View
11
Download
0
Category
Preview:
Citation preview
Cyber Security
Microsoft Vision and How Microsoft Protect Itself from Cyber Attacks
Prof Chris Peiris
AgendaMicrosoft Vision on Cyber Security• Advance Persistent Threat (APT) and Zero days
• Microsoft Security Intelligence Report – Thailand
• Case studies : How Microsoft Protect its assets against Cyber Attacks
Cyber Security Solution Portfolio• Cyber Security Solution Introduction
• Solutions on Protecting, Detecting and Responding to Cyber threats
• Unique Microsoft IP that protects
• at the “Windows Kernel” level.
• Converts whole Windows Operating System into a sensor to detect attacks
• Solution Roadmap
• Case studies : How Executive Yuan protect Taiwan from Cyber Attacks
• Next steps and actions
Is the threat real to us?
http://www.creditcards.com/credit-card-news/credit-card-fraud-price-list-1282.php
Changing Threat Landscape –The numbers game
Source: Microsoft Security Intelligence Report & Verizon 2013 Data Breach Investigations Report
Is the threat real to Enterprises?
Security Intelligence Report
18+ billion420 million
35 billion messages/month
250 million Millions
Billions700 million
40 billion
Millions
Enterprise Risk Mitigation System
Leveraging Cyber Threat Intelligence
Malware trends in Thailand
Malware encounters and infectionsThailand
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
3Q13 4Q13 1Q14 2Q14
En
cou
nte
r ra
te (
perc
en
t o
f all r
ep
ort
ing
co
mp
ute
rs)
Encounter rate
0
5
10
15
20
25
30
35
3Q13 4Q13 1Q14 2Q14
Co
mp
ute
rs c
lean
ed
per
1,0
00 s
can
ned
(C
CM
)
Infection rate
Thailand Worldwide
Top threat families by CCM in 2Q14Thailand
Family Most significant category CCM
1 Win32/Sality Worms & Viruses 5.1
2 Win32/Sefnit Trojans 4.1
3 Win32/Gamarue Worms & Viruses 3.5
4 Win32/Wysotot Trojans 1.8
5 MSIL/Bladabindi Backdoors 1.6
6 Win32/Ramnit Trojans 1.5
7 Win32/Nitol Other Malware 1.4
8 Win32/Pramro Trojans 0.9
9 VBS/Jenxcus Worms & Viruses 0.8
10 MSIL/Spacekito Trojans 0.6
Security Strategy Change
Perimeter Security DiD
Trust All Internal Assume Breach
Cyber Strategy
APT Firewall Network Anti Virus HW Fireeye
Win Kernel
How do we address these threats?
Microsoft Cyber Security Portfolio
Threat of not deploying the latest products
Security risks on desktops more than a decade ago don’t come close to today’s threat landscape
Protection against threats begins with modern software and hardware with the latest operating system
Windows XP is 6 x more likely
more likely than Windows 8
to be infected with malware than Windows 7
21xand
• Many companies don’t even think about upgrading an application which appears to function normally• Known, dangerous and exploitable security holes remain open on millions of PCs months and even
years after discovery and when updates are provided.• Software security flaws are a time bomb waiting to be detonated by a cybercriminal`
03.02.14
Cyber Security Services and Solutions Portfolio
Protect Enhanced Security Admin Environment (ESAE) Security Development Lifecycle Services (SDL) Microsoft Security Risk Assessment (MSRA)
Detect Microsoft Threat Detection Services (MTDS)
On Premise & Hosted Persistent Adversary Detection Service (PADS)
Respond Incident Response (IR)
Recover Tactical and Strategic Recovery Enterprise Security Strategy (CSA)
Identify
Protect
DetectRespond
Recover
Identify Active Directory Security Assessment (ADSA) Foundational Security Monitoring (FSM) Strategy/Cybersecurity Architect (CSA)
Case Study
How Taiwan Executive Yuan protects Taiwan from Cyber attacks
Security Improvement Program
Partitioning
Principles of a resilient architecture The overarching goal of a resilient architecture is to build a platform that can dynamically evolve in response to cyber threats and progressively adapt
to support the changing business mission. A resilient architecture incorporates design strategies, techniques and technologies that combine protective, detective, containment and recovery controls.
Microsoft Objective for Customer 1. Improve the resiliency and security maturity of credentials and information that supports Customers business critical platforms, enabling
continuity of operations whilst actively under attack. 2. Support Customer to achieve its organisational compliance outcomes.
Time
Objective Maturity
Level
Stage 1 Stage 2 Stage 3 Stage 4
ESAE AD # 1 Project
Adapt and deploy Tier 0 partitioning to a broader set of environments
Tier 0 - Broad (User & Services) privilege minimisation
Tier 2 - End point resilience – localised containment
Tier 1 – (Apps and Data) privilege minimisation and protection
Ongoing Assessments and Health Checks (Recurring Activity) – for measurement of progress, status and compliance activities
Training, organisation and operational change management
Advanced threat detection and monitoring
Architectural guidance, coordination, planning and risk management
Trusted identity and information services
Tier 0
Tier 2
Tier 1
Undefined and Inconsistent - Basic
Structured and Consistent -
Standardised
Integrated and Controlled - Rationalised
Basic
Standardised
Rationalised
Security Improvement Program
Contacts - Prof Chris Peiris Architect Lead – Public Sector Asia Pacific Japan @ Microsoft
- Leading sales and delivery capability for CyberSecurity solutions, Public Safety & National Security solutions and Government solutions.
- chrispei@Microsoft.com
- +612 6122 4687
Speaker Profile- Thought leader in the “Enterprise Architecture” space.
- Authored 10 books (including topics on Cloud, Enterprise Architecture, SOA, WCF, Security, Web services, Java, IIS and Windows Server topics),
- 25+ technical articles and reviews
- Frequent speaker at 25+ leading industry conferences / events.
- 18+ years of IT experience with Enterprise clients
- Education – PhD on Cloud, IT Masters, Bach Accounting & Computing.
- Associate Professor (Adjunct) at University of Canberra as recognition of thought leadership on Cloud Computing and Enterprise Architecture.
Linked In Profile
www.ChrisPeiris.com
Questions and feedback?
Next Steps?• Cyber Security EBC in Redmond, USA
Links:
See Public Whitepapers: Determined Adversaries and Targeted Attacks (Oct 2012)
Microsoft Security Intelligence Report, Jan-June 2012, vol 13, section “Defending Against Pass-the-Hash Attacks”
Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques (Dec 2012),with step-by-step instructions in Appendix A
Securing Active Directory: An Overview of Best Practices (Apr 2013)http://technet.microsoft.com/en-us/library/dn205220.aspx
Recommended