identity and security in the cloud
TRANSCRIPT
Looks STRONG
Layered DEFENCE
Feels SAFE
Cyber Threats…no longer just an IT issue.
• Average time attackers stay in a network before detection is over 200 days
• Over 75% of all network intrusions are traced back to compromised credentials
• Average cost of a data breach to a company is $3.5 million
• Estimated cost of cybercrime to the global economy is $500 billion
Motivations• Enforcement of social or political points of view
• To gain long term trusted access to internal resources• Information• Compute power and bandwidth
• Obtain credentials for access to other services
• Extortion by means of• Business systems interruption• Threatening individuals privacy• or discrediting the organisation
Cyber Threats…there are 2 types of organisations affected:
Those that don’t know it (yet)
Those that have been breached
Changing nature of Cyber Attacks
Attacks and threats have grown substantially more sophisticated, frequent and
severe.In the vast majority of attacks, they compromise user credentials and use legitimate IT tools instead of malware.
We are now working under the assumptionthat we are already breached
5 Key RecommendationsAmit Yoran, RSA President
1. Even advanced protection can fail2. We need pervasive and true visibility of everything3. Identity and Authentication matter more than ever
• Don’t trust the trusted, protect them!4. Don’t mistake a malware solution for an Advanced Threat Strategy5. Use external Threat Intelligence Reports
What REALLY matters?
Brand • Trustworthiness
Reputation• Availability• Reliability
Credibility • Accreditation
Financials• Cost to prevent• Cost to repair
What needs protection?
• Logon credentials• Gaining trusted access• Across all entities
Identity• Infrastructure – admin, service, and system accounts• high costs to repair in both time and materials• Use MFA and education!
Resources• Privileged access to sensitive information• DLP helps classified/controlled, information• What about the rest?
Information
• Documents at rest, in transit, or shared externally• Encryption is the minimal level for everythingData
HOW?
Protect
Education and vigilance is key
Layered approach
Technology and People
Detect
Understand the scenarios
Look for anomalies
Test regularly
Analyse
Know the scale of the problem
Identify the potential impact
Protect the logs and other
information
Respond
Don’t react hastily, follow a plan
Call in the experts, including the
lawyers if necessary
Communicate clearly, but securely
Identity Management• Know who your people are and centralise management
of Identities:• Administrators and trusted authorities• Insiders• Externals
• Implement good housekeeping• Ensure training for security and privacy at all levels• Monitor behaviours and regulate access permissions• Implement key policies:
• Pin locks• Passwords• Multi-Factor authentication
Application and Device ManagementManagement based on characteristics:• Ownership• Support/Management• Level of trust• Device standards and capabilities• Location and usage scenario
Data SecurityEnable key features where possible:• Full drive encryption• Data replication services• Invest in Information Rights Management and
Data Loss Prevention for the most sensitive information
Whe
re to
st
art?
Multi-Factor Authentication
ͻ Enable/Enforce MFA to end-usersͻ Will enforce App Passwords for rich clients that don͛8t support MFA - Office 2013 (can preview ADAL)
- Office 2010 - Skype for Business - OneDrive for Business - Mail apps on smartphones
Multi-Factor Authentication
ͻ Second Factor options: - Mobile app (online and OTP) - Phone Call - SMSͻ Application passwordsͻ Default Microsoft greetings
Office 365 / Azure Administrators
ͻ Fraud alertͻ One-Time Bypassͻ Custom greetings/caller IDͻ Cachingͻ Trusted IPsͻ MFA SDKͻ Security Reportsͻ MFA for on-premises appsͻ Block/Unblock Usersͻ Event Confirmation
Azure AD Premium additional features
Access Control ServiceEnables the use of multiple IdPs to provision access to SaaS applications• Integrated Single Sign On
• Claims-based access control
• Centralised authorization into web applications
• Google, Yahoo!, Facebook, etc.
• Available in Basic and Premium
Cloud App Discovery
Azure Rights Management
Enable control of data beyond your security boundary• Limit access to known identities
• Monitor, track, change permissions in-flight
• Company policy templates, automated application, individual control
Protect a document and share
Customer registration and download
Track & Revoke
Track & Revoke
Resources
• Protecting Azure Blob Storage with Azure RMS Whitepaperhttp://blogs.msdn.com/b/rms/archive/2014/05/27/protecting-azure-blob-storage-with-azure-rms-whitepaper.aspx
• Information Protection and Control (IPC) in Office 365 with Microsoft Rights Management service (RMS) whitepaperhttp://www.microsoft.com/en-us/download/confirmation.aspx?id=34768
• Official RMS Team bloghttp://blogs.technet.com/b/rms/
• RMS Analyzer Toolhttp://blogs.technet.com/b/rms/
Azure Security CenterCurrently in public preview:
• Advanced Threat Analytics – global scale• Security monitoring and auditing• Threat detection and alerts• Hadoop cluster ingests massive quantities of data from
security feeds• Machine Learning and Real People! (cyber security
teams and partnerships)• In partnership with the major industry security vendors• Integrates with existing security solutions (SIEM)
Cloud Access Security Broker
Adallom: recently purchase by Microsoft• Centralised AuthN/AuthZ for all cloud application
• Agentless, flexible deployment options
• Integrated with solutions like CheckPoint, SIEM, DLP and MDM
Advanced Threat Analytics
Focus on what’s important, fast• Malicious attack detection
• Alerts for known security issues and risks
• Analysis for abnormal behaviour using machine learning
ATA: Pass-The-Hash Demo• Our bad guy is DodgyUser, he’s managed to get access to a PC and running his tools….• Our good guy is MarketingUser, he’s logged on to this pc and carrying out his work
normally
• DodgyUser is able to enumerate all users logged on, and obtain the HASH of their password:
ATA: Pass-The-Hash Demo• With this information, DodgyUser can now switch to use these credentials
on any machine and perform operations as that user
ATA: Pass-The-Hash Demo• ATA was watching:
ATA: Alerts
ATA: Alerts
Coming soon…Administrative
UnitsBYO SaaS
Applications
Pwd rollover for FB, Twitter and Linked In
Dynamic group membership
Conditional Access – per
app
Privileged Identity
management
Self-service app requests
Azure reporting API
Cloud Access Security Broker
(Adallom?)
Windows 10
• 110 million activations in just 2 months !• Deploy without re-imaging the device• Windows Hello & BitLocker• Registered hardware can be 2nd factor for sign-in to
all services• Separation of business and personal information• Same experience on Phone as on Desktop• Enterprise containerisation with Hyper-V• Universal App Store – with employee store
experience
Actions & Resources• Start using MFA for all your personal
accounts
• Consider security at the beginning of Solution Development
• Look for and highlight any risks or concerns at your customer
• Join the discussion on our Yammer group Security
• Use the Cloud Roadmap diagrams to explore solutions and options
• Use this deck, works well on mobileShare the message, raise awareness
Thank you !
Richard Diver @rdiver