Defending against modern threats Kruger National Park ICCWS 2015

Transcription

1 Defending against modern threats Kruger National Park ICCWS 2015 Herman Opperman (CISSP, ncse, MCSE-Sec) - Architect, Cybersecurity Global Practice Microsoft Corporation

2

3

4 Trends from the field

5 Perimeter Security DiD Cyber Strategy Trust All Internal Assume Breach

6 THREAT REACTIVE PROACTIVE Reconnaissance Operations Governance Weaponization Delivery Network Data Physical Exploitation Installation Host Application Command & Control Action on Objectives

7 Source: microsoft.com/sir Microsoft SIR Vol. 17 The Security Intelligence Report (SIR) is an analysis of the current threat landscape based on data from over a billion systems worldwide. Featured Intelligence: Securing account credentials The challenge of expired security software The Microsoft DCU and the legal side of fighting malware Worldwide threat assessment Vulnerabilities Exploits Malware

8 CGP Portfolio CYBERSECURITY STRATEGY SECURE ADMINISTRATION SECURE PLATFORM SECURE SOFTWARE DEVELOPMENT Protect SYSTEMS MEMORY DEFENCE LONGTERM CYBERSECURITY ARHITECTURE Detect Respond ADVANCED PERSISTENT THREAT DETECTION RESPONSE AND RECOVERY PROACTIVE DISCOVERY FOR INDICATORS OR THREAT

9 * 4 Security Essentials Run Latest Microsoft & Third Party Products Implement Good Patch Management Practices Align Active Directory to Current Threat Environment Assess Threats & Countermeasures of IT Infrastructure and Operational Practices Implement Secure Software Development Practices

10 Thank you for your time.

11 CGP Portfolio Microsoft Security Risk Assessment (MSRA) Rapid review of customer s IT security program, tailored to business and security needs On-site, in-person interviews and technical examination to provide a comprehensive look at security technologies and operational practices Examination of the program s business foundations, including security goals, risk posture, and policies and standards Enhanced Security Administration Environment (ESAE) In addition to enforcing two-factor authentication for domain administrative accounts with smartcards, ESAE implements auditing and monitoring of high-impact administrative activity Protect Privileged Administrator Workstation (PAW) Focuses on protecting administrator credentials (Tier 1) by adding layer of protection to administrative workstations. Enhanced Mitigation Experience Toolkit (EMET ERS) Pilot deployment of (EMET) to including deployment of Enterprise Reporting Services and dashboard for all EMET mitigated events. Security Development Lifecycle Services (SDL) Customers learn and apply the secure software development practices Microsoft has developed and implemented internally Reduces the number and severity of software vulnerabilities in a customer s custom software solution Cybersecurity Architect (CSA) Detect Persistent Adversary Detection Service (PADS) Microsoft offers the PADS service to proactively determine whether a system is under threat via a discreet incident response prior to an actual emergency and examines high value assets or a sample of systems for signs of advanced implants not typically found by commodity anti-virus or intrusion detection system technologies. Microsoft Threat Detection Service (MTDS) Allows customers to detect errors and report them to check for malicious activity both in a hosted or On Premises solution. It also helps in deriving intelligence from the error reports to regulate and manage errors efficiently. Respond Incident Response and Recovery (IR&R) Microsoft offers the IR&R service to determine whether a system is under targeted exploitation via a discreet incident response engagement that examines high value assets or exploited systems for signs of advanced implants not typically found by commodity anti-virus or intrusion detection system technologies.