Microsoft Enterprise Mobility and Security EMS

Security for the productive enterprise
in a mobile-first cloud-first world
David J. Rosenthal
VP & GM, Digital Business
Razor Technology
January 8, 2018
Microsoft MTC New York City
Enterprise Mobility + Security (EMS)

Microsoft Enterprise Mobility + Security
Digital transformation
Protect at the front door
Protect your data, anywhere
Detect and remediate attacks
Agenda

of employees say mobile business
apps change how they work
80%
of employees use non-approved
SaaS apps for work
41%
85%
of enterprise organizations keep
sensitive information in the cloud
On-premises

Devices AppsIdentity Data
On-premises

THE PROBLEM
The security you need integrated
with the productivity tools you want
Productivity
Secure
On-premises
OR
Security
It’s a delicate balance

Information
Rights
Management
Mobile Device
& Application
Management
Cloud Access
Security
Broker
SIEM
Data Loss
Prevention
User &
Entity
Behavioral
Analytics
Mobile
Data Loss
Prevention
Threat
Detection
Identity
governance
Single-
sign on
Cloud
Data Loss
Prevention
Conditional
access
Discovery
Cloud
visibility
Secure
collaboration
Cloud
anomaly
detection
Identity & Access
Management

Identity & Access
Management
Mobile Device
& Application
Management
Data Loss
Prevention
User &
Entity
Behavioral
Analytics
Cloud Access
Security
Broker
Information
Rights
Management
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
Cloud Access Security Broker
Mobile Device &
App Management
Identity & Access
Management
User & Entity
Behavioral Analytics
Data Loss Prevention
Cloud Access Security Broker

Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere

Mobile device &
app management
Information
protection
Identity and access
management
Threat
protection
Holistic and innovative solutions for protection across users, devices, apps and data
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere

Enterprise Mobility + Security
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere

Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere

of hacking breaches
leverage stolen and/or
weak passwords
81%
Protect at the
front door
Verizon 2017 Data Breach Investigation Report

Who is accessing? What is their role?
Is the account compromised?
Where is the user based? From where is
the user signing in? Is the IP anonymous?
Which app is being accessed?
What is the business impact?
Is the device healthy? Is it managed?
Has it been in a botnet?
What data is being accessed?
Is it classified? Is it allowed off premises?

Bing
Xbox Live
OneDrive
Microsoft Digital
Crimes Unit
Microsoft Cyber Defense
Operations Center
Azure
Microsoft
Accounts
Skype Enterprise Mobility
+ Security
Azure Active Directory

IF
Privileged user?
Credentials found in public?
Accessing sensitive app?
Unmanaged device?
Malware detected?
IP detected in Botnet?
Impossible travel?
Anonymous client?
High
Medium
Low
User risk
10TB
per day
THEN
Require MFA
Allow access
Deny access
Force password reset******
Limit access
High
Medium
Low
Session risk

Enforce on-demand,just-in-time administrative access when needed
Use Alert, Audit Reports and Access Review
Domain
User
Global
Administrator
Discover, restrict, and monitor privileged identities
Domain
User
Administrator
privileges expire after
a specified interval

USER
Role: Sales Account Rep
Group: London Users
Client: Mobile
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
CONDITIONAL
ACCESS RISK
Health:Fully patched
Config:Managed
Last seen: London, UK
High
Medium
Low Allow access
TRAVEL EXPENSE
APP

USER
Role: VP Marketing
Group: Executive Users
Client: Mobile
Config: Corp Proxy
CONDITIONAL
ACCESS RISK
Health:Fully patched
Config:Managed
Last seen: London, UK
High
Medium
Low Require MFA
CONFIDENTIAL
SALES APP
CONDITIONAL
ACCESS POLICY
User is a member of
a sensitive group.
Application is classified
High Business Impact.

USER
Role: Sales Account Representative
Group: London Users
Client: Mobile
Config: Corp Proxy
SALES APP
CONDITIONAL
ACCESS RISK
Health: Unknown
Client: Browser
Config: Anonymous
Last seen: Asia
High
Medium
Low
Anonymous IP
Unfamiliar sign-in location for this user
Block access
Force password
reset

Protect at the
front door
Demo

Protect your
data anywhere
of workers have
accidentally shared
sensitive data to
the wrong person
58%
Stroz Friedberg

How much control do
you have over data?
OUT OF YOUR CONTROL

How do I protect corporate
files on mobile devices?
How do I protect the data
that’s shared externally?
How do I discover and
protect data in SaaS apps?
How do I protect sensitive data
on premises and in the cloud?

OUT OF YOUR CONTROL
Classification, labeling, and
protection for sensitive data
on-premises and in the cloud
Data protection
on mobile devices
Data visibility and
protection in cloud
and SaaS applications

Protect sensitive data on-premises and in the cloud
Classification
and labeling
Classify data based on
sensitivity and add labels—
manually or automatically.
Protection
Encrypt your sensitive
data and define usage
rights or add visual
markings when
needed.
Monitoring
Use detailed tracking
and reporting to see
what’s happening with
your shared data and
maintain control over it.

Gain visibility and control over data in cloud apps
Cloud discovery
Discover cloud apps used in your
organization, get a risk assessment
and alerts on risky usage.
Data visibility
Gain deep visibility into where
data travels by investigating all
activities, files and accounts for
managed apps.
Data control
Monitor and protect personal and
sensitive data stored in cloud apps
using granular policies.

Role: Finance
Group: Contoso Finance
Office: London, UK
INTERNAL
Azure information
protection
Identifies document tagged
INTERNAL being shared publicly
Move to
quarantine
Restricted
to owner
USER
Uploaded to
public share
Admin notified
about problem.
CLOUD APP
SECURITY PORTAL

Advanced device
management
Enforce device encryption,
password/PIN requirements,
jailbreak/root detection, etc.
Device security configuration
Restrict access to specific
applications or URL
addresses on mobile
devices and PCs.
Restrict apps and URLs
Managed apps
Personal appsPersonal apps
MDM (3rd party or Intune) optional
Managed apps
Corporate
data
Personal
data
Multi-identity policy
Control company data after
it has been accessed, and
separate it from personal
data.
Data control / separation

USER
User is prompted
to create a PIN
User edits
document stored
in OneDrive for
Business
User saves
document to…
User adds
business account
to OneDrive app
Intune configures
app protection policy
OneDrive
for Business
Allow
access
• Copy/Paste/SaveAs controls
• PIN required
• Encrypt storage

User is prompted
to enroll device
Device checked
for compliance
Business email
account is added
User adds
business account
to email app
Intune enrolls device
and applies policies
CORPORATE
EMAIL
Allow
access
• PIN required
• Encrypt storage
• Image is not jailbroken
USER

Protect your
data anywhere
Demo

Detect &
remediate attacks
PhishMe 2016
of cyberattacks and
the resulting data
breach begin with a
spear phishing email
91%

How quickly are you
able to detect attacks?

How do I detect attackers moving
laterally in my environment?
How do I detect Pass-the-Hash?
Pass-the-Ticket?
How do I detect compromised
credentials?
Aren’t rules-based security solutions
enough?
How can I remediate in real-time?
Automatically?

Unique insights, informed by trillions of signals

On-premises abnormal behavior
and advanced threat detection
Identity-based attack
and threat detection
Anomaly detection
for cloud apps
!
!
!

Monitors behaviors of users and other entities
by using multiple data-sources
Profiles behavior and detects anomalies
by using machine learning algorithms
Evaluates the activity of users and other entities
to detect advanced attacks
Credit card companies monitor cardholders’ behavior.
By observing purchases, behavioral analytics learn what behavior is typical for each buyer.
If there is any abnormal activity, they will notify the cardholder to verify charge.
$$$
$
3 hours

USER
Anonymous user behavior
Unfamiliar sign-in location
ATTACKER
Phishing attack
User account
is compromised
#
Attacker attempts
lateral movement
Attacker
accesses
sensitive data
Privileged
account
compromised
Anonymous user behavior
Lateral movement attacks
Escalation of privileges
Account impersonation
Data exfiltration
Attacker steals
sensitive data
Cloud data &
SaaS apps
Zero-day /
brute-force attack

Detect &
remediate attacks
Demo

Apps
Risk
MICROSOFT INTUNE
Make sure your devices are
compliant and secure, while
protecting data at the
application level
AZURE ACTIVE
DIRECTORY
Ensure only authorized
users are granted access
to personal data using
risk-based conditional
access
MICROSOFT CLOUD
APP SECURITY
Gain deep visibility, strong
controls and enhanced
threat protection for data
stored in cloud apps
AZURE INFORMATION
PROTECTION
Classify, label, protect and
audit data for persistent
security throughout the
complete data lifecycle
MICROSOFT ADVANCED
THREAT ANALYTICS
Detect breaches before they
cause damage by identifying
abnormal behavior, known
malicious attacks and security
issues
!
Device
!
Access
granted
to data
CONDITIONAL
ACCESS
Classify
LabelAudit
Protect
!
!
Location

Mobile device &
app management
Information
protection
Holistic and innovative solutions for protection across users, devices, apps and data
Premium
Microsoft
Intune
Azure Information
Protection
Microsoft Cloud
App Security
Microsoft Advanced
Threat Analytics
Identity and access
management
Threat
protection

Technology Benefit E3 E5
Premium P1
Secure single sign-on to cloud and on-premises app
MFA, conditional access, and advanced security reporting ● ●
Premium P2
Identity and access management with advanced protection for
users and privileged identities ●
Microsoft Intune
Mobile device and app management to protect corporate apps
and data on any device ● ●
Azure Information Protection P1
Encryption for all files and storage locations
Cloud-based file tracking
● ●
Azure Information Protection P2
Intelligent classification and encryption for files shared inside
and outside your organization ●
Microsoft Cloud App Security
Enterprise-grade visibility, control, and protection for your
cloud applications ●
Microsoft Advanced Threat Analytics
Protection from advanced targeted attacks leveraging user
and entity behavioral analytics ● ●
Identity and access
management
Managed mobile
productivity
Information
protection
Threat protection

FastTrack experts work remotely
with you and your partner
Microsoft Virtual Academy
and Immersion
Demos, videos and labs
Self-service resources
Success Plans to
speed-up deployment
EMS Success Workshop
Quick Start guides
How To’s and
personalized videos
Trial: Experience EMS before
you subscribe
Proof of Concept (POC):
Model your deployment by
combining a trial and a
Success Plan
Assess: Determine the setup of your existing
environment and identify any issues
Remediate: Clean up any issues that might
prevent your preferred deployment approach
Enable: Set up EMS services, users, and
integration with your environment
Use: Help your users get their
work done better with EMS
Enhancements: Integrate your
environment with custom apps
and new capabilities
Drive ValueOnboardEnvision
..

Schedule a deep-dive session on
Get a free 90-day trial, evaluate
Deploy with Razor Technology

David.Rosenthal@razor-tech.com
866.797.3282
www.razor-tech.com

Analyze Learn Detect
Analyze the traffic and
identity traffic and data
related activities across the
network including relevant
events from SIEM and in
real-time.
Uses the organizational
security graph to detect
abnormal behavior, file
activity, protocol
attacks, and weak
security configurations.
Automatically learn the
common behaviors for users
and entities on the network
to build an organizational
security graph.
Alert
Intelligently use the learned
context to prevent false
positives and prioritize
alerts, remediate problems
automatically, and present
attack timelines.

Microsoft Enterprise Mobility and Security EMS

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Microsoft Enterprise Mobility and Security EMS

Similaire à Microsoft Enterprise Mobility and Security EMS (20)

Plus de David J Rosenthal

Plus de David J Rosenthal (20)

Dernier

Dernier (20)

Microsoft Enterprise Mobility and Security EMS