Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Technology Trends and the...
-
Upload
microsoft -
Category
Technology
-
view
153 -
download
0
description
Transcript of Cyber Security Conference - A deeper look at Microsoft Security Strategy, Technology Trends and the...
Year 2025world Internet usersof consumer electronics sold
in emerging economies
mobile Internet
subscriptions globally
data will move through
or be stored in the cloud
Security and privacy are a top leadership concern
3
Managing risk in an increasingly connected world
“This Nexus of Forces is impacting
security in terms of new vulnerabilities.
–Ruggero Contu, Christian Canales and Lawrence Pingree. Forecast Overview: Information Security, Worldwide, 2014 Update. Gartner, Inc. June 25, 2014.
Impact of cyber attacks could be
as much as $3 trillion in lost
productivity and growth
ImplicationsJob security Customer loyalty
Intellectual property
Legal liabilityBrand reputation
$ 3.5MAverage cost of
a data breach toa company
15 % increase YoY
median # of days attackers are
present on a victim network
before detection243
level issue
is a
CxO
Security
Verizon, “2014 Data Breach Investigations Report”
74.8%Percentage of total security
incidents in 2013 directed toward
public sector
Make no mistake…we are Under AttackPublic Sector, Retail, Financial Services &
SOE’s are the primary targets
Some More Details - Evolution to Targeted Threats
Indiscriminate Targeted
Consumer Enterprise Target
Single Vector Multi-vector
Manual Automated
Desktop Device and Cloud
Visible Concealed
Lone Agent Organised Ecosystem
Spam Information Theft
Information Theft Information Destruction
“The world is changing very fast. Big will not beat small anymore. It will be the fast
beating the slow.” Rupert Murdoch
Origin of Data Breaches
Who is behind data breaches? How do breaches occur?
98% stemmed from external agents (+6%)
4% implicated internal employees (-13%)
<1% committed by business partners (<>)
58% of all data theft tied to activist groups
81% utilized some form of hacking (+31%)
69% incorporated malware (+20%)
10% involved physical attacks (-19%)
7% employed social tactics (-4%)
5% resulted from privilege misuse (-12%)
Source: Verizon 2012 Data Breach investigations Report
We are not combating hackersWe are combating an ecosystem
Simplified diagram of the abuse supply chain
Coordination
CollaborationDisruption
set policies and principles
identify, block, sinkhole
Seize, prosecute, takedown
security by design
identify, block, partner
starve
Anti-malware and
security ecosystem
Large-scale Public Services
Cloud Providers, Telco’s
Government Ad Networks
Banks, Finance, Commerce
OEMs
Vendors
CERTs, ISPs &
Law Enforcement
How do we win?It will take a partnership
Microsoft Experience and Credentials
Dependable, available
Predictable, consistent,
responsive service
Maintainable
Resilient, easily restored
Proven, ready
Trustworthy ComputingWorking Toward a Safer, More Trusted Internet
Security Privacy Business PracticesReliability
Secures against attacks
Protects confidentiality,
integrity, and availability
of data and systems
Helps manage risk
Protects from unwanted
communication
User choice and control
Products, online services
adhere to fair information
principles
Commitment to
customer-centric
interoperability
Recognized industry
leader, world-class
partner
Open, transparent
Elements to a Resilient Infrastructure
Protect Detect
Threat Information
Management
Response
14
Resilience against modern
Cyberthreats
-
The Hockey Analogy
Placeholder for hockey player picture 😏
15
Coaching
Management
Build the Foundation for Success and Adapt to
Changes
16
Goalie
Protect
Patch, Deploy Newer Products, Apply the SDL
17
Awareness
Detect
Active Attacks
18
Defense
Response
Customer, CSS and Cybersecurity Team
Intelligence
Threat Information
20
Protect
Patch, Deploy Newer
Products, Apply the SDL
Detect
Active Attacks
Response
Customer, CSS and
Cybersecurity Incident
Response
Threat Information
Management
Overa
ll R
esi
lien
ce o
f an
Org
an
izati
on
s IT
Infr
ast
ruct
ure
Achieving Overall Resilience
Cloud Resilience
On-Premises Systems Resilience
We aggressively fight
cybercrime and advocate
extensively for enhancing
cybersecurity
We invest deeply in
building a trustworthy
computing platform
and security expertise
Microsoft is committed to protecting our customersand being a global cybersecurity advocate
We have strong
principles and policies
that empower you to be
in control of your
information
SecurityPrivacy
Compliance
Transparency
AdvocacyRisk management Governance
• Deeper source inspection
Achieving Overall Resilience
Cloud Security and Compliance
Trustworthy Cloud
Public Data Internal Data Confidential Data
Commitment to industry standards and organizational compliance
On personal devices
24 x 7 collaborationOn the road In the officeAt home
Through social media
Overa
ll R
esi
lien
ce o
f an
Org
an
izati
on
s IT
Infr
ast
ruct
ure
Wrapping Up: Overall Resilience
Use trustworthy cloud services to take advantage of the industry leading security processes, technology and skills deployed in Microsoft’s Cloud Services
Clo
ud
Resi
lien
ce
Stay Current (Upgrade) + Patch Management
Align Active Directory to Threat Environment
Assess Threats and Countermeasures
Implement Secure Development Practices
Use secured devices and enterprise mobility management to gain more control over information and apps in a BYOD as well as enterprise steered device strategy
Work with Microsoft’s Consulting Services to implement the security pillars Protect, Detect and Respond to achieve resilience in your on-premises infrastructure.O
n-P
rem
ises
Syst
em
s
Resi
lien
ce
36
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Reto HaeniChief Security Officer & AdvisorMicrosoft Western Europe [email protected]: www.retohaeni.net