Post on 07-Apr-2017
OMS Security
Asaf NakashCTO & P-TSP AzureMicrosoft MVPAsaf@cloudvalley.io054-9700780
Any cloud
Any platform
Cybersecurity Meetup
Security challenges
Threats are on the rise
Environments are more complex
Security talent is scarce
Why Security within IT Operations?Issue: ‘IT Operations is responsible for managing datacenter infrastructure, applications, and data, including the stability and security of these systems. However, gaining security insights across increasing complex IT environments often requires organizations to cobble together data from multiple security and management systems - I need a solution that provides me with actionable security insights for all my datacenter resources.’
With OMS, • You can enable both IT ops and security professionals to effectively
monitor your entire environment for security vulnerabilities and active threats – all within the context of operations management.
Holistic Security
IntelligentDetection
Rapid Investigation
Detect Security Risks and Threats Across Your
Environment
bHolistic Security
IntelligentDetection
Rapid Investigation
Holistic Security Posture
Issue: ‘Understanding the security posture of my hybrid-cloud environments is time- consuming, especially as these environments are changing rapidly.’
With OMS, • Quickly and easily understand the overall security posture of any
environment, all within the context of IT Operations, including: software update assessment, antimalware assessment, and configuration baselines. Furthermore, security log data is readily accessible to streamline security and compliance audit processes.
AuditOngoing AssessmentCross-Platform
• Actionable security insights – network, identity, servers, …
• Prioritized notable issues
• Central collection of all security data
• Export to Excel and PowerBI or via API for reporting
• Data retention
• Windows and Linux• On premises, Azure, AWS• Microsoft and 3rd party
security solutions
Holistic Security Posture
Antimalware and Update Assessments• Missing updates
• Antimalware Assessments• Malware reports
Identity and Access• Failed Logons• Password changes• Current activity
Baseline Assessment
• Over 180 recommended security configurations
• Correlation with Microsoft best- practices
Notable Issues• Included common issues• Customizable• Severity and priority
Security Audit• Easily accessible security event
logs• Searchable, actionable• Exportable via API
bHolistic Security
IntelligentDetection
Rapid Investigation
Threat Detection
Issue: ‘Cyber attacks are increasingly common and complex. Timely detection of attacks and breaches is critical to defending your environment’
With OMS, • You can leverage the power of Microsoft’s continuously updated
security intelligence to detect threats sooner and more accurately – across your entire environment.
Continuous Innovation
Security AnalyticsThreat Intelligence
• Rule-based detections• Server and network
behavioral analytics• Anomaly detections
• Ongoing threat monitoring• Validation and tuning• Automatic updates to detection
algorithms
• Intelligent security graph• Global threat database• Specialized security teams
Intelligent Detection
Threat Intelligence• Microsoft security intelligence and
leading intelligence vendors• Detects communication to known
malicious IP addresses
Security Analytics• Behavioral analytics• Event correlation• Continuously updated
bHolistic Security
IntelligentDetection
Rapid Investigation
Threat Investigation
Issue: ‘Determining the nature and source of a security threat or breach is critical to mitigating damage to the business, but is very difficult without leveraging intelligence from security experts or the tools to cross reference data across security domains, and time is critical’
With OMS, • You can leverage the power of Microsoft’s security intelligence, as
well as the tools to search across your environment, to accelerate a comprehensive investigation.
AutomationThreat IntelligenceSearch
• Geo tagging and interactive maps
• Threat intelligence reports
• OMS automation capabilities• Easy search of all security and operational data
Rapid Investigation
Search• Rapid search across all
operations and security data
Threat Intelligence• Interactive map• Built-in reports with insight into
attacker’s know techniques and objectives
• Repeatable plans• Order sequencing• Customizable checkpoints
• Multi-platform support• Community gallery• Partner ecosystem
• Ready-made runbooks • Anywhere triggers• Native webhooks
Integratedsolutions
Orchestrated recovery
OMS Automation
Automated remediation
Microsoft Security AssetsDATA CLOUD &
DATACENTERAPPLICATIONS ENDPOINTS IDENTITY DATA ENDPOINTS
(Devices)IDENTITY CLOUD &
DATACENTERAPPLICATIONS(SaaS)
Rights Management ServicesInformation Protection
Device GuardCredential GuardIntune Windows HelloWindows Defender & ATP
Azure AD Identity Protection Advanced Threat Analytics
OMS SecurityAzure Security Center
Cloud App SecurityAdvanced Threat Protection
© 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.