Observations and challenges · Network Security Cloud application security Endpoint Security...
Transcript of Observations and challenges · Network Security Cloud application security Endpoint Security...
2
Observations and challenges
Threats increasing in volume and sophistication
Can’t stop all attacks
Integration is required, but can be complex and costly
Requires Blend of Human Expertise and Technology
https://aka.ms/SIRv23
Notable trends this year:Looking beyond the headline-grabbing incidents of 2017, Microsoft analyzed threat intelligence gathered from its global customer base across 100+ countries and millions of computers. This analysis has exposed three interesting topics:
Botnets – Gamarue global impact
Gamarue: Coordinated Malware Eradication
Gamarue: Coordinated Malware Eradication
30%
Reduction
Ransomware: Asia with greatest encounter ratesThree Global Outbreaks Top Encountered Families
Reverse the trend: raising the cost of attack
0% 10% 20% 30% 40% 50% 60% 70%
Network Security
Cloud application security
Endpoint Security
Identity and Access Management
Data Protection (including data loss prevention)
Threat Detection and Response
Which of the following areas will be a priority for your
security program in 2017?
“Banks across the world have paid about $321 billion in fines…as
regulators stepped up scrutiny” – Boston Consulting Group
Enhanced
Increased
Mandatory
Significant
4%
May 25, 2018
2017 Introductions: At least 42 USA states
have introduced more than 240 bills or
resolutions related to cybersecurity. Some of
the key areas of legislative activity include:
• Improving government security practices
• Commissions, task forces and studies
• Funding for cybersecurity programs and
initiatives
• Targeting computer crimes
• Public disclosure of sensitive security
information
• Promoting workforce, training, economic
development
China
• Cyber Security Law came into effect (June 2017)• Intended to strengthen cyber regulations (data privacy
and residency) but may create barriers to trade and innovation (data localization)
Japan
• Cybersecurity guidelines for business leadership –expected executives to take on greater role in cybersecurity
• Act on the Protection of Personal Information – new restrictions to the transfer of personal information beyond Japan
Indonesia
• Cyber Body and National Encryption Agency (June 2017)• Created in response to the WannaCry ransomware
attack
Australia
• Privacy Amendment (Notifiable Data Breaches) Bill to be enacted in Feb 2018
• Australian organizations to publicly disclose any data breach to affect customers
Thailand
• Draft Cyber Security Bill released (July 2017)
• Increase national cyber activity surveillance
Singapore
• Draft Cybersecurity Bill released for public consultation – includes mandatory notification to authorities and newly established information sharing framework
• Proposed changes to the Personal Data Protection Act (revised July 2017) – mandatory disclosure to customers
Microsoft Cloud covers 70 compliance offeringsMicrosoft Cloud has the deepest and most comprehensive compliance coverage in the industry
US G
ov
Glo
bal
Reg
ion
al
Ind
ust
ry
ISO 27001:2013
ISO 27017:2015
ISO 27018:2014
ISO 22301:2012
ISO 9001:2015
ISO 20000-1:2011
SOC 1 Type 2
SOC 2 Type 2
SOC 3
CSA STAR Certification
CSA STAR Attestation
CSA STAR Self-Assessment
WCAG 2.0 (ISO 40500:2012)
FedRAMP High
FedRAMP Moderate
EAR
DoE 10 CFR Part 810
NIST SP 800-171
NIST CSF
Section 508 VPATs
FIPS 140-2
ITAR
CJIS
IRS 1075
PCI DSS Level 1
GLBA
FFIEC
Shared Assessments
FISC (Japan)
FCA (UK)
MAS + ABS (Singapore)
23 NYCRR 500
HIPAA BAA
HITRUST
21 CFR Part 11 (GxP)
MARS-E
NHS IG Toolkit (UK)
NEN 7510:2011 (Netherlands)
FERPA
CDSA
MPAA
DPP (UK)
FACT (UK)
Argentina PDPA
Australia CCSL / IRAP
Canada Privacy Laws
China GB 18030:2005
China DJCP (MLPS) Level 3
Singapore MTCS Level 3
Spain ENS
Spain DPA
UK Cyber Essentials Plus
UK G-Cloud
UK PASF
China TRUCS / CCCPPF
EN 301 549
EU ENISA IAF
EU Model Clauses
EU – US Privacy Shield
Germany C5
DFARS
DoD DISA SRG Level 5
DoD DISA SRG Level 4
DoD DISA SRG Level 2
Germany IT-Grundschutz workbook
India MeitY
Japan CS Mark Gold
Japan My Number Act
Netherlands BIR 2012
New Zealand Gov CC Framework
THE SINGLE BIGGEST ISSUE … FROM
FINANCIAL INSTITUTIONS IS THE NEED
TO SIMPLIFY AND CONSOLIDATE THEIR
SECURITY INFRASTRUCTURE
EVERY DIFFERENT PRODUCT WILL HAVE
SEPARATE MANAGEMENT SYSTEMS, OFTEN
WITH LIMITED CONNECTIVITY TO WORK
ALONGSIDE OTHERS.… THUS SLOWING
DOWN RESPONSE AND REMEDIATION
TIMES
THIS RESULTS IN THE IRONIC
SITUATION OF ACTUALLY
HAVING MORE SECURITY
DEVICES IN YOUR NETWORK
WHICH ACTUALLY MAKES IT
LESS SECURE.
Source: https://www.finextra.com/blogposting/13893/consolidation-and-integration-of-security-solutions-in-financial-services
SOME LARGE FINANCIAL SERVICES ORGANIZATIONS HAVE AS MANY AS 40 OR MORE DIFFERENT SECURITY VENDORS INSIDE THEIR NETWORKS
281K
Managed Windows 10 systems
276K
Mailboxes on Office 365
270K
98% SharePoint sites in the cloud
15b
Max security events recorded
per day
Site locations
775+
Employees
114K 9m
Skype for Business calls/month
1.2m
Devices hitting our network
91%
Sales team usingCRM Online
44%
On-prem server footprint reduction
Microsoft Azure
1.8k
Managed LOB apps
Microsoft Azure
Microsoft security: Assume Breach
Initial compromise
Credential theft
Elevation of privilege?
Reconnaissance
Survive the reboot
Attacker objectives
Lateral movement
Access sensitive data
Incident response…
Persistence
Defender tactics
The known attack playbook
Minutes
3-5 Days
510 days
Microsoft Trust Center
[ Privacy/Compliance boundary ]
{ }
PRODUCT & SERVICE TELEMETRY
MACHINE LEARNING
Microsoft
Azure
Security
Center
Windows
Server
Security
INFRASTRUCTURE
IDENTITY
Windows
Hello
Microsoft
Azure
Active
Directory
Credential
Guard
Microsoft
Advanced
Threat
Analytics
APPS & DATA
Microsoft
Cloud App
Security
Office 365
Data Loss
Prevention
Exchange
Online
Advanced
Threat
Protection
Windows
Information
Protection
Office 365
Customer
Lockbox
Office 365
Advanced
Security
Management
Microsoft
Azure Rights
Management
Windows
BitLocker
Azure
Information
Protection
DEVICES
Windows
Defender
Advanced
Threat
Protection
Device
Guard
Windows
Defender
Enterprise
Mobility +
Security