cloud security, mobility and current threats...verizon dbir: breached assets (2016) verizon dbir:...
Post on 11-Oct-2020
2 Views
Preview:
TRANSCRIPT
Cloud Security, Mobility and Current Threats Tristan Watkins, Head of Research and Innovation
Threat Landscape
Verizon Data Breach Investigations Report
Verizon DBIR: Threat actors and actions
Verizon DBIR: Threat actor motive (2016)
Verizon DBIR: Threat actor method (2016)
Verizon DBIR: Breached assets (2016)
Verizon DBIR: Time to compromise (2016)
Verizon DBIR: Time to discovery (2016)
DLP: Insider risks
“We see individuals abusing the access
they have been entrusted with by their
organization in virtually every industry...
with financial gain and convenience being
the primary motivators (40% of incidents),
whether they plan to monetize stolen data
by selling it to others (such as with
financial data) or by directly competing
with their former employer.”
Why? How?
DLP: accidental and outsider risksUnintended data leaks are very hard to protect against• For every way that data can be lost, we need a specific (often unique) defence
Examples of unintended data loss:• Lost/stolen device
• Credential theft:
Neither file-level protections nor FDE will solve for all of these risks
o Keystroke loggers
o Social engineering
• Wrong recipient
o Bad password practices
• Lost/stolen drives/media
• Memory scraping
Phishing and social engineering"23% of recipients now open phishing messages and
11% click on attachments."
"a campaign of just 10 e-mails yields a greater than
90% chance that at least one person will become the
criminal’s Prey."
"…nearly 50% of users open e-mails and click on
phishing links within the first hour.
…the median time-to-first-click coming in at one
minute, 22 seconds across all campaigns."
Signature Detection Obsolescence
Much of today's malware code is modified so quickly that it will avoid detection• “99% of malware hashes are seen for
only 58 seconds or less. In fact, most malware was seen only once”.• 40 million malware samples
• 3.8 million malware signatures (90%+is found only once in the data)
• 20,000 common signatures across organisations
• 99.95% is organisationally-unique
Signature modification can be trivially automated in PowerShell
Image Courtesy of John Lambert, General Manager of the Microsoft Threat Intelligence Center
Modernising Security
• User chooses apps (unsanctioned, shadow IT)
• User can access resources from anywhere
• Data is shared by user and cloud apps
• IT has limited visibility and protection
• Only sanctioned apps are installed
• Resources accessed via managed devices/networks
• IT had layers of defense protecting internal apps
• IT has a known security perimeter
Life with cloudsLife before clouds
What is driving change?
On-premises
Storage, corp data Users
Identity & Access Management
Easily manage identities
across on-premises and
cloud. Single sign-on &
self-service for any
application.
Manage and protect
corporate apps and data
on almost any device
with MDM & MAM.
Encryption, identity, and
authorisation to secure
corporate files and email
across phones, tablets,
and PCs.
Identify suspicious
activities and advanced
threats in near real time,
with simple, actionable
reporting.
Information Protection
Mobile Device & App Management
User & Entity Behaviour Analytics
Protecting customer data
by providing IT visibility,
control, and security over
cloud applications.
Cloud Access Security Broker
Enterprise Mobility SuiteCloud App
Security
Azure Active
Directory Premium
Azure Rights
Management
Premium
Intune &
Configuration
Manager
Advanced Threat
Analytics
Share Windows
applications and other
resources with users on
almost any device
Windows App Virtualisation
Azure
RemoteApp
Microsoft Enterprise Mobility Management
Users Identity Theft Data Devices & Apps SaaS Apps Windows Apps
Active Directory Problem Spaces
User ExperienceMakes a user's life easier by providing a single sign-on (SSO) for computers, applications and services
IT AdministrationSimplifies system administration by centralising management of users, computers and policies
Platform servicesSimplifies development by providing authentication, users, groups and/or claims
Security/ComplianceLots of complicated non-functional stuff
What would IT be without Active Directory? Sign-on would be a colossal mess
IT administrators' lives would be incredibly repetitive and inefficient
...but we would reclaim simplicity from efficiency
What is Azure AD to a user?The home of my corporate identityHow I prove who I am, including additional factors of authentication
Details about who I am (profiles)
What I belong to (groups)
The service I entrust with my personal data (privacy protections/compliance)
Gateway to my appsA gateway to my apps: Access Panel
A trustworthy face for cloud resources (custom branding/logos)
Gateway to my internal network from the outside worldSelf-Service Password Reset (SSPR)
Application Proxy (Reverse Proxy)
Workplace Join (Device Registration Service)
What is Azure AD to IT?Directory ServiceThe directory is built with Active Directory Lightweight Directory Services (AD LDS)
Sync on-premises Active Directory Domain Services (AD DS) objects with DirSync/AAD Connect
DirSync and AADSync were wrapped up with related tools in a new package called AAD Connect
Security Token ServiceLike AD FS. Enables federated sign-on to Office 365, Azure and Software as a Service providers
Also provides authentication and authorisation services to Azure Websites like SharePoint Apps
Advanced stuffMultiple Factors of Authentication (MFA) AKA “2FA”. Think: PIN verification for sign-on
“Application Proxy (Reverse Proxy): Sign-on to on-premises stuff from outside the network
Device Authentication: restrict sign-on to trusted devices (enables BYOD)
Reporting and Alerts: Detects unusual/sketchy sign-on patterns and alerts administrators
What is Azure AD to a developer?
Common Consent (OAuth 2.0)Secures Apps for Office and SharePoint with or without user authentication
Sometimes Apps will be permitted to authorize on behalf of a user
Graph APIQuerying directory
User Profile sync enhancements may originate here
Directory ExtensionsNew attributes in Azure AD, flowing through to other services eventually
Back to Basics: What is Windows Logon?
{
Username/password
Smart card
PIN/gesture (picture password)
Hello (fingerprint, face, iris)
Azure Active Directory Capabilities
Risk Ranking
Defence-in-Depth
top related