Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Azure Security Overview

218 vues

Publié le

here's where Microsoft has invested, across these areas: identity and access management, apps and data security, network security, threat protection, and security management. ​

We’ve put a tremendous amount of investment into these areas and the way it shows up is across a pretty broad array of product areas and features. ​

Our Identity and Access Management tools enable you to take an identity-based approach to security, and establish truly conditional access policies​
Our App and Data Security help you protect your apps and your data as it moves around—both inside and outside your organization​
Azure includes a robust networking infrastructure with built-in security controls for your application and service connectivity.  ​
Our Threat Protection capabilities are built in and fully integrated, so you can strengthen both pre-breach protection with deep capabilities across e-mail, collaboration services, and end points including hardware based protection; and post-breach detection that includes memory and kernel based protection and response with automation.​
And our Security Management tools give you the visibility and more importantly the guidance to manage policy centrally​

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Azure Security Overview

  1. 1. Azure security David J. Rosenthal VP & GM, Digital Business September 15, 2020
  2. 2. The security landscape Increasing complexity Evolving threats Rising costs Talent gap On- premises Cloud
  3. 3. 95% of Fortune 500 businesses trust Microsoft Cloud “Azure complies with multiple international and industry security compliance standards and certifications that our customers demand. This allows us to offer our solutions in Azure with confidence.” — Brandon Pulsipher, Vice President of Technical Operation and Managed Services “From a security point of view, I think Azure is a demonstrably more secure environment than most banks’ datacenters.” — John Schlesinger, Chief Enterprise Architect “Microsoft has a great commitment to the problems of the enterprise. The security built into Azure is huge for us and ensures the safety of our data wherever it is.” — Julia Anderson, Global Chief Information Officer “Building with the additional layer of Azure security, we feel we have a far better security posture than we could provide ourselves.” — Thomas Fredell, Chief Product Officer “Today, our operations team saves at least 30 percent of its time by using Security Center.” — Monish Darda, Co-founder and CTO
  4. 4. Security operations that work for you Partnerships for a heterogeneous worldEnterprise-class technology
  5. 5. Security operations that work for you Partnerships for a heterogeneous worldEnterprise-class intelligent security
  6. 6. A secure foundation at global scale Each physical datacenter protected with world-class, multi-layered protection Secured with cutting- edge operational security • Restricted access • 24x7 monitoring • Global security experts Global cloud infrastructure with custom hardware and network protection Over 100 datacenters across the planet
  7. 7. Protect customer data Data, network segregation. DDoS protection at the edge Secure hardware Custom-built hardware with integrated security and attestation Continuous testing Red team exercises by Microsoft teams, vulnerability scanning & continuous monitoring Azure infrastructure security Secure foundation Customer 2Customer 1
  8. 8. Security operations that work for you
  9. 9. Microsoft Intelligent Security Graph 450B monthly authentications 18B+ Bing web pages scanned 1B+ Azure user accounts Enterprise security for 90% of Fortune 500 5B threats detected on devices every month Shared threat data from partners, researchers, and law enforcement worldwide Botnet data from Microsoft Digital Crimes Unit 6.5B threat signals analyzed daily 400B emails analyzed 200+ global cloud consumer and commercial services OneDrive Microsoft accounts Bing Azure Outlook Windows Unique insights, informed by trillions of signals
  10. 10. Stopping cyber attacks Intelligent Edge Intelligent Cloud Big data analytics Detonation-based ML models Sample analysis-based ML models Metadata-based ML models Local ML models, behavior-based detection algorithms, generics, heuristics March 6 – Behavior-based detection algorithms blocked more than 400,000 instances of the Dofoil trojan. February 3 – Client machine learning algorithms automatically stopped the malware attack Emotet in real time. October 2017 – Cloud-based detonation ML models identified Bad Rabbit, protecting users 14 minutes after the first encounter. 2017 2018 August 2018 – Cloud machine learning algorithms blocked a highly targeted campaign to deliver Ursnif malware to under 200 targets Real-world intelligence at work
  11. 11. Security operations that work for you Partnerships for a heterogeneous worldEnterprise-class intelligent security
  12. 12. Cloud Services Security is a Shared Responsibility The security of your Microsoft cloud service is a partnership between You and Microsoft. Microsoft cloud services are built on a foundation of trust and security. Microsoft provides you security controls and capabilities to help you protect your data and applications You own your data and identities and the responsibility for protecting them, the security of your on- premises resources, and the security of cloud components you control (varies by service Administration Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Managed by Customer Managed by Service Provider IaaSOn Prem PaaS SaaS
  13. 13. Identity & access Apps & data security Network security Threat protection Security management Azure Built-in Controls Defense in Depth Technology
  14. 14. Identity and access management
  15. 15. Identity and access management Secure identities to reach zero trust Identity protection Secure authentication Role based access control, Conditional access
  16. 16. Customer Lockbox to control Microsoft support access No standing access to production servers and services Multi-factor authentication required for admin actions “Secure Workstations” required to access production Access requests are audited, logged, and monitored Customers approve Just in Time Microsoft support engineer access for issue resolution Operational Security
  17. 17. Apps and data security
  18. 18. Control data through its lifecycle Standard Data Protection At rest Encrypt data when stored in blob storage, database, etc. Examples: Azure Storage Service Encryption SQL Server Transparent Database Encryption (TDE) In use Protect/Encrypt data that is in use during computation Examples: Trusted Execution Environments such as Intel SGX and VBS Homomorphic encryption In transit Encrypt data that is flowing between untrusted public or private networks Examples: HTTPS TLS
  19. 19. Safeguard cryptographic keys and other secrets used by cloud apps and services Encrypt keys and small secrets using keys in Hardware Security Modules (HSMs) Simplify and automate tasks for SSL/TLS certificates, enroll and automatically renew certificates Rapidly scale to meet the cryptographic needs of your cloud applications and match peak demand Key, Secrets & Certificate Management- Azure Key Vault Virtual Machines Applications Storage & Databases
  20. 20. Network security
  21. 21. Network protection services enabling zero trust Distributed inbound & outbound network (L3-L4) traffic filtering on VM, Container or subnet Network Security Groups Centralized inbound web application protection from common exploits and vulnerabilities Web Application Firewall Micro segmentationApplication protection Centralized outbound and inbound (non-HTTP/S) network and application (L3-L7) filtering Azure Firewall Restrict access to Azure service resources (PaaS) to only your Virtual Network Service Endpoints DDoS protection DDOS protection tuned to your application traffic patterns
  22. 22. Threat protection
  23. 23. Server Protection Threat Detection Brute force protection Azure VMs, Apps & Data (IaaS & PaaS services) Server workloads on- premises & Other clouds Windows Server EDR with Windows Defender ATP Linux server threat protection Machine learning based Application Whitelisting Actionable alerts for incidents Investigation for entire kill chain Automated response with Logic Apps workflow Just in time access to management ports Azure Security Center Protecting hybrid cloud workloads Export to Excel and Power BI Threat Detections, Prescriptive Recommendations
  24. 24. Security management
  25. 25. Speed + Control Cloud Custodian Team Developers Operations Cost Management Management Groups Templates RBAC Blueprints Policies Policy Cloud-native governance -> removing barriers to compliance and enabling velocity
  26. 26. Governance for the cloud The broadest governance portfolio of any cloud Management Group Define organizational hierarchy Hierarchy Policy Real-time enforcement, compliance assessment and remediation Control Cost Management Monitor cloud spend and optimize resources Consumption NEWNEW Blueprints Deploy and update cloud environments in a repeatable manner using composable artifacts Environment NEW Resource Graph Query, explore & analyze cloud resources at scale Visibility
  27. 27. Gain visibility and guidance to improve security state CSPM Continuous assessment of security state with a dynamic secure score Best practice recommendations Central policy for security and compliance Across all your workloads
  28. 28. Microsoft Antimalware for Azure Azure Log Analytics Azure Security CenterVNET, VPN, NSG Application Gateway (WAF), Azure Firewall DDoS Protection Standard ExpressRoute Encryption (Disks, Storage, SQL) Azure Key Vault Confidential Computing Azure Active Directory Multi-Factor Authentication Role Based Access Control Azure Active Directory (Identity Protection) + Partner Solutions Simplify security management with Azure services App and Data protection Network security Threat protection Identity & access management Security management
  29. 29. Security operations that work for you Enterprise-class intelligent security Partnerships for a heterogeneous world
  30. 30. Partnerships for a heterogeneous world Work with industry alliances Work with government Partner with peers
  31. 31. Teaming up with our security partners to build an ecosystem of intelligent security solutions that better defend against a world of increased threats Microsoft Intelligent Security Association Collaboration strengthens protection
  32. 32. And hundreds more with new partners integrating every month Extend your existing security solution to Azure with Marketplace Palo Alto Networks Qualys Inc HPE ArcSight Splunk IBM QRadar Partner solutions Data protection Network security Threat protection Identity & access management Security management
  33. 33. Azure security Identity & access Apps & data security Network security Threat protection Security management Role based access Encryption DDoS Protection Antimalware Log Management Multi-Factor Authentication Confidential Computing NG Firewall AI Based Detection and Response Security Posture Assessment Central Identity Management Key Management Web App Firewall Cloud Workload Protection Policy and governance Identity Protection Certificate Management Private Connections SQL Threat Protection Regulatory Compliance Privileged Identity Management Information Protection Network Segmentation IoT Security SIEM Defense in Depth Microsoft + Partners
  34. 34. Security operations that work for you Partnerships for a heterogeneous worldEnterprise-class technology
  35. 35. © 2020 Razor Technology, LLC www.razor-tech.com David Rosenthal VP & General Manager Digital Business @DavidJRosenthal Slideshare Blog: www.razor-tech.com 5 Tower Bridge 300 Barr Harbor Dr., Suite 705 West Conshohocken, PA 19428 www.razor-tech.com David.Rosenthal@razor-tech.com Office: 866.RZR.DATA LETS KEEP IN TOUCH
  36. 36. © Copyright Microsoft Corporation. All rights reserved.