cloud app security
play

CLOUD APP SECURITY Sebastien Molendijk Senior Program Manager - PowerPoint PPT Presentation

Aug 22, 2022 •464 likes •1.33k views

MICROSOFT CLOUD APP SECURITY Sebastien Molendijk Senior Program Manager https://www.polleverywhere.com/multiple_choice_polls/BjnYY9hZKbBPAVfjvFhgc?preview=true&controls=none Enterprise-class technology Identity & access Threat

  1. MICROSOFT CLOUD APP SECURITY Sebastien Molendijk Senior Program Manager

  2. https://www.polleverywhere.com/multiple_choice_polls/BjnYY9hZKbBPAVfjvFhgc?preview=true&controls=none

  3. Enterprise-class technology Identity & access Threat Information Security protection protection management management Secure identities to Help stop damaging Locate and classify Strengthen your security reach zero trust attacks with integrated and information anywhere posture with insights automated security it lives and guidance Infrastructure security

  4. https://www.polleverywhere.com/multiple_choice_polls/ 12sqtYRadhdO4r6L1IJM5?preview=true&controls=none

  5. https://www.polleverywhere.com/multiple_choice_polls/ Hv68q7qjXJitDquT6sK5P?preview=true&controls=none

  6. 01 CLOUD ACCESS SECURITY BROKERS

  7. Cloud services require a new approach to security

  8. Top CASB use cases Box YouTube Twitter Office 365 AWS Facebook Dropbox Salesforce Azure

  9. 02 MICROSOFT CLOUD APP SECURITY

  11. Office 365 Microsoft Teams

  12. 03 DISCOVERING AND ASSESSING THE RISK OF SHADOW IT

  13. Shadow IT management lifecycle

  14. Cloud App Discovery Discovery of Shadow IT across SaaS, IaaS and PaaS Discover cloud usage across all locations (HQ, Branches, Remote..) Understand the risk of your SaaS apps Risk assessment for 16,000+ cloud apps based on 70+ security and compliance risk factors Analyze usage patterns Understand the usage patterns and identify high risk volume users by understanding traffic data, top users and IP addresses, app categories Block risky and unsanctioned apps Using native and programmatic integration with leading SWG and Proxies Continuous monitoring Be alerted when new, risky or high- volume apps are discovered

  15. DISCOVERY ARCHITECTURE WITH MICROSOFT DEFENDER ATP Shadow IT Firewall / Proxy Log collector User Endpoints IP address Microsoft Cloud App Machine Security portal Microsoft Defender ATP

  16. Cloud Discovery with Microsoft Defender A TP Native, endpoint-based Discovery of Shadow IT Discovery of cloud apps beyond the corporate network from any Windows 10 machine Single-click enablement Machine-based Discovery Deep dive investigation in Windows Defender ATP

  17. 1-click deployment with Microsoft Defender ATP

  18. User education when attempting to access a non-trusted app

  19. User education when attempting to access a non-trusted app

  20. User education when attempting to access a non-trusted app

  21. Shadow IT Discovery for IaaS and PaaS services

  22. Shadow IT Discovery for IaaS and PaaS services – Drill down

  23. Shadow IT Discovery deployment options Autom omatic Checkbo box x Supp ppor orted d Device-ba base sed d Off-networ ork Inline blocking Deployme ment Deplo loyment yment meth thod log uploa oad deploym yment platforms rms Discov overy Discov overy of apps Complexi xity Log file e (Snap apshot report) No No Any No No No Medium Log colle llect ctor Yes No Any No No No Medium Windows, Windows ws Defender er ATP TP Yes Yes Mac coming in Yes Yes H1 2019 Low 2019 Zscaler aler Yes No Any No Yes Yes Low iboss Yes No Any No Yes Yes Low

  24. DEMO DISCOVERY

  25. 02 PROTECTING YOUR INFORMATION

  27. Protect your files and data in the cloud Data is ubiquitous and you need to make it accessible and collaborative, while safeguarding it Monitor, investigate and Understand your data and Classify and protect your data no exposure in the cloud matter where it’s stored remediate violations Create policies to generate • Govern data in the cloud with • • Connect your apps via our API-based alerts and trigger automatic granular DLP policies App Connectors governance actions Leverage Microsoft ’ s IP • • Visibility into sharing level, Identify policy violations capabilities for classification • collaborators and classification labels Extend on-prem DLP solutions Investigate incidents • • • Quantify over-sharing exposure, and related activities Automatically protect and • external- and compliance risks encrypt your data using Azure Quarantine files, remove • Information Protection permissions and notify users

  28. Detect and remediate overexposed files and anomalies Create policies to generate alerts and trigger automatic governance actions Be notified to identify and investigate policy violations and related activities Automatically remediate with built-in actions incl. notify owner, notify admin, make private, quarantine, etc. Automatically label and protect existing sensitive information and when new files are uploaded

  29. Key Differentiators via Microsoft Information Protection approach Unified labelling with Microsoft Information Protection - streamlined experience across O365 DLP , AIP and MCAS 90 built-in, sensitive information types you can choose from Custom sensitive information types using Regex, keywords and large dictionary Leverage Microsoft or 3 rd party DLP engines for classification Leverage AIP labels

  30. DEMO INFORMATION PROTECTION

  31. 03 ENABLING REAL-TIME INFORMATION PROTECTION

  32. Conditional Access App Control Context-aware session policies Control access to cloud apps and sensitive data within apps based on user, location, device, and app SAML, Open ID Connect, & on- prem apps Support for Microsoft and non- Microsoft web apps, including on- prem apps onboarded via Azure AD App proxy Enforce granular monitoring & control for risky user sessions Data Exfiltration: Block download, Apply AIP • label on download Block print • Block copy/cut • Block custom activities: (e.g., • IMs with sensitive content) Data Infiltration: Block upload • Block paste •

  33. Key differentiators to optimize the admin and end user experience Unique integration with Azure AD Conditional Access Selective routing to MCAS based on the session risk determined by Conditional Access to optimize end user productivity Simple deployment Built-in policies that can be configured directly within the Azure AD portal for an easy deployment. Control your on-prem apps With the same powerful real-time controls by integrating them with Azure AD Application Proxy Worldwide Azure datacenters infrastructure MCAS leverages Azure data centers across the world to optimize performance and user experience

  34. Cloud apps & services

  35. Exemplary use case Prevent download of sensitive files from unmanaged device Any app Config: Unmanaged

  36. https://www.polleverywhere.com/multiple_choice_polls/ 0AU0d7HMIbntk8IOf5isF?preview=true&controls=none

  37. DEMO PROTECTING YOUR INFORMATION IN REAL-TIME

  38. 04 THREAT PROTECTION IN THE CLOUD

  39. inbound phishing attacks

  40. Detections across cloud apps and sessions ! ! !

  42. Malware Detection

  47. The challenge of securing your environment Bad actors are using The digital estate offers Intelligent correlation increasingly creative a very broad surface and action on signals is and sophisticated area that is difficult to difficult, time-consuming, attacks cks secur ure and expens nsive

  48. Identity Security – Covering your environment Azure AD Identity Protection Cloud identity threats Azure AD & ADFS Azure ATP On-premises identity threats Microsoft Cloud App Security Application sessions

  49. Cloud Activities – via Azure AD IP , Office 365 and MCAS On Premises Activities – via Azure ATP

  50. https://www.polleverywhere.com/multiple_choice_polls/ 9gRK9AEY6UcZRqVkd8OJ3?preview=true&controls=none

  51. https://www.polleverywhere.com/discourses/qcKw1b76P E2fNeHvad8RH?preview=true&controls=none

  52. M365 UEBA - Overview

  54. USER INVESTIGATION PRIORITY ABNORMAL USER ALERTS ACTIVITIES CONTEXT

  55. User Investigation Priority Total user risk for investigation priority – reflecting security alerts, abnormal activities and user impact

  56. User’s investigation priority Suspicious activities Alerts

  57. Identify top users to investigate How abnormal is this user’s behavior?

  58. User Investigation Priority Users / Score Distribution 160000 Example: User investigation priority distribution at a 140000 200k+ employee organization 120000 Number of Users 100000 80000 60000 40000 20000 0 Scores

  59. Identify abnormal activities by analyzing the behavior of users, peers and the entire organization Login to devices • Access to on-premises resources • Remote connections to servers • Access to cloud applications • Usage of Share Point Online sites • User agent, location & ISP analytics • Mailbox behavior • Failed logins behavior •

  60. Suspicious Activity: how does it work? Is the ‘ finance server ’ accessed by many users in the organization? Has this user accessed this server before? Does this user have a usual pattern of logons to servers? Do the peers of this user login to this server ? Suspicious Normal

Recommend

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity & Flexibility Security and Privacy for Cloud

529 views • 36 slides
The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud Engineering Immunet, Inc. Monday, August 22, 2011 The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Chief Architect, Cloud

848 views • 68 slides
Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud Computing model. Presented By: Marissa Hollingsworth Overview What is Cloud Computing? Unique Security Concerns in the Cloud

556 views • 34 slides
Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by design Ecosystem integration Strong momentum Founded by Wireshark Cloud-native security Customer expansion mirrors co-creator and

247 views • 22 slides
Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security Cap-ex Free Resilience Infrastructure Elasticity Infrastructure Flexibility Sevices 5% of organizations have migrated at least 30% 41% 52%

540 views • 11 slides
Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS15 Workshop on Cloud Security Lille, June 30, 2015 Cloud Security Today Security = key concern in cloud adoption for the

2.73k views • 33 slides
CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns Hopkins University What is Cloud Computing ? Lets hear from the experts 2 What is Cloud Computing ? The infinite wisdom of the crowds (via

709 views • 38 slides
Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Agenda Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of Multi-Tier Cloud Security (MTCS SS584:2013) standard 2. To detail the deployment considerations and related initiatives Wong Onn Chee, Cloud

352 views • 6 slides
Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief Solutions Architect AWS Public Sector team Khawaja Shams Cloud Architect Jet Propulsion Labs / NASA QCon New York 2012 Agenda Identity &

594 views • 21 slides
Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth

Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth

psrikanth@bitglass.com Booth #450 Surviving the Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth #450 Time Travel to 2004 Virtual Private Server Dedicated Server Shared Hosting Cloud Booth

498 views • 14 slides
Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz 1 Toni Masteli 2 Sebastian Pape 3 Wolter Pieters 4 Trajce Dimkov 5 1 IBM Research - Zurich 2 Vienna University of Technology 3 TU Dortmund 4 TU

683 views • 46 slides
Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes Deployments Cequence Security: A Cloud Native Approach to Application Security Venture-backed start-up bringing much-needed innovation to

304 views • 17 slides
Security in the Age of Cloud Kaushik Narayan CTO, Cloud Business Unit CASB Connect MVISION

Security in the Age of Cloud Kaushik Narayan CTO, Cloud Business Unit CASB Connect MVISION

Security in the Age of Cloud Kaushik Narayan CTO, Cloud Business Unit CASB Connect MVISION Cloud Innovation Pre- and Post-Acquisition Acquisition announced Expansion to IaaS Skyhigh API control: Sanctioned Apps Networks Custom Apps

565 views • 30 slides
Cloud Security An IAM GAME Nathaniel Beckstead whoami I am here because I love to give

Cloud Security An IAM GAME Nathaniel Beckstead whoami I am here because I love to give

Cloud Security An IAM GAME Nathaniel Beckstead whoami I am here because I love to give presentations. @scriptingislife https:/ /scriptingis.life https:/ /glimpseid.com 2 What is the cloud? 3 What is the cloud? 4 What is the cloud? 5

1.12k views • 32 slides
Security, IAM AWS sh shared red res espon ponsib sibility ility mo model el Portland

Security, IAM AWS sh shared red res espon ponsib sibility ility mo model el Portland

Security, IAM AWS sh shared red res espon ponsib sibility ility mo model el Portland State University CS 430P/530 Internet, Web & Cloud Systems Cloud ud se security urity In this course, security "in-the-cloud" via

445 views • 28 slides
Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents

Security in a cloud context David Crooks, for the EGI CSIRT Lessons learned from recent incidents www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 Cloud Security EGI

571 views • 16 slides
For personal use only Firstwave Cloud Technology Limited (FCT) FY19 Results FCTs Cloud

For personal use only Firstwave Cloud Technology Limited (FCT) FY19 Results FCTs Cloud

For personal use only Firstwave Cloud Technology Limited (FCT) FY19 Results FCTs Cloud Content Security Platform (CCSP) is a unique SaaS email, web & firewall security services orchestration platform for Telco / Service Providers that

883 views • 25 slides
Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Infrastructure Architecture for a Cloud IaaS Provider Software Defined Networking and Network Virtualization Network Monitoring Security Enforcement Inter-Domain Routing for Virtualized Networks Security Monitoring and Enforcement for the

795 views • 42 slides
beyond the technology privacy, trust and security in the cloud disclaimers about me age of the

beyond the technology privacy, trust and security in the cloud disclaimers about me age of the

beyond the technology privacy, trust and security in the cloud disclaimers about me age of the cloud BLOOMBERG FORBES BAIN AND COMPANY the other side of the coin beyond the technology ZDNET FORTUNE beyond the technology WIRED MASHABLE

904 views • 45 slides
For personal use only Cloud security through cloud gateway intelligence FCT July Update Innovate

For personal use only Cloud security through cloud gateway intelligence FCT July Update Innovate

For personal use only Cloud security through cloud gateway intelligence FCT July Update Innovate Create Execute July 2017 1 For personal use only AGENDA Executive Summary Steve OBrien, MD Financial & Operational Update

549 views • 30 slides

More recommend