Security Transformation Overview - Oxford Computer Group...
Transcript of Security Transformation Overview - Oxford Computer Group...
Security Transformation Overview
James Cowling, CTO
NYC CISO Forum
Do Not Distribute
Do Not Distribute
•••
Agenda
Do Not Distribute
•••••
Introductions
Do Not Distribute
Do Not Distribute
•••
•••
Technical and Market Drivers
Do Not Distribute
••
•••
•
•••
What is the Security Transformation?
Do Not Distribute
•
Cyber Attack Cycles
Do Not Distribute
Red Team vs Blue Team
Recon Delivery Foothold Persist Move Elevate Exfiltrate
Gather Detect Alert Triage Context Plan Execute
Do Not Distribute
Increasing Response Speed
Recon Delivery Foothold Persist Move Elevate Exfiltrate
Gather Detect Alert Triage Context Plan Execute
Do Not Distribute
•
•••
Massive Data and Machine Learning
Do Not Distribute
Security Solutions
Do Not Distribute
Security Solutions
Do Not Distribute
•••
•
••
•
Data Protection
Do Not Distribute
••
•
Cloud App Security - Discovery
Do Not Distribute
App Security Scoring
Do Not Distribute
Data Leak Visibility
Do Not Distribute
Data Leak Analysis
Do Not Distribute
Policy Controls
Do Not Distribute
Policy Violations
Do Not Distribute
Security Solutions
Do Not Distribute
Security Solutions
Do Not Distribute
•
•
•
•
•
Endpoint Protection
Do Not Distribute
Malware Protection and Analysis
Do Not Distribute
Incident Analysis
Do Not Distribute
Malware Deep Analysis
Do Not Distribute
•
•
•
Global Signals, used Globally
•
•
Correlation as Data Graph
Do Not Distribute
••
•
•
•
•
Azure Security Graph
Do Not Distribute
Malware Machine Activity
Do Not Distribute
O365 Threat Protection
Do Not Distribute
Machine Activity Details
Do Not Distribute
Real-Time Threat Analysis
Do Not Distribute
Microsoft Advanced Threat AnalyticsSecurity Information and Event Management (SIEM)
ATA
Devices and servers
Behavioral analytics
Forensics for known attacks and issues
Advanced Threat Analytics
Profile normal entity behavior (normal versus abnormal)
Search for known security attacks and issues
Detect suspicious user activities, known attacks, and issues
SIEM Active
Directory
Do Not Distribute
Security Solutions
Azure Security Graph
Do Not Distribute
Anomaly detection• Heuristic and machine learning
Risk event detection• Per user risk level
Risk based policies• Require MFA for risky accounts
Azure AD Identity protection
Do Not Distribute
Azure AD Identity Protection -Dashboard
Do Not Distribute
Azure AD Identity Protection –Risk Events
Do Not Distribute
Identity-Driven Security
Conditions
Allow accessOr
Block access
Actions
Enforce MFA per user/per app
Location (IP range)
Device state
User groupUser
NOTIFICATIONS, ANALYSIS, REMEDIATION,
RISK-BASED POLICIESCLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT
MFA
IDENTITY
PROTECTION
Risk
Do Not Distribute
Operations Management Suite
Do Not Distribute
Gain Insight
Do Not Distribute
Create Alerts
Do Not Distribute
Security Solutions
Azure Security Graph
Do Not Distribute
Security Solutions
Azure Security Graph
Do Not Distribute
••••••
••
•
•
Identity Governance and Protection
Do Not Distribute
•••••
•
Third Party solutions
Do Not Distribute
Security Solutions
Azure Security Graph
Do Not Distribute
Security Solutions
Azure Security Graph
Do Not Distribute
•
•
•
•
Impact of the Security Transformation
Do Not Distribute
•
•••
•
Can you profit from Security Transformation?