Without great security, Digital Identity is not worth the electrons it’s written on

Alex Simons Director of Program Management Microsoft Corporation

90%

organizations using Microsoft Active Directory WW

500M

10B daily Microsoft Account logons

active Microsoft Account users 5.5M

organizations using Microsoft Azure Active Directory

>1,000

Microsoft engineers working on Identity

and Security

The frequency and sophistication of cybersecurity attacks are escalating

$500B

total potential cost of cybercrime to the

global economy

$3.5M

average cost of a data breach to a

company

200+

median # days attackers reside within a victim’s

network before detection

network intrusions due to compromised

user credentials

75%+

rule-based detection static analysis

machine learning anomaly detection

real-time risk scoring device profiling

adaptive authentication conditional access

smart cards security tokens

OTPs & OATH codes authenticator apps

biometrics

dedicated teams threat intelligence

dark web shared intelligence

bounties

Credential Hardening

Dynamic Mitigation

Attack Intelligence

Advanced Detection

On premises

In the cloud

Machine Learning

User and Entity Behavior Analytics

Brute force

cameron cameron1 cameron2 cameron3 cameron4 cameron5 cameron6 cameron7 cameron8 cameron9 cameron10 cameron11 cameron12 cameron13 cameron14 cameron15 cameron16 cameron17 cameron18 cameron19 cameron25 cameron26 cameron27 cameron28 cameron29 cameron30 cameron31 cameron32 cameron33 cameron34 cameron35 cameron36 cameron37 cameron38 cameron39 cameron40 cameron41 cameron42 cameron43 cameron44 cameron45 cameron46 cameron47 cameron48 cameron49 cameron50 ÛÛÛÛÛÛÛÛÛÛÛÛ

Monitoring abuse across tenants

Bad username

IP address: 199.34.28.10

Probable Penetration

IP address: 199.34.28.10

Bad username

Bad password

Bad password

Bad username Bad password

Bad username

Bad username

Logon Successful

Anonymizers

IP address: 199.34.28.10

IP address: 199.34.28.10

N

Botnets

192.168.1.10 10.18.91.42 172.16.4.19 192.168.1.12 172.16.11.14 199.34.28.10 192.168.9.5 172.16.21.98 10.129.6.21 172.16.5.2

172.16.42.2 192.168.14.11 172.16.82.14 10.111.4.53 192.168.21.1 10.34.71.5 172.16.87.9 192.168.28.10 172.16.25.6 10.4.221.34

199.34.28.10

199.34.28.10 199.34.28.10

Security issues and risks

Broken trust Weak protocols Known protocol vulnerabilities

Malicious attacks

Pass-the-Ticket (PtT) Pass-the-Hash (PtH) Overpass-the-Hash Forged PAC (MS14-068)

Golden Ticket Skeleton key malware Reconnaissance BruteForce

Abnormal behavior

Anomalous logins Remote execution Suspicious activity

Unknown threats Password sharing Lateral movement

http://aka.ms/aadtrial

http://aka.ms/atatrial