Embed Size (px)
Citation preview
打造數碼安全校園
Enterprise Ransomware Mitigations
Windows 10, Edge Browser,
Windows Defender
Office ATP
Enterprise Mobility Suite (EMS)
Windows Defender ATP
OneDrive for Business
Azure Backup
3rd party Cloud Backup
THE WINDOWS CLIENT DEFENSE
PRE-BREACH POST-BREACH
Conditional Access
Windows Defender ATP
Breach detection investigation &
response
Device protection
Device integrity
Device control
Information protection
BitLocker and BitLocker to Go
Windows Information Protection
Azure RMS
Threat resistance
SmartScreen
Windows Firewall
Microsoft Edge
Device Guard
Windows Defender
Windows Hello :)
Credential Guard
Identity protection
Windows Hello :)
Credential Guard
Identity protection
Threat resistance
SmartScreen
Microsoft Edge
Device Guard
Windows Defender Anti-Malware
Windows Defender Application Guard
COMPREHENSIVE THREAT RESISTENCE
External
Internal
SmartScreen Windows Firewall
Windows Defender
Office ATP
Microsoft Edge
Device Guard
PROTECT DEVICES BEFORE THEY ENCOUNTER THREATS
Microsoft SmartScreen
Phishing and malware filtering technology for
Microsoft Edge and Internet Explorer 11 in Windows
10.
Provides protection from drive-by downloads attacks
Cloud service is continuously updated, nothing for
you to deploy.
Exchange Online Advanced Threat Protection
Cloud-based email filtering service helps protect
against unknown malware and viruses.
URL trace technology examines potentially harmful
links.
EXCHANGE ONLINE ADVANCED THREAT PROTECTION (ATP)
Safe
Multiple filters + 3 antivirus engineswith Exchange Online protection
Links
RecipientUnsafe
Has attachment?-Suspicious file type
Detonation chamber (sandbox)Executable?
Registry call?
Elevation?
……?
Sender
https://technet.microsoft.com/en-us/library/exchange-online-advanced-threat-protection-service-description.aspx
ISOLATION WITH
WINDOWS DEFENDER APPLICATION GUARD
Hypervisor
Device Hardware
Kernel
Apps
Windows Platform Services
Kernel
Windows Platform Services
Microsoft Edge
Kernel
System Container
Critical System Processes
Windows Defender Application Guard Container
Windows Operating System
Hyper-V Hyper-V
WINDOWS DEFENDER ANTI-VIRUS PROTECTION
Built into Windows and Always Up-To-DateNo additional deployment & Infrastructure. Continuously up-to-
date, lower costs
Tamper ResistantWindows Trusted Boot and platform isolation protect
Windows Defender from attacks and enable it to self-repair
Behavior and cloud-powered malware detectionCan detect fast changing malware varietals using behavior monitoring
and cloud-powered protection that expedites signature delivery
Protection that competes to winScored 98.1% detection rating from AV Comparatives testing against
top competitors (March 2016).
THE WINDOWS 10 DEFENSE STACK
PROTECT, DETECT & RESPOND
PRE-BREACH POST-BREACH
Conditional Access
Windows Defender ATP
Breach detection investigation &
response
Device protection
Device integrity
Device control
Information protection
BitLocker and BitLocker to Go
Windows Information Protection
Threat resistance
SmartScreen
Microsoft Edge
Device Guard
Windows Defender Anti-Malware
Windows Defender Application Guard
Windows Hello :)
Credential Guard
Identity protection
Windows Hello :)
Credential Guard
Identity protection
Information protection
BitLocker and BitLocker to Go
Windows Information Protection
Azure RMS
M I C R O S O F T 2 0 1 5
TODAY’S SOLUTION: CREDENTIAL GUARD
Pass the Hash (PtH) attacks are the #1
go-to tool for hackers. Used in nearly
every major breach and APT type of
attack
Credential Guard uses VBS to isolate
Windows authentication from Windows
operating system
Protects LSA Service (LSASS) and
derived credentials (NTLM Hash)
Fundamentally breaks derived
credential theft using MimiKatz, an
open-source tool to perform Windows
security test.
https://github.com/gentilkiwi/mimikatz
Kernel
Windows Platform Services
Apps
Kernel
SystemContainer
Cre
den
tial
Gu
ard
Tru
stle
t#
2
Tru
stle
t#
3
Hypervisor
Device Hardware
Windows Operating System
Hyper-VHyper-V
THE WINDOWS 10 DEFENSE STACK
PROTECT, DETECT & RESPOND
PRE-BREACH POST-BREACH
Conditional Access
Windows Defender ATP
Breach detection
investigation &
response
Device protection
Device integrity
Device control
Information protection
BitLocker and BitLocker to Go
Windows Information Protection
Threat resistance
SmartScreen
Microsoft Edge
Device Guard
Windows Defender Anti-Malware
Windows Defender Application Guard
Windows Hello :)
Credential Guard
Identity protection
Information protection
BitLocker and BitLocker to Go
Windows Information Protection
Azure RMS
Conditional Access
Windows Defender ATP
Breach detection
investigation &
response
SHARING PROTECTION
Protect all file types. Create protected (p) version of files, e.g. ptxt, pjpg, pfile
Support for all commonly used devices and systems – Windows, OSX, iOS, Android
Azure Rights Management Services
THE WINDOWS 10 DEFENSE STACK
PROTECT, DETECT & RESPOND
PRE-BREACH POST-BREACH
Conditional Access
Windows Defender ATP
Breach detection
investigation &
response
Device protection
Device integrity
Device control
Information protection
BitLocker and BitLocker to Go
Windows Information Protection
Threat resistance
SmartScreen
Microsoft Edge
Device Guard
Windows Defender Anti-Malware
Windows Defender Application Guard
Windows Hello :)
Credential Guard
Identity protection
Information protection
BitLocker and BitLocker to Go
Windows Information Protection
Azure RMS
Conditional Access
Windows Defender ATP
Breach detection
investigation &
response
CONDITIONAL ACCESS CONTROL
On-Premises applications
Application
MAM controlled
Business sensitivity
Other
Network
location
Devices
Authenticated
MDM Managed
Compliant with policies
Not lost/stolen
User attributes
User identity
Group memberships
Auth strength (MFA)
Conditional access control
with EMS
WINDOWS DEFENDER ADVANCED THREAT PROTECTION
DETECT ADVANCED ATTACKS AND REMEDIATE BREACHES
Unique threat intelligence knowledge base Unparalleled threat optics provide detailed actor profiles
1st and 3rd party threat intelligence data.
Rich timeline for investigationEasily understand scope of breach. Data pivoting
across endpoints. Deep file and URL analysis.
Behavior-based, cloud-powered breach detectionActionable, correlated alerts for known and unknown adversaries.
Real-time and historical data.
Built into WindowsNo additional deployment & Infrastructure. Continuously
up-to-date, lower costs.
Windows 10
BACKUP FOR CONTINGENCY
Enable user seamlessly backup in nearly real-time, and self-service restore upon situation
• Designed for productivity. Fits for frequently modified files on selected folder (e.g. Documents)
• Gives backup of your data in the cloud and gives user access from any device
• File storage and sharingwith 1 TB storage per user.
BACKUP FOR CONTINGENCYEnable user seamlessly backup in nearly real-time, and self-service restore upon situation
• Designed for cloud backup storage endpoint, for both Windows client and server.
• IT control storage, that can be easily enlarged
• Backup is schedule-based.
32
