2

Observations and challenges

Threats increasing in volume and sophistication

Can’t stop all attacks

Integration is required, but can be complex and costly

Requires Blend of Human Expertise and Technology

https://aka.ms/SIRv23

Notable trends this year:Looking beyond the headline-grabbing incidents of 2017, Microsoft analyzed threat intelligence gathered from its global customer base across 100+ countries and millions of computers. This analysis has exposed three interesting topics:

Botnets – Gamarue global impact

Gamarue: Coordinated Malware Eradication

Gamarue: Coordinated Malware Eradication

30%

Reduction

Ransomware: Asia with greatest encounter ratesThree Global Outbreaks Top Encountered Families

Reverse the trend: raising the cost of attack

0% 10% 20% 30% 40% 50% 60% 70%

Network Security

Cloud application security

Endpoint Security

Identity and Access Management

Data Protection (including data loss prevention)

Threat Detection and Response

Which of the following areas will be a priority for your

security program in 2017?

“Banks across the world have paid about $321 billion in fines…as

regulators stepped up scrutiny” – Boston Consulting Group

Enhanced

Increased

Mandatory

Significant

4%

May 25, 2018

2017 Introductions: At least 42 USA states

have introduced more than 240 bills or

resolutions related to cybersecurity. Some of

the key areas of legislative activity include:

• Improving government security practices

• Commissions, task forces and studies

• Funding for cybersecurity programs and

initiatives

• Targeting computer crimes

• Public disclosure of sensitive security

information

• Promoting workforce, training, economic

development

China

• Cyber Security Law came into effect (June 2017)• Intended to strengthen cyber regulations (data privacy

and residency) but may create barriers to trade and innovation (data localization)

Japan

• Cybersecurity guidelines for business leadership –expected executives to take on greater role in cybersecurity

• Act on the Protection of Personal Information – new restrictions to the transfer of personal information beyond Japan

Indonesia

• Cyber Body and National Encryption Agency (June 2017)• Created in response to the WannaCry ransomware

attack

Australia

• Privacy Amendment (Notifiable Data Breaches) Bill to be enacted in Feb 2018

• Australian organizations to publicly disclose any data breach to affect customers

Thailand

• Draft Cyber Security Bill released (July 2017)

• Increase national cyber activity surveillance

Singapore

• Draft Cybersecurity Bill released for public consultation – includes mandatory notification to authorities and newly established information sharing framework

• Proposed changes to the Personal Data Protection Act (revised July 2017) – mandatory disclosure to customers

Microsoft Cloud covers 70 compliance offeringsMicrosoft Cloud has the deepest and most comprehensive compliance coverage in the industry

US G

ov

Glo

bal

Reg

ion

al

Ind

ust

ry

ISO 27001:2013

ISO 27017:2015

ISO 27018:2014

ISO 22301:2012

ISO 9001:2015

ISO 20000-1:2011

SOC 1 Type 2

SOC 2 Type 2

SOC 3

CSA STAR Certification

CSA STAR Attestation

CSA STAR Self-Assessment

WCAG 2.0 (ISO 40500:2012)

FedRAMP High

FedRAMP Moderate

EAR

DoE 10 CFR Part 810

NIST SP 800-171

NIST CSF

Section 508 VPATs

FIPS 140-2

ITAR

CJIS

IRS 1075

PCI DSS Level 1

GLBA

FFIEC

Shared Assessments

FISC (Japan)

FCA (UK)

MAS + ABS (Singapore)

23 NYCRR 500

HIPAA BAA

HITRUST

21 CFR Part 11 (GxP)

MARS-E

NHS IG Toolkit (UK)

NEN 7510:2011 (Netherlands)

FERPA

CDSA

MPAA

DPP (UK)

FACT (UK)

Argentina PDPA

Australia CCSL / IRAP

Canada Privacy Laws

China GB 18030:2005

China DJCP (MLPS) Level 3

Singapore MTCS Level 3

Spain ENS

Spain DPA

UK Cyber Essentials Plus

UK G-Cloud

UK PASF

China TRUCS / CCCPPF

EN 301 549

EU ENISA IAF

EU Model Clauses

EU – US Privacy Shield

Germany C5

DFARS

DoD DISA SRG Level 5

DoD DISA SRG Level 4

DoD DISA SRG Level 2

Germany IT-Grundschutz workbook

India MeitY

Japan CS Mark Gold

Japan My Number Act

Netherlands BIR 2012

New Zealand Gov CC Framework

THE SINGLE BIGGEST ISSUE … FROM

FINANCIAL INSTITUTIONS IS THE NEED

TO SIMPLIFY AND CONSOLIDATE THEIR

SECURITY INFRASTRUCTURE

EVERY DIFFERENT PRODUCT WILL HAVE

SEPARATE MANAGEMENT SYSTEMS, OFTEN

WITH LIMITED CONNECTIVITY TO WORK

ALONGSIDE OTHERS.… THUS SLOWING

DOWN RESPONSE AND REMEDIATION

TIMES

THIS RESULTS IN THE IRONIC

SITUATION OF ACTUALLY

HAVING MORE SECURITY

DEVICES IN YOUR NETWORK

WHICH ACTUALLY MAKES IT

LESS SECURE.

Source: https://www.finextra.com/blogposting/13893/consolidation-and-integration-of-security-solutions-in-financial-services

SOME LARGE FINANCIAL SERVICES ORGANIZATIONS HAVE AS MANY AS 40 OR MORE DIFFERENT SECURITY VENDORS INSIDE THEIR NETWORKS

281K

Managed Windows 10 systems

276K

Mailboxes on Office 365

270K

98% SharePoint sites in the cloud

15b

Max security events recorded

per day

Site locations

775+

Employees

114K 9m

Skype for Business calls/month

1.2m

Devices hitting our network

91%

Sales team usingCRM Online

44%

On-prem server footprint reduction

Microsoft Azure

1.8k

Managed LOB apps

Microsoft Azure

Microsoft security: Assume Breach

Initial compromise

Credential theft

Elevation of privilege?

Reconnaissance

Survive the reboot

Attacker objectives

Lateral movement

Access sensitive data

Incident response…

Persistence

Defender tactics

The known attack playbook

Minutes

3-5 Days

510 days

Microsoft Trust Center

[ Privacy/Compliance boundary ]

{ }

PRODUCT & SERVICE TELEMETRY

MACHINE LEARNING

Microsoft

Azure

Security

Center

Windows

Server

Security

INFRASTRUCTURE

IDENTITY

Windows

Hello

Microsoft

Azure

Active

Directory

Credential

Guard

Microsoft

Advanced

Threat

Analytics

APPS & DATA

Microsoft

Cloud App

Security

Office 365

Data Loss

Prevention

Exchange

Online

Advanced

Threat

Protection

Windows

Information

Protection

Office 365

Customer

Lockbox

Office 365

Advanced

Security

Management

Microsoft

Azure Rights

Management

Windows

BitLocker

Azure

Information

Protection

DEVICES

Windows

Defender

Advanced

Threat

Protection

Device

Guard

Windows

Defender

Enterprise

Mobility +

Security