Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Cloudbrew 2019 - Threat hunting with the Microsoft Cloud

With the release of Azure Sentinel, Microsoft has shifted some features from Azure Security Center to their new threat hunting solution. But how do all the security tools Microsoft offers nowadays integrate with each other? How can you find a way through this security jungle? And how do you make sure to have the right tools in place when it comes to protecting your IT environments and hunting threats?
Join cloud security expert and Microsoft MVP Tom Janetscheck for this demo-rich session to get all these questions answered and to learn how to protect your resources easily and efficiently.

  • Soyez le premier à commenter

Cloudbrew 2019 - Threat hunting with the Microsoft Cloud

  1. 1. #TechforPeople.
  2. 2. welcome.
  3. 3. Innovative technology consulting for business. Threat hunting with the Microsoft Cloud Making data-informed decisions with Microsoft Azure Tom Janetscheck, Principal Cloud Security Architect & Microsoft MVP
  4. 4. about me. Tom Janetscheck Principal Cloud Security Architect @ Devoteam Alegri Focused on Azure Identity, Security, Governance, and Infrastructure International user group and conference speaker Community lead of Azure Meetup Saarbrücken Co-organizer of Azure Saturday Tech blogger and book author @azureandbeyond https://blog.azureandbeyond.com
  5. 5. ● Cloud security challenges Why is cloud security so difficult and identity security so important? ● Azure Security Center Improve your hybrid cloud security posture ● Microsoft Intelligent Security Graph Unique insights, informed by trillions of signals ● Azure Sentinel SIEM/SOAR solution from the cloud ● Demo agenda.
  6. 6. Federal criminal agency – 2018 cybercrime situation report 87.000 cases of cybercrime in 2018 60.000.000 € amount of damage with an immense dark figure Estimated amount of damage according to Bitcom: 100.000.000.000 (!) € per yearSource: BKA - 2018 Cybercrime situation report
  7. 7. Governance – a definition Establishment of policies, and continuous monitoring of their proper implementation, by the members of the governing body of an organization[…]1 1Source: BusinessDictionary
  8. 8. Cyber Threat Hunting – a definition The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions[…]1 1Source: TechRepublic
  9. 9. Today‘s cloud security challenges Increasingly sophisticated attacks It’s both, a strength and a challenge of the cloud. How do you make sure that ever-changing services are up to your security standards? Attack automation and evasion techniques are evolving along multiple dimensions We need human expertise, adaptability, and creativity to combat human threat actors.
  10. 10. Office 365 Modernizing the security perimeter • • + =  
  11. 11. Microsoft Azure Security Center Security Center assesses your environment and enables you to understand the status of your resources, and whether they are secure. Enable actionable, adaptive protections that identify and mitigate risk to reduce exposure to attacks Use advanced analytics and Microsoft Intelligent Security Graph to rapidly detect and respond to evolving cyber threats
  12. 12. Strengthen your security posture Identify shadow IT subscriptions Optimize and improve resource security Continous assessments
  13. 13. Recognize configuration issues
  14. 14. Microsoft Azure Security Center Security Center assesses your environment and enables you to understand the status of your resources, and whether they are secure. Enable actionable, adaptive protections that identify and mitigate risk to reduce exposure to attacks Use advanced analytics and Microsoft Intelligent Security Graph to rapidly detect and respond to evolving cyber threats
  15. 15. Adaptive threat prevention Advanced Threat Protection Native integration with Microsoft Defender ATP for Windows machines Advanced Thread Detection for Linux machines
  16. 16. Microsoft Azure Security Center Security Center assesses your environment and enables you to understand the status of your resources, and whether they are secure. Enable actionable, adaptive protections that identify and mitigate risk to reduce exposure to attacks Use advanced analytics and Microsoft Intelligent Security Graph to rapidly detect and respond to evolving cyber threats
  17. 17. Microsoft Intelligent Security Graph
  18. 18. Inside the Intelligent Security Graph Microsoft Trust Center
  19. 19. SOC Integration Unifying and Informing Analysts GRAPH API Account, Mail, Calendar, documents, directory, devices, etc. { } GRAPH SECURITY API { } http://aka.ms/graphsecurityapi | https://aka.ms/graphsecuritydocs SIEM / Others FIREWALL PROVIDER
  20. 20. Enrichment with Intelligence (Geo location, IP Reputation) Core capabilities Microsoft Services Public Clouds Security solutions Integrate ServiceNow Community Other tools Apps, users, infrastructure Collect Automate & orchestrate response Playbooks Investigate & hunt suspicious activities Interactive Attack Visualization, Azure Notebooks Analyze & detect threats Machine learning, UEBA Data SearchData Repository Azure Monitor (log analytics) Data Ingestion
  21. 21. Assume breach! It’s not a question about the “if”, but about the “when”!
  22. 22. Have your monitoring ready! You need to know what’s going on in your environment. Massive telemetry is necessary!
  23. 23. Leverage AI/ML- based security tools! Human security skills are on short supply so make sure you rely on an intelligent cloud service!
  24. 24. Witness on-stage live attacks against identities and servers and learn how Azure Security Center and Azure Sentinel help you to keep track on current threats. demo.
  25. 25. thank you. #TechforPeople.

×