cloud app security
play

CLOUD APP SECURITY Sebastien Molendijk Senior Program Manager - PowerPoint PPT Presentation

MICROSOFT CLOUD APP SECURITY Sebastien Molendijk Senior Program Manager https://www.polleverywhere.com/multiple_choice_polls/BjnYY9hZKbBPAVfjvFhgc?preview=true&controls=none Enterprise-class technology Identity & access Threat


  1. MICROSOFT CLOUD APP SECURITY Sebastien Molendijk Senior Program Manager

  2. https://www.polleverywhere.com/multiple_choice_polls/BjnYY9hZKbBPAVfjvFhgc?preview=true&controls=none

  3. Enterprise-class technology Identity & access Threat Information Security protection protection management management Secure identities to Help stop damaging Locate and classify Strengthen your security reach zero trust attacks with integrated and information anywhere posture with insights automated security it lives and guidance Infrastructure security

  4. https://www.polleverywhere.com/multiple_choice_polls/ 12sqtYRadhdO4r6L1IJM5?preview=true&controls=none

  5. https://www.polleverywhere.com/multiple_choice_polls/ Hv68q7qjXJitDquT6sK5P?preview=true&controls=none

  6. 01 CLOUD ACCESS SECURITY BROKERS

  7. Cloud services require a new approach to security

  8. Top CASB use cases Box YouTube Twitter Office 365 AWS Facebook Dropbox Salesforce Azure

  9. 02 MICROSOFT CLOUD APP SECURITY

  10. Office 365 Microsoft Teams

  11. 03 DISCOVERING AND ASSESSING THE RISK OF SHADOW IT

  12. Shadow IT management lifecycle

  13. Cloud App Discovery Discovery of Shadow IT across SaaS, IaaS and PaaS Discover cloud usage across all locations (HQ, Branches, Remote..) Understand the risk of your SaaS apps Risk assessment for 16,000+ cloud apps based on 70+ security and compliance risk factors Analyze usage patterns Understand the usage patterns and identify high risk volume users by understanding traffic data, top users and IP addresses, app categories Block risky and unsanctioned apps Using native and programmatic integration with leading SWG and Proxies Continuous monitoring Be alerted when new, risky or high- volume apps are discovered

  14. DISCOVERY ARCHITECTURE WITH MICROSOFT DEFENDER ATP Shadow IT Firewall / Proxy Log collector User Endpoints IP address Microsoft Cloud App Machine Security portal Microsoft Defender ATP

  15. Cloud Discovery with Microsoft Defender A TP Native, endpoint-based Discovery of Shadow IT Discovery of cloud apps beyond the corporate network from any Windows 10 machine Single-click enablement Machine-based Discovery Deep dive investigation in Windows Defender ATP

  16. 1-click deployment with Microsoft Defender ATP

  17. User education when attempting to access a non-trusted app

  18. User education when attempting to access a non-trusted app

  19. User education when attempting to access a non-trusted app

  20. Shadow IT Discovery for IaaS and PaaS services

  21. Shadow IT Discovery for IaaS and PaaS services – Drill down

  22. Shadow IT Discovery deployment options Autom omatic Checkbo box x Supp ppor orted d Device-ba base sed d Off-networ ork Inline blocking Deployme ment Deplo loyment yment meth thod log uploa oad deploym yment platforms rms Discov overy Discov overy of apps Complexi xity Log file e (Snap apshot report) No No Any No No No Medium Log colle llect ctor Yes No Any No No No Medium Windows, Windows ws Defender er ATP TP Yes Yes Mac coming in Yes Yes H1 2019 Low 2019 Zscaler aler Yes No Any No Yes Yes Low iboss Yes No Any No Yes Yes Low

  23. DEMO DISCOVERY

  24. 02 PROTECTING YOUR INFORMATION

  25. Protect your files and data in the cloud Data is ubiquitous and you need to make it accessible and collaborative, while safeguarding it Monitor, investigate and Understand your data and Classify and protect your data no exposure in the cloud matter where it’s stored remediate violations Create policies to generate • Govern data in the cloud with • • Connect your apps via our API-based alerts and trigger automatic granular DLP policies App Connectors governance actions Leverage Microsoft ’ s IP • • Visibility into sharing level, Identify policy violations capabilities for classification • collaborators and classification labels Extend on-prem DLP solutions Investigate incidents • • • Quantify over-sharing exposure, and related activities Automatically protect and • external- and compliance risks encrypt your data using Azure Quarantine files, remove • Information Protection permissions and notify users

  26. Detect and remediate overexposed files and anomalies Create policies to generate alerts and trigger automatic governance actions Be notified to identify and investigate policy violations and related activities Automatically remediate with built-in actions incl. notify owner, notify admin, make private, quarantine, etc. Automatically label and protect existing sensitive information and when new files are uploaded

  27. Key Differentiators via Microsoft Information Protection approach Unified labelling with Microsoft Information Protection - streamlined experience across O365 DLP , AIP and MCAS 90 built-in, sensitive information types you can choose from Custom sensitive information types using Regex, keywords and large dictionary Leverage Microsoft or 3 rd party DLP engines for classification Leverage AIP labels

  28. DEMO INFORMATION PROTECTION

  29. 03 ENABLING REAL-TIME INFORMATION PROTECTION

  30. Conditional Access App Control Context-aware session policies Control access to cloud apps and sensitive data within apps based on user, location, device, and app SAML, Open ID Connect, & on- prem apps Support for Microsoft and non- Microsoft web apps, including on- prem apps onboarded via Azure AD App proxy Enforce granular monitoring & control for risky user sessions Data Exfiltration: Block download, Apply AIP • label on download Block print • Block copy/cut • Block custom activities: (e.g., • IMs with sensitive content) Data Infiltration: Block upload • Block paste •

  31. Key differentiators to optimize the admin and end user experience Unique integration with Azure AD Conditional Access Selective routing to MCAS based on the session risk determined by Conditional Access to optimize end user productivity Simple deployment Built-in policies that can be configured directly within the Azure AD portal for an easy deployment. Control your on-prem apps With the same powerful real-time controls by integrating them with Azure AD Application Proxy Worldwide Azure datacenters infrastructure MCAS leverages Azure data centers across the world to optimize performance and user experience

  32. Cloud apps & services

  33. Exemplary use case Prevent download of sensitive files from unmanaged device Any app Config: Unmanaged

  34. https://www.polleverywhere.com/multiple_choice_polls/ 0AU0d7HMIbntk8IOf5isF?preview=true&controls=none

  35. DEMO PROTECTING YOUR INFORMATION IN REAL-TIME

  36. 04 THREAT PROTECTION IN THE CLOUD

  37. inbound phishing attacks

  38. Detections across cloud apps and sessions ! ! !

  39. Malware Detection

  40. The challenge of securing your environment Bad actors are using The digital estate offers Intelligent correlation increasingly creative a very broad surface and action on signals is and sophisticated area that is difficult to difficult, time-consuming, attacks cks secur ure and expens nsive

  41. Identity Security – Covering your environment Azure AD Identity Protection Cloud identity threats Azure AD & ADFS Azure ATP On-premises identity threats Microsoft Cloud App Security Application sessions

  42. Cloud Activities – via Azure AD IP , Office 365 and MCAS On Premises Activities – via Azure ATP

  43. https://www.polleverywhere.com/multiple_choice_polls/ 9gRK9AEY6UcZRqVkd8OJ3?preview=true&controls=none

  44. https://www.polleverywhere.com/discourses/qcKw1b76P E2fNeHvad8RH?preview=true&controls=none

  45. M365 UEBA - Overview

  46. USER INVESTIGATION PRIORITY ABNORMAL USER ALERTS ACTIVITIES CONTEXT

  47. User Investigation Priority Total user risk for investigation priority – reflecting security alerts, abnormal activities and user impact

  48. User’s investigation priority Suspicious activities Alerts

  49. Identify top users to investigate How abnormal is this user’s behavior?

  50. User Investigation Priority Users / Score Distribution 160000 Example: User investigation priority distribution at a 140000 200k+ employee organization 120000 Number of Users 100000 80000 60000 40000 20000 0 Scores

  51. Identify abnormal activities by analyzing the behavior of users, peers and the entire organization Login to devices • Access to on-premises resources • Remote connections to servers • Access to cloud applications • Usage of Share Point Online sites • User agent, location & ISP analytics • Mailbox behavior • Failed logins behavior •

  52. Suspicious Activity: how does it work? Is the ‘ finance server ’ accessed by many users in the organization? Has this user accessed this server before? Does this user have a usual pattern of logons to servers? Do the peers of this user login to this server ? Suspicious Normal

Recommend


More recommend