SlideShare une entreprise Scribd logo

Threat management lifecycle in ottica GDPR

Jürgen Ambrosi
Jürgen Ambrosi

Introduzione agli scenari di autenticazione per i servizi informativi nei contesti lavorativi moderni. Panoramica delle soluzioni offerte dalla soluzione Enterprise Mobility and Security per la messa in sicurezza delle identità e delle informazioni nel loro completo ciclo di vita. Prevenzione, rilevamento, contenimento e risposta a minacce di tipo avanzato con riferimenti alla cyber kill chain (focus su Endpoint, Identità, servizi di produttività e cloud app).

Formation
1  sur  35
Télécharger pour lire hors ligne
Threat Management Lifecycle Antonio Formato – Threat Management antonio.formato@microsoft.com +39 331 7350 247 @anformato
User opens email attachment or clicks on a URL DETECT Attacker steals sensitive data Exploitation of the endpoint Malicious apps and data Advanced threats and abnormal behavior Compromised user credentials Advanced threats to hybrid workloads Attacker installs backdoor to gains persistency Escalates privileges, steels credentials Attackers explores the network and moves to find sensitive data Attacker accesses sensitive data User inserts USB drive Browse to a website
User browses to a website User runs a program Office 365 ATP Email protection User receives an email Opens an attachment Clicks on a URL + Windows Defender ATP End Point protection Brute force an account Reconnaissance Lateral Movement Domain Dominance ATA +Azure ATP Identity protection Maximize detection coverage throughout the attack stages ! ! ! Exploitation Installation Command and Control channel C:
Office 365 Advanced Threat Protection
Protect your data Advanced threat protection: Time of click protection for malicious links Web servers perform latest URL reputation check Rewriting URLs to redirect to a web server. User clicking URL is taken to EOP web servers for the latest check at the “time- of-click”
Protect your data Advanced threat protection: Sandboxing technology for malicious attachments Sandboxing
Protect your data Advanced threat protection: URL detonation SandboxingEmail with link Link added to reputation server
Protect your data Threat protection extends to your entire Office 365 ecosystem Email is only one attack vector Threat protection has extended coverage Microsoft enables security for multiple office workloads Office 365
Protect your data Advanced threat protection for your collaboration workloads Sandboxing and detonation • anonymous links • companywide sharing • explicit sharing • guest user activity collaboration signals • malware in email + SPO • Windows Defender • Windows Defender ATP • suspicious logins • risky IP addresses • irregular file activity threat feeds • users • IPs • On-demand patterns (e.g. WannaCry) activity watch lists Leverage Signals Apply Smart Heuristics Files in SPO, ODB and Teams 1st and 3rd party reputation Multiple AV engines SharePoint OneDrive Microsoft Teams
Protect your data Advanced security for your desktop clients Improve your security against advanced threats, unknown malware, and zero-day attacks Protect users from malicious links with time-of-click protection Safeguard your environment from malicious documents using virtual environments Word Excel PowerPoint
Unified Platform for Endpoint Security
*AV-TEST and AV-Comparatives
*Listed as one of the leaders in the “Ovum Decision Matrix”
Advanced Threat Analytics
Behavioral Analytics (Interaction Map) Detection for known attacks and issues Advanced Threat Detection Piattaforma on-premise per il rilevamento di attacchi avanzati prima che essi causino danni
Abnormal resource access Account enumeration Net Session enumeration DNS enumeration SAM-R Enumeration Abnormal working hours Brute force using NTLM, Kerberos, or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request Abnormal VPN Abnormal authentication requests Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash Malicious service creation MS14-068 exploit (Forged PAC) MS11-013 exploit (Silver PAC) Skeleton key malware Golden ticket Remote execution Malicious replication requests Abnormal Modification of Sensitive Groups Advanced Threat Analytics Reconnaissance ! ! ! Compromised Credential Lateral Movement Privilege Escalation Domain Dominance
Abnormal Behavior  Anomalous logins  Remote execution  Suspicious activity Security issues and risks  Broken trust  Weak protocols  Known protocol vulnerabilities Malicious attacks  Pass-the-Ticket (PtT)  Pass-the-Hash (PtH)  Overpass-the-Hash  Forged PAC (MS14-068)  Golden Ticket  Skeleton key malware  Reconnaissance  BruteForce  Unknown threats  Password sharing  Lateral movement
INTERNET ATA GATEWAY 1 VPN DMZ Web Port mirroring Syslog forwarding SIEM Fileserver DC1 DC2 DC3 DC4 ATA CENTER DB Fileserver ATA Lightweight Gateway :// DNS
Cloud App Security
A comprehensive, intelligent security solution that brings the visibility, real-time control, and security you have in your on-premises network to your cloud applications. ControlDiscover Protect Integrates with your SIEM, Identity and Access Management, DLP and Information Protection solutions
Discover and assess risks Protect your information Detect threats Control access in real time Identify cloud apps on your network, gain visibility into shadow IT, and get risk assessments and ongoing analytics. Get granular control over data and use built-in or custom policies for data sharing and data loss prevention. Identify high-risk usage and detect unusual behavior using Microsoft threat intelligence and research. Manage and limit cloud app access based on conditions and session context, including user identity, device, and location. 101010101 010101010 101010101 01011010 10101
Threat management lifecycle in ottica GDPR

Recommandé

Port of seattle security presentation david morris
Port of seattle security presentation david morrisPort of seattle security presentation david morris
Port of seattle security presentation david morrisEmily2014
 
Web application sec_3
Web application sec_3Web application sec_3
Web application sec_3vhimsikal
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureAlert Logic
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Cybersecurity Education and Research Centre
 
Security Testing For Web Applications
Security Testing For Web ApplicationsSecurity Testing For Web Applications
Security Testing For Web ApplicationsVladimir Soghoyan
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationshipn|u - The Open Security Community
 
Network security
Network security Network security
Network security MD. IFTEKARUL ALAM
 

Recommandé

Port of seattle security presentation david morris
Port of seattle security presentation david morrisPort of seattle security presentation david morris
Port of seattle security presentation david morrisEmily2014
 
Web application sec_3
Web application sec_3Web application sec_3
Web application sec_3vhimsikal
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureSecurity Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas AzureAlert Logic
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Cybersecurity Education and Research Centre
 
Security Testing For Web Applications
Security Testing For Web ApplicationsSecurity Testing For Web Applications
Security Testing For Web ApplicationsVladimir Soghoyan
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationshipn|u - The Open Security Community
 
Network security
Network security Network security
Network security MD. IFTEKARUL ALAM
 
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?BeyondTrust
 
New definition for APT
New definition for APTNew definition for APT
New definition for APTRichard Stiennon
 
PASTA: Risk-centric Threat Modeling
PASTA: Risk-centric Threat ModelingPASTA: Risk-centric Threat Modeling
PASTA: Risk-centric Threat ModelingCraig Walker, CISSP
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008abhijitapatil
 
Computer virus
Computer virusComputer virus
Computer virusAnkita Shirke
 
DevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat ModellingDevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat ModellingzeroXten
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Secure Code Warrior - Defense in depth
Secure Code Warrior - Defense in depthSecure Code Warrior - Defense in depth
Secure Code Warrior - Defense in depthSecure Code Warrior
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceTjylen Veselyj
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3Eoin Keary
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012Tjylen Veselyj
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_applicationUmut IŞIK
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Alert Logic
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack SurfaceAlert Logic
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations CenterAlert Logic
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Alert Logic
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android AppsAbdelhamid Limami
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksMicrosoft
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...Paula Januszkiewicz
 

Contenu connexe

Tendances

Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?BeyondTrust
 
PASTA: Risk-centric Threat Modeling
PASTA: Risk-centric Threat ModelingPASTA: Risk-centric Threat Modeling
PASTA: Risk-centric Threat ModelingCraig Walker, CISSP
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008abhijitapatil
 
DevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat ModellingDevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat ModellingzeroXten
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Secure Code Warrior - Defense in depth
Secure Code Warrior - Defense in depthSecure Code Warrior - Defense in depth
Secure Code Warrior - Defense in depthSecure Code Warrior
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceTjylen Veselyj
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3Eoin Keary
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012Tjylen Veselyj
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_applicationUmut IŞIK
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Alert Logic
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack SurfaceAlert Logic
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations CenterAlert Logic
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Alert Logic
 

Tendances (20)

Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
Active Directory Auditing Tools: Building Blocks or just a Handful of Dust?
 
New definition for APT
New definition for APTNew definition for APT
New definition for APT
 
PASTA: Risk-centric Threat Modeling
PASTA: Risk-centric Threat ModelingPASTA: Risk-centric Threat Modeling
PASTA: Risk-centric Threat Modeling
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
 
Computer virus
Computer virusComputer virus
Computer virus
 
DevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat ModellingDevSecCon Talk: An experiment in agile Threat Modelling
DevSecCon Talk: An experiment in agile Threat Modelling
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Secure Code Warrior - Defense in depth
Secure Code Warrior - Defense in depthSecure Code Warrior - Defense in depth
Secure Code Warrior - Defense in depth
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assurance
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_application
 
Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017Realities of Security in the Cloud - CSS ATX 2017
Realities of Security in the Cloud - CSS ATX 2017
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
 
Stories from the Security Operations Center
Stories from the Security Operations CenterStories from the Security Operations Center
Stories from the Security Operations Center
 
Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)Stories from the Security Operations Center (S.O.C.)
Stories from the Security Operations Center (S.O.C.)
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
 

Similaire à Threat management lifecycle in ottica GDPR

How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksMicrosoft
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...Paula Januszkiewicz
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersSomyos U.
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
Volume And Vectors 090416
Volume And Vectors 090416Volume And Vectors 090416
Volume And Vectors 090416Anthony Arrott
 
Risk assesment IT Security project
Risk assesment IT Security projectRisk assesment IT Security project
Risk assesment IT Security projectStefan Fodor
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxArjayBalberan1
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testingsrivinayak
 
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxSeceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxCompanySeceon
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesSplunk
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!NormShield, Inc.
 
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 SecurityExchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 SecurityHarold Wong
 
Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Preventiondkaya
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsAdeo Security
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Securitydrkelleher
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Miigaa Mine
 

Similaire à Threat management lifecycle in ottica GDPR (20)

How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
 
Network security
Network securityNetwork security
Network security
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 
Volume And Vectors 090416
Volume And Vectors 090416Volume And Vectors 090416
Volume And Vectors 090416
 
Risk assesment IT Security project
Risk assesment IT Security projectRisk assesment IT Security project
Risk assesment IT Security project
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
 
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptxSeceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
Seceon’s Comprehensive Cybersecurity Platform - Seceon.pptx
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting Breaches
 
3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!3rd Party Cyber Security: Manage your ecosystem!
3rd Party Cyber Security: Manage your ecosystem!
 
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 SecurityExchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
 
Ironport Data Loss Prevention
Ironport Data Loss PreventionIronport Data Loss Prevention
Ironport Data Loss Prevention
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Security
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01
 

Plus de Jürgen Ambrosi

Discover AI with Microsoft Azure
Discover AI with Microsoft AzureDiscover AI with Microsoft Azure
Discover AI with Microsoft AzureJürgen Ambrosi
 
Esploriamo Windows 10: nuove funzionalità e aggiornamenti. Potenziare l’esper...
Esploriamo Windows 10: nuove funzionalità e aggiornamenti. Potenziare l’esper...Esploriamo Windows 10: nuove funzionalità e aggiornamenti. Potenziare l’esper...
Esploriamo Windows 10: nuove funzionalità e aggiornamenti. Potenziare l’esper...Jürgen Ambrosi
 
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...Jürgen Ambrosi
 
Power BI Overview e la soluzione SCA per gli Atenei
Power BI Overview e la soluzione SCA per gli Atenei Power BI Overview e la soluzione SCA per gli Atenei
Power BI Overview e la soluzione SCA per gli AteneiJürgen Ambrosi
 
HPC on Azure for Reserach
HPC on Azure for ReserachHPC on Azure for Reserach
HPC on Azure for ReserachJürgen Ambrosi
 
Gruppo di lavoro ICT - attività 2019
Gruppo di lavoro ICT - attività 2019Gruppo di lavoro ICT - attività 2019
Gruppo di lavoro ICT - attività 2019Jürgen Ambrosi
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
 
Proposte ORACLE per la gestione dei contenuti digitali e per la ricerca scien...
Proposte ORACLE per la gestione dei contenuti digitali e per la ricerca scien...Proposte ORACLE per la gestione dei contenuti digitali e per la ricerca scien...
Proposte ORACLE per la gestione dei contenuti digitali e per la ricerca scien...Jürgen Ambrosi
 
Proposte ORACLE per la modernizzazione dello sviluppo applicativo
Proposte ORACLE per la modernizzazione dello sviluppo applicativoProposte ORACLE per la modernizzazione dello sviluppo applicativo
Proposte ORACLE per la modernizzazione dello sviluppo applicativoJürgen Ambrosi
 
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture ITProposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture ITJürgen Ambrosi
 
Dalle soluzioni di BackUp & Recovery al Data management a 360°
Dalle soluzioni di BackUp & Recovery al Data management a 360° Dalle soluzioni di BackUp & Recovery al Data management a 360°
Dalle soluzioni di BackUp & Recovery al Data management a 360° Jürgen Ambrosi
 
Le soluzioni tecnologiche per il disaster recovery e business continuity
Le soluzioni tecnologiche per il disaster recovery e business continuityLe soluzioni tecnologiche per il disaster recovery e business continuity
Le soluzioni tecnologiche per il disaster recovery e business continuityJürgen Ambrosi
 
Le soluzioni tecnologiche per il Copy Data Management
Le soluzioni tecnologiche per il Copy Data ManagementLe soluzioni tecnologiche per il Copy Data Management
Le soluzioni tecnologiche per il Copy Data ManagementJürgen Ambrosi
 
L’assistente virtuale che informa gli studenti: l'esperienza del Politecnico ...
L’assistente virtuale che informa gli studenti: l'esperienza del Politecnico ...L’assistente virtuale che informa gli studenti: l'esperienza del Politecnico ...
L’assistente virtuale che informa gli studenti: l'esperienza del Politecnico ...Jürgen Ambrosi
 
Le soluzioni tecnologiche a supporto del mondo OpenStack e Container
Le soluzioni tecnologiche a supporto del mondo OpenStack e ContainerLe soluzioni tecnologiche a supporto del mondo OpenStack e Container
Le soluzioni tecnologiche a supporto del mondo OpenStack e ContainerJürgen Ambrosi
 
Webinar Fondazione CRUI e VMware: VMware vRealize Suite
Webinar Fondazione CRUI e VMware: VMware vRealize Suite Webinar Fondazione CRUI e VMware: VMware vRealize Suite
Webinar Fondazione CRUI e VMware: VMware vRealize SuiteJürgen Ambrosi
 
Veritas - Software Defined Storage
Veritas - Software Defined StorageVeritas - Software Defined Storage
Veritas - Software Defined StorageJürgen Ambrosi
 
Le soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRLe soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRJürgen Ambrosi
 

Plus de Jürgen Ambrosi (20)

Discover AI with Microsoft Azure
Discover AI with Microsoft AzureDiscover AI with Microsoft Azure
Discover AI with Microsoft Azure
 
IBM Cloud Platform
IBM Cloud Platform IBM Cloud Platform
IBM Cloud Platform
 
Laboratori virtuali
Laboratori virtualiLaboratori virtuali
Laboratori virtuali
 
Esploriamo Windows 10: nuove funzionalità e aggiornamenti. Potenziare l’esper...
Esploriamo Windows 10: nuove funzionalità e aggiornamenti. Potenziare l’esper...Esploriamo Windows 10: nuove funzionalità e aggiornamenti. Potenziare l’esper...
Esploriamo Windows 10: nuove funzionalità e aggiornamenti. Potenziare l’esper...
 
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
 
Power BI Overview e la soluzione SCA per gli Atenei
Power BI Overview e la soluzione SCA per gli Atenei Power BI Overview e la soluzione SCA per gli Atenei
Power BI Overview e la soluzione SCA per gli Atenei
 
HPC on Azure for Reserach
HPC on Azure for ReserachHPC on Azure for Reserach
HPC on Azure for Reserach
 
Gruppo di lavoro ICT - attività 2019
Gruppo di lavoro ICT - attività 2019Gruppo di lavoro ICT - attività 2019
Gruppo di lavoro ICT - attività 2019
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
 
Proposte ORACLE per la gestione dei contenuti digitali e per la ricerca scien...
Proposte ORACLE per la gestione dei contenuti digitali e per la ricerca scien...Proposte ORACLE per la gestione dei contenuti digitali e per la ricerca scien...
Proposte ORACLE per la gestione dei contenuti digitali e per la ricerca scien...
 
Proposte ORACLE per la modernizzazione dello sviluppo applicativo
Proposte ORACLE per la modernizzazione dello sviluppo applicativoProposte ORACLE per la modernizzazione dello sviluppo applicativo
Proposte ORACLE per la modernizzazione dello sviluppo applicativo
 
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture ITProposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture IT
 
Dalle soluzioni di BackUp & Recovery al Data management a 360°
Dalle soluzioni di BackUp & Recovery al Data management a 360° Dalle soluzioni di BackUp & Recovery al Data management a 360°
Dalle soluzioni di BackUp & Recovery al Data management a 360°
 
Le soluzioni tecnologiche per il disaster recovery e business continuity
Le soluzioni tecnologiche per il disaster recovery e business continuityLe soluzioni tecnologiche per il disaster recovery e business continuity
Le soluzioni tecnologiche per il disaster recovery e business continuity
 
Le soluzioni tecnologiche per il Copy Data Management
Le soluzioni tecnologiche per il Copy Data ManagementLe soluzioni tecnologiche per il Copy Data Management
Le soluzioni tecnologiche per il Copy Data Management
 
L’assistente virtuale che informa gli studenti: l'esperienza del Politecnico ...
L’assistente virtuale che informa gli studenti: l'esperienza del Politecnico ...L’assistente virtuale che informa gli studenti: l'esperienza del Politecnico ...
L’assistente virtuale che informa gli studenti: l'esperienza del Politecnico ...
 
Le soluzioni tecnologiche a supporto del mondo OpenStack e Container
Le soluzioni tecnologiche a supporto del mondo OpenStack e ContainerLe soluzioni tecnologiche a supporto del mondo OpenStack e Container
Le soluzioni tecnologiche a supporto del mondo OpenStack e Container
 
Webinar Fondazione CRUI e VMware: VMware vRealize Suite
Webinar Fondazione CRUI e VMware: VMware vRealize Suite Webinar Fondazione CRUI e VMware: VMware vRealize Suite
Webinar Fondazione CRUI e VMware: VMware vRealize Suite
 
Veritas - Software Defined Storage
Veritas - Software Defined StorageVeritas - Software Defined Storage
Veritas - Software Defined Storage
 
Le soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRLe soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPR
 

Dernier

Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsManeerUddin
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxleah joy valeriano
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 

Dernier (20)

Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture hons
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 

Threat management lifecycle in ottica GDPR

  • 1. Threat Management Lifecycle Antonio Formato – Threat Management antonio.formato@microsoft.com +39 331 7350 247 @anformato
  • 2. User opens email attachment or clicks on a URL DETECT Attacker steals sensitive data Exploitation of the endpoint Malicious apps and data Advanced threats and abnormal behavior Compromised user credentials Advanced threats to hybrid workloads Attacker installs backdoor to gains persistency Escalates privileges, steels credentials Attackers explores the network and moves to find sensitive data Attacker accesses sensitive data User inserts USB drive Browse to a website
  • 3. User browses to a website User runs a program Office 365 ATP Email protection User receives an email Opens an attachment Clicks on a URL + Windows Defender ATP End Point protection Brute force an account Reconnaissance Lateral Movement Domain Dominance ATA +Azure ATP Identity protection Maximize detection coverage throughout the attack stages ! ! ! Exploitation Installation Command and Control channel C:
  • 4. Office 365 Advanced Threat Protection
  • 5. Protect your data Advanced threat protection: Time of click protection for malicious links Web servers perform latest URL reputation check Rewriting URLs to redirect to a web server. User clicking URL is taken to EOP web servers for the latest check at the “time- of-click”
  • 6. Protect your data Advanced threat protection: Sandboxing technology for malicious attachments Sandboxing
  • 7. Protect your data Advanced threat protection: URL detonation SandboxingEmail with link Link added to reputation server
  • 8. Protect your data Threat protection extends to your entire Office 365 ecosystem Email is only one attack vector Threat protection has extended coverage Microsoft enables security for multiple office workloads Office 365
  • 9. Protect your data Advanced threat protection for your collaboration workloads Sandboxing and detonation • anonymous links • companywide sharing • explicit sharing • guest user activity collaboration signals • malware in email + SPO • Windows Defender • Windows Defender ATP • suspicious logins • risky IP addresses • irregular file activity threat feeds • users • IPs • On-demand patterns (e.g. WannaCry) activity watch lists Leverage Signals Apply Smart Heuristics Files in SPO, ODB and Teams 1st and 3rd party reputation Multiple AV engines SharePoint OneDrive Microsoft Teams
  • 10. Protect your data Advanced security for your desktop clients Improve your security against advanced threats, unknown malware, and zero-day attacks Protect users from malicious links with time-of-click protection Safeguard your environment from malicious documents using virtual environments Word Excel PowerPoint
  • 11. Unified Platform for Endpoint Security
  • 12.
  • 13.
  • 14.
  • 15.
  • 17.
  • 18. *Listed as one of the leaders in the “Ovum Decision Matrix”
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 27. Behavioral Analytics (Interaction Map) Detection for known attacks and issues Advanced Threat Detection Piattaforma on-premise per il rilevamento di attacchi avanzati prima che essi causino danni
  • 28.
  • 29. Abnormal resource access Account enumeration Net Session enumeration DNS enumeration SAM-R Enumeration Abnormal working hours Brute force using NTLM, Kerberos, or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request Abnormal VPN Abnormal authentication requests Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash Malicious service creation MS14-068 exploit (Forged PAC) MS11-013 exploit (Silver PAC) Skeleton key malware Golden ticket Remote execution Malicious replication requests Abnormal Modification of Sensitive Groups Advanced Threat Analytics Reconnaissance ! ! ! Compromised Credential Lateral Movement Privilege Escalation Domain Dominance
  • 30. Abnormal Behavior  Anomalous logins  Remote execution  Suspicious activity Security issues and risks  Broken trust  Weak protocols  Known protocol vulnerabilities Malicious attacks  Pass-the-Ticket (PtT)  Pass-the-Hash (PtH)  Overpass-the-Hash  Forged PAC (MS14-068)  Golden Ticket  Skeleton key malware  Reconnaissance  BruteForce  Unknown threats  Password sharing  Lateral movement
  • 31. INTERNET ATA GATEWAY 1 VPN DMZ Web Port mirroring Syslog forwarding SIEM Fileserver DC1 DC2 DC3 DC4 ATA CENTER DB Fileserver ATA Lightweight Gateway :// DNS
  • 33. A comprehensive, intelligent security solution that brings the visibility, real-time control, and security you have in your on-premises network to your cloud applications. ControlDiscover Protect Integrates with your SIEM, Identity and Access Management, DLP and Information Protection solutions
  • 34. Discover and assess risks Protect your information Detect threats Control access in real time Identify cloud apps on your network, gain visibility into shadow IT, and get risk assessments and ongoing analytics. Get granular control over data and use built-in or custom policies for data sharing and data loss prevention. Identify high-risk usage and detect unusual behavior using Microsoft threat intelligence and research. Manage and limit cloud app access based on conditions and session context, including user identity, device, and location. 101010101 010101010 101010101 01011010 10101