wifi defender atp service secrets gpo aad join / intune ata gmsa device guard isolation gpo / dsc skeleton key krbtgt golden ticket device guard oms / sysmon
  • 61. 61Digital Transformation Realized™ NIST Cybersecurity Framework Core Identify  Asset Inventory  Patches and Updates  Risk Management  Policies Protect  Credentials & Identity  Network Access  User Training  Data Security  Baseline Configuration Detect  Nefarious Activity  Malicious Code  Unauthorized Users  Unauthorized Devices  External Services Respond  Investigations  Forensics  Incidents  Containment  Public Relations Recover  Business Continuity  Communications Microsoft and 3rd Party Products  OMS : Operations Management Suite  SC Operations Mgr  SC Configuration Mgr  SC Service Manager  Intune  Cloud App Security  ServiceNOW  MIM : Identity Mgr  MIM PAM  AAD Premium / PIM  Azure MFA  Intune  Conditional Access  Azure App Proxy  BitLocker  Office 365 ATP  OMS  Advanced Threat Analytics  OMS  Azure AD Premium  Defender ATP  Cloud App Security  O365 Compliance Cntr  Lookout App Security  OMS  SC Service Manager  ServiceNOW  Hyper-V  Storage Replica  DFS  OneDrive for Business  OMS : Site Recovery  SC DPM  Veeam  ServiceNOW
  • 62. 62Digital Transformation Realized™  Sami Laiho – wioski.com  Sean Metcalf – adsecurity.org  Rob Fuller – mubix, room362.com, hak5  Paula Januszkiewicz – cqureacademy.com  Robert Reif – cynosure prime password research  Michael Goetzman – cyphercon.com  Marcus Murray & Hasain Alshakarti – Truesec  Troy Hunt – haveibeenpwned.com, troyhunt.com Acknowledgements / Learn More
  • 63. Securing Content and Communication
  • 64. 64Digital Transformation Realized™ Securing Content and Communication Review of security issues with content and communications scenarios and live review of example Review of technologies to protect content and communications scenarios and live review of example How to get started with protecting content and communications scenarios through both policy and technology
  • 65. 65Digital Transformation Realized™ Data protection realities 87% of senior managers admit to regularly uploading work files to a personal email or cloud account.* 87% 58% have accidentally sent sensitive information to the wrong person.* 58% Focus on data leak prevention for personal devices, but ignore the issue on corporate owned devices where the risks are the same ? %
  • 66. 66Digital Transformation Realized™ Security Issues with Content and Communications Confidential content is everywhere Content needs to be shared, despite its security status Certain locations should never access content Content is shared when not intended to be
  • 67. 67Digital Transformation Realized™ Modern Content Security Needs Protect various content types Protect in-place and in-flight Share with anyone securely Important applications and services are enlightened Meet with varied organizational needs Protect everywhere and layer security
  • 68. 68Digital Transformation Realized™ Technical Solution Layers Applied Network • Location Awareness for Office365 w/ MFA Application • Office365 applies Azure Information Protection Information • Azure Information Protection Operating System • Local Bitlocker Encryption Identity • EM+S with Azure Active Directory Platform Management • Operations Management Suite (OMS) • Enterprise Mobility + Security • ServiceNow
  • 69. 69Digital Transformation Realized™ Steps to Starting Out Define corporate content types and scenarios based on business use cases and organizational policies Build rights management policies based on defined business requirements Incrementally roll out location awareness and Azure Information Protection based on the defined rights management policies and business requirements
  • 70. 70Digital Transformation Realized™ Concurrency’s engagements Plan and Design Review, assess and make a plan, strategic and tactical, working with CISO Execution Address threats through targeted process improvements, technologies, and education Continuous improvement Develop a backlog and keep improving the security state