enterprise mobility + security (ems)€¦ · management pc protection from malware pc software...
TRANSCRIPT
Helping you grow your business with
scalable IT services & solutionsfor today’s challenges & tomorrow’s vision.
© 2019 Peters & Associates, Inc. All rights reserved.
Enterprise Mobility + Security (EMS)
Apply EM+S to the Real World
January 24th, 2019
Bruce Ward, VP of Business StrategyAdam Gassensmith, Manager of Client Engagement
© 2019 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsPeters & Associates Security Wheel
DATAControls surround Data
+EMS E5
Azure Active Directory P2
Risk based conditional access
Identity Protection Portal
Identity and access management
Azure Active Directory P1
Single sign-on (SSO) for all apps
Conditional MFA, Password Self Service, Dynamic Groups
Cloud App Security - ALL
Visibility and control for all cloud apps
Identity-driven security
Advanced Threat Analytics
Identify advanced threats in on premises identities
Azure Information Protection Plan 2
Automated intelligent classification and labeling of data + AIP Scanner
Information protection
Managed mobile productivity
Intune
App management (MAM)
Device management (MDM)
PC management
Azure Information Protection Plan 1
Tracking and notifications for shared documents
+EMS E3
© 2019 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsPeters & Associates Security Wheel
DATAIdentity
+EMS E5
Azure Active Directory P2
Risk based conditional access
Identity Protection Portal
Identity and access management
Azure Active Directory P1
Single sign-on (SSO) for all apps
Conditional MFA, Password Self Service, Dynamic Groups
Cloud App Security - ALL
Visibility and control for all cloud apps
Identity-driven security
Advanced Threat Analytics
Identify advanced threats in on premises identities
Azure Information Protection Plan 2
Automated intelligent classification and labeling of data + AIP Scanner
Information protection
Managed mobile productivity
Intune
App management (MAM)
Device management (MDM)
PC management
Azure Information Protection Plan 1
Tracking and notifications for shared documents
+EMS E3
Network Perimeter
Office 365
Approved Cloud Services
Unmanaged Devices
Shadow ITThreatsPersistent
Network perimeter works…except for threats such as• Phishing • Credential theft
+ External Data and Devices
= Identity security perimeter▪ Multi-factor Authentication ▪ Conditional Access ▪ Login Risk intelligence
Resources
Identity Perimeter
EMS connects your workforce to 1000s of cloud and on-premises applications using one unified identity.
Single sign-on to Office 365 and all other applications
User
SINGLE SIGN-ON TO ALL APPS
On-premises
applications
Microsoft Azure
Cloud HR
Web apps
(Azure Active Directory Application Proxy)
Integrated
custom apps
SaaS apps
HR and other directories
2500+ popular SaaS apps
Connect and sync on-premises directories
with Azure
Easily publish on-premises web apps via
Application Proxy + Custom apps
through a rich standards-based platform
Microsoft Azure AD
Account, apps and group management
Self-service password reset
Application access requests
Integrated Office 365 app launching
Self-service capabilities in EMS include:
Conditional Access Controls
Conditions
Allow access
Or
Block access
Actions
Enforce MFA
per user/per
app
Location
Device state
User/Application
MFA
Risk
User
IDENTITY – DRIVEN SECURITY
USER
Role: Sales Account Rep
Group: London Users
Client: Mobile
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
CONDITIONAL
ACCESS RISK
Health: Fully patched
Config:Managed
Last seen: London, UK
High
Medium
Low Allow access
TRAVEL EXPENSE
APP
USER
Role: VP Marketing
Group: Executive Users
Client: Mobile
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
CONDITIONAL
ACCESS RISK
Health: Fully patched
Config:Managed
Last seen: London, UK
High
Medium
Low Require MFA
CONFIDENTIAL
SALES APP
CONDITIONAL
ACCESS POLICY
User is a member of
a sensitive group.
Application is classified
High Business Impact.
USER
Role: Sales Account Representative
Group: London Users
Client: Mobile
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
SALES APP
CONDITIONAL
ACCESS RISK
Health: Unknown
Client: Browser
Config: Anonymous
Last seen: Asia
High
Medium
Low
Anonymous IP
Unfamiliar sign-in location for this user
Block access
Force password reset
Infected devices
Suspicious sign-in activities
Brute force attacks
Leaked credentials
Configuration vulnerabilities
Block attacks
Change bad credentials
MFA challengerisky logins ?Risk based Conditional Access
automatically protects against suspicious logins and compromised credentials
Detect and remediate configuration vulnerabilities to improve your security posture
Gain insights from a consolidated view of machine learning based threat detection
Risk-based policies
+EMS E5
Azure Active Directory P2
Risk based conditional access
Identity Protection Portal
Identity and access management
Azure Active Directory P1
Single sign-on (SSO) for all apps
Conditional MFA, Password Self Service, Dynamic Groups
Cloud App Security - ALL
Visibility and control for all cloud apps
Identity-driven security
Advanced Threat Analytics
Identify advanced threats in on premises identities
Azure Information Protection Plan 2
Automated intelligent classification and labeling of data + AIP Scanner
Information protection
Managed mobile productivity
Intune
App management (MAM)
Device management (MDM)
PC management
Azure Information Protection Plan 1
Tracking and notifications for shared documents
+EMS E3
© 2019 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsImplementation Overview
Department Leaders
Company Leaders
Representative User Group
Technology Team
What Decisions Need to be Made?
Who Needs to be Involved?
Challenges and Considerations
What login scenarios do we want to account for?
What conditions should be met?
Application Selection
Impact on User Experience
Plan, Test, Adjust, Plan
Early involvement of non-IT parties
© 2019 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsOFFER: MFA POC
Technology User Experience
Conditions Expertise
MFA POC
Results-driven
+EMS E5
Azure Active Directory P2
Risk based conditional access
Identity Protection Portal
Identity and access management
Azure Active Directory P1
Single sign-on (SSO) for all apps
Conditional MFA, Password Self Service, Dynamic Groups
Cloud App Security - ALL
Visibility and control for all cloud apps
Identity-driven security
Advanced Threat Analytics
Identify advanced threats in on premises identities
Azure Information Protection Plan 2
Automated intelligent classification and labeling of data + AIP Scanner
Information protection
Managed mobile productivity
Intune
App management (MAM)
Device management (MDM)
PC management
Azure Information Protection Plan 1
Tracking and notifications for shared documents
+EMS E3
On-premises abnormal behavior and advanced threat detection
Identity-based attack and threat detection
Anomaly detectionfor cloud apps
!!
!
Analyze1 After installation:
• Simple non-intrusive port mirroring, or
deployed directly onto domain controllers
• Remains invisible to the attackers
• Analyzes all Active Directory network traffic
• Collects relevant events from SIEM and
information from Active Directory (titles,
groups membership, and more)
ATA:
• Automatically starts learning and profiling
entity behavior
• Identifies normal behavior for entities
• Learns continuously to update the activities
of the users, devices, and resources
Learn2
What is entity?
Entity represents users, devices, or resources
Detect3 Microsoft Advanced Threat Analytics:
• Looks for abnormal behavior and identifies
suspicious activities
• Only raises red flags if abnormal activities are
contextually aggregated
• Leverages world-class security research to detect
security risks and attacks in near real-time based on
attackers Tactics, Techniques, and Procedures (TTPs)
ATA not only compares the entity’s behavior
to its own, but also to the behavior of
entities in its interaction path.
Abnormal resource access
Account enumeration
Net Session enumeration
DNS enumeration
Abnormal working hours
Brute force using NTLM, Kerberos or LDAP
Sensitive accounts exposed in plain text authentication
Service accounts exposed in plain text authentication
Honey Token account suspicious activities
Unusual protocol implementation
Malicious Data Protection Private Information (DPAPI) Request
Abnormal authentication requests
Abnormal resource access
Pass-the-Ticket
Pass-the-Hash
Overpass-the-Hash
MS14-068 exploit (Forged PAC)
MS11-013 exploit (Silver PAC)
Skeleton key malware
Golden ticket
Remote execution
Malicious replication requests
Reconnaissance
Compromised
Credential
Lateral
Movement
Privilege
Escalation
Domain
Dominance
+EMS E5
Azure Active Directory P2
Risk based conditional access
Identity Protection Portal
Identity and access management
Azure Active Directory P1
Single sign-on (SSO) for all apps
Conditional MFA, Password Self Service, Dynamic Groups
Cloud App Security - ALL
Visibility and control for all cloud apps
Identity-driven security
Advanced Threat Analytics
Identify advanced threats in on premises identities
Azure Information Protection Plan 2
Automated intelligent classification and labeling of data + AIP Scanner
Information protection
Managed mobile productivity
Intune
App management (MAM)
Device management (MDM)
PC management
Azure Information Protection Plan 1
Tracking and notifications for shared documents
+EMS E3
© 2019 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsImplementation Overview
Department Leaders
Company Leaders
Compliance or Governance Team
Technology Team
What Decisions Need to be Made?
Who Needs to be Involved?
Challenges and Considerations
What activity are we concerned about?
Who should be alerted and what action should be
taken?
Data and alert overload
Understanding alert thresholds
Total App Coverage
© 2019 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsPeters & Associates Security Wheel
DATAApps and Devices
+EMS E5
Azure Active Directory P2
Risk based conditional access
Identity Protection Portal
Identity and access management
Azure Active Directory P1
Single sign-on (SSO) for all apps
Conditional MFA, Password Self Service, Dynamic Groups
Cloud App Security - ALL
Visibility and control for all cloud apps
Identity-driven security
Advanced Threat Analytics
Identify advanced threats in on premises identities
Azure Information Protection Plan 2
Automated intelligent classification and labeling of data + AIP Scanner
Information protection
Managed mobile productivity
Intune
App management (MAM)
Device management (MDM)
PC management
Azure Information Protection Plan 1
Tracking and notifications for shared documents
+EMS E3
Mobile application management (MAM)
Manage PC / MAC (Intune or SCCM)
Mobile device management (MDM)
ITUser
Microsoft Intune
Mobile App Management (MAM)Protecting App and Data on unmanaged devices
Personal apps
Managed apps
User
Enroll
• Provide a self-service Company
Portal for users to enroll devices
• Deliver custom terms and
conditions at enrollment
• Bulk enroll devices using Apple
Configurator or service account
• Restrict access to Exchange
email if a device is not enrolled
Retire
• Revoke access to corporate
resources
• Perform selective wipe
• Audit lost and stolen devices
Provision
• Deploy certificates, email, VPN,
and WiFi profiles
• Deploy security policy
• Install mandatory apps
• Deploy app restriction policies
• Deploy data protection policies
Manage and Protect
• Restrict access to corporate
resources if policies are violated
(e.g., jailbroken device)
• Protect corporate data by
restricting actions such as
copy/cut/paste/save outside of
managed app ecosystem
• Report on device and app
compliance
User IT
Intune standalone (cloud only)
Lightweight, agentless OR agent-based
management
PC protection from malware
PC software update management
Software distribution
Proactive monitoring and alerts
Hardware and software inventory
Policies for Windows Firewall management
Intune SCCM
Lightweight, agentless OR agent-based
management
Lightweight, agentless OR comprehensive agent-based management
PC protection from malware PC protection from malware
PC software update management PC software update management
Software distribution Software distribution
Proactive monitoring and alerts Proactive monitoring and alerts
Hardware and software inventory Hardware and software inventory
Policies for Windows Firewall management Policies for Windows Firewall management
Operating system deployment
PC, mobile device, Windows Server, Linux/Unix, Mac, and virtual desktop
management
Power management
Custom reporting
© 2019 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsOFFER: EMS Proof of Concept
https://www.peters.com/solutions-services/cloud-architecture/ems-fasttrack/
+EMS E5
Azure Active Directory P2
Risk based conditional access
Identity Protection Portal
Identity and access management
Azure Active Directory P1
Single sign-on (SSO) for all apps
Conditional MFA, Password Self Service, Dynamic Groups
Cloud App Security - ALL
Visibility and control for all cloud apps
Identity-driven security
Advanced Threat Analytics
Identify advanced threats in on premises identities
Azure Information Protection Plan 2
Automated intelligent classification and labeling of data + AIP Scanner
Information protection
Managed mobile productivity
Intune
App management (MAM)
Device management (MDM)
PC management
Azure Information Protection Plan 1
Tracking and notifications for shared documents
+EMS E3
© 2019 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsImplementation Overview
Company Leaders
Compliance or Governance Team
Technology Team
What Decisions Need to be Made?
Who Needs to be Involved?
Challenges and Considerations
What level of control do we need?
Legal or compliance requirements?
Device mix
Applications
Handling device mix
Organization Security vs User privacy
Determining which applications hold data
© 2019 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsPeters & Associates Security Wheel
DATAData = crown jewels
+EMS E5
Azure Active Directory P2
Risk based conditional access
Identity Protection Portal
Identity and access management
Azure Active Directory P1
Single sign-on (SSO) for all apps
Conditional MFA, Password Self Service, Dynamic Groups
Cloud App Security - ALL
Visibility and control for all cloud apps
Identity-driven security
Advanced Threat Analytics
Identify advanced threats in on premises identities
Azure Information Protection Plan 2
Automated intelligent classification and labeling of data + AIP Scanner
Information protection
Managed mobile productivity
Intune
App management (MAM)
Device management (MDM)
PC management
Azure Information Protection Plan 1
Tracking and notifications for shared documents
+EMS E3
Enterprise Mobility + Security
Protect yourdata anywhere
of workers have accidentally shared sensitive data to the wrong person
58%
Stroz Friedberg
© 2019 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsAzure Information Protection (AIP)
Data protection at rest
Data protection at rest
Data protection at rest
Data Protection in motion Data Protection in motion
Information can be protected with RMS at rest or in motion
Data protection at rest
Constoso Page|1 CONFIDENTIAL
DueDiligenceDocumentationDueDiligenceCategory DocumentationTask Owner Status
BusinessPlan,CorporateStructure,Financing
Businessplan Currentfive-yearbusinessplan
Priorbusinessplan
Corporateorganization
Articlesofincorporation
Bylaws
Recentchangesincorporatestructure
Parent,subsidiaries,andaffiliates
Shareholders’agreements
Minutesfromboardmeetings
Shareholders Numberofoutstandingshares
Stockoptionplan
Samplesofcommonandpreferredstockcertificates,debentures,andotheroutstandingsecurities
Warrants,options,andotherrightstoacquireequitysecurities
Currentshareholders,includingnumberofsharesowned,datesthatshareswereacquired,considerationsreceived,andcontact
information
Relevantprivateplacementmemorandaandotherofferingcirculars
Lenders Convertible,senior,orotherdebtfinancing
Banklinesofcredit,loanagreements,orguarantees
Loandefaultsorexpecteddefaults
Recentcorporatetransactions
Descriptionandrationaleforeachtransaction
Purchaseandsaleagreements
Regulations Businesslicenses
Environmentalpermits
Workers’healthandsafetypermits
Marketing,Products,Sales,Service
Marketanalysis Competitionbyproductline(includecontactdetails,marketsize,marketshare,andcompetitiveadvantagesanddisadvantages)
Industryandmarketresearch
Tradepublicationsandcontactinformation
+EMS E5
Azure Active Directory P2
Risk based conditional access
Identity Protection Portal
Identity and access management
Azure Active Directory P1
Single sign-on (SSO) for all apps
Conditional MFA, Password Self Service, Dynamic Groups
Cloud App Security - ALL
Visibility and control for all cloud apps
Identity-driven security
Advanced Threat Analytics
Identify advanced threats in on premises identities
Azure Information Protection Plan 2
Automated intelligent classification and labeling of data + AIP Scanner
Information protection
Managed mobile productivity
Intune
App management (MAM)
Device management (MDM)
PC management
Azure Information Protection Plan 1
Tracking and notifications for shared documents
+EMS E3
© 2019 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsImplementation Overview
Department Leaders
Company Leaders
Compliance or Governance Team
Technology Team
What Decisions Need to be Made?
Who Needs to be Involved?
Challenges and Considerations
What document types do we have?
Who should have access to what?
Can automatic tagging be used?
Data classification efforts
User Experience
Monitoring automatic classification efforts
© 2019 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
1. Data Subject Requests (DSR, DSAR)
• Have obligation to find, produce, and delete/change PII– Extremely difficult (data all over the place, O365, file shares, etc)
– Need to comb through a lot of data in a short period of time (30 days)
– Need full audit trail/technology enablement
– Need a repeatable and defensible process
2. Breach prevention/notification – Protect data at perimeter, source, and in-transit
– Detect and notify of breaches
GDPR Technical Risk Areas
© 2019 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutions
Recap
OFFERS:
"It was an eye-opening exercise to put our security goals / use-cases to paper - then map out the process and Microsoft technology required. In the end, Microsoft Conditional Access allowed us to balance our need for stringent security with a solid user experience.“
- Director of Information Systems, International Manufacturer in Chicagoland
© 2015 Peters & Associates, Inc. All rights reserved.© 2019 Peters & Associates, Inc. All rights reserved.
To ask questions, either:
1) Take phone off mute, ask.
2) Type question in IM Window
1801 S. Meyers Road, Suite 120Oakbrook Terrace, IL 60181
(630) 832-0075
Thank you!
© 2019 Peters & Associates, Inc. All rights reserved.
Bruce Ward