modern desktop security -...
TRANSCRIPT
MODERN DESKTOP SECURITY
“I’M GOING TO BE HONEST.
WE’RE IN THE FIGHT OF OUR DIGITAL LIVES,
AND WE ARE NOT WINNING!”
M I C H A E L M C C A U L , C H A I R M A N , U S H O M E L A N D S E C U R I T Y C O M M I T T E E
RANSOMWARE HAS BECOME THE BLACK PLAGUE
"We can not say it loud and often enough, ransomware has become the black plague of the internet, spread by highly sophisticated exploit kits and countless spam campaigns. ," says Cisco’s Talos. Attackers are going after bigger targets that can afford to pay more, with potentially catastrophic consequences”
A dangerous piece
of PC ransomware
is now impossible
to crackSTEVE DENT
Engadget
March 17, 2016
Source: A dangerous piece of PC ransomware is now impossible to crack, Steve Dent, Engadget, Macrh 17, 2016
Evolution of Attacks
Mischief
Script Kiddies
Unsophisticated
Fraud and Theft
Organized Crime
Recently achieved apex attacker status, well resourced
Damage and Disruption
Nations, Terror Groups, Activists
Traditional apex attackers, well resourced
Threat
Protection
Protect, detect, and
respond to the most
advanced threats using
advanced based hardware
security and the power of
the cloud
THE MODERN DESKTOP SECURITYPROTECT, DETECT & RESPOND
Identity
ProtectionKick passwords to the curb
with a convenient, easy to
use and enterprise-grade
alternative that is designed
for today’s mobile-first
world.
Information
ProtectionProtect data on lost and
stolen devices and prevent
accidental data leaks using
data separation,
containment, and
encryption.
Servicing and Centralized Security Management
Threat
Protection
THE MODERN DESKTOP SECURITYPROTECT, DETECT & RESPOND
Identity
Protection
Information
Protection
Servicing and Centralized Security Management
BitLocker
Windows Information Protection
Device Encryption
Windows Hello
Azure Active Directory Premium
Credential GuardWindows Firewall
Windows Defender SmartScreen
Windows Defender ATP
Windows Defender Antivirus
Microsoft Edge
Device Guard
Office 365 ATP
Microsoft Cloud App Security
Azure Information ProtectionAdvanced Threat Analytics
Threat
Protection
THE MODERN DESKTOP SECURITYPROTECT, DETECT & RESPOND
Identity
Protection
Information
Protection
Servicing and Centralized Security Management
BitLocker
Windows Information Protection
Device Encryption
Windows Hello
Azure Active Directory Premium
Credential GuardWindows Firewall
Windows Defender SmartScreen
Windows Defender ATP
Windows Defender Antivirus
Microsoft Edge
Device Guard
Office 365 ATP
Microsoft Cloud App Security
Azure Information ProtectionAdvanced Threat Analytics
Office 365 ATP
Safe Links Provides time-of-click
malicious URL detection
Safe Attachments Helps protect against
malicious attachments
URL Detonation Scan files that are linked in
email via URLs to websites
Multiple features, maximum security
Safe Links
Helps protect against phishing and sites with malicious content.
Provides visibility into compromised users for administrators.
Rewrites all URLs to proxy through an EOP server.
IP + envelope filter
Signature-based AV
Blocking known exploits
EOP user without Office 365 ATP
EOP user with Office 365 ATP
Anti-spam filter
http://www.
Web serversperform latest URL reputation check
User clicking URL is taken to EOP web servers for the latest check at the “time-of-click”
Rewriting URLs to redirect to a web server
Safe LinksAdmin sets policy
Users notified if a
malicious link is
clicked in email
Helps protect against zero-day exploits in email attachments.
Provides visibility into compromised users for administrators.
Leverages sandboxing technology.
IP + envelope filter
Signature-based AV
Blocking known exploits
EOP user without Office 365 ATP
EOP user with Office 365 ATP
Anti-spam filter
Safe Attachments
Dynamic Delivery
TRADITIONAL PLATFORM STACK
JUST ONE VULNERABIL ITY AWAY FROM FULL COMPROMISE
Device Hardware
Kernel
Windows Platform Services
Apps
Kernel
Windows Platform Services
Apps
Kernel
Windows Defender System Guard
Tru
stle
t#
1
Tru
stle
t#
2
Tru
stle
t#
3
Hypervisor
Device Hardware
Windows Operating System
Hyper-VHyper-V
VIRTUALIZATION BASED SECURITY WITH
WINDOWS DEFENDER SYSTEM GUARD
“PASS THE HASH” ATTACKS
Today’s security challenge
1. Single IT Pro’s machine is
compromised
IT Pro manages kiosks/shared devices on
network
Attacker steals IT Pro’s access token
2. Using IT Pros access token
attacker looks for kiosk/shared devices and
mines them for tokens
3. Repeat
TODAY’S SECURITY CHALLENGE:PASS THE HASH ATTACKS
Access to one device can lead to access to many
TODAY’S SOLUTION: CREDENTIAL GUARD
• Pass the Hash (PtH) attacks are the
#1 go-to tool for hackers. Used in
nearly every major breach and APT
type of attack
• Credential Guard uses Windows
Defender System Guard to isolate
Windows authentication from
Windows operating system
• Protects LSA Service (LSASS) and
derived credentials (NTLM Hash)
• Fundamentally breaks derived
credential theft using MimiKatz,
Kernel
Windows Platform Services
Apps
Kernel
Windows Defender System Guard
Cre
de
nti
al
Gu
ard
Tru
stle
t#
2
Tru
stle
t#
3
Hypervisor
Device Hardware
Windows Operating System
Hyper-VHyper-V
SLIDE TITLE
APPS
TODAY’S CHALLENGE:
OUR ANSWER: APPS MUST EARN TRUST BEFORE USE
WINDOWS DEFENDER ANTI-VIRUS PROTECTION
Built into Windows and Always Up-To-DateNo additional deployment & Infrastructure. Continuously up-to-
date, lower costs
Tamper ResistantWindows Trusted Boot and platform isolation and protect
Windows Defender from attacks and enable it to self-repair
Behavior and cloud-powered malware detectionCan detect fast changing malware varietals using behavior monitoring
and cloud-powered protection that expedites signature delivery
Protection that competes to winScored 100% detection in Real World Testing against top
competitors (AVTest Feb 2017).
ATTACKS HAPPEN FAST AND ARE HARD TO STOP
If an attacker sends an email
to 100 people in your
company…
…23 people will open it… …11 people will open the
attachment…
…and six will do it in the
first hour.
WINDOWS DEFENDER ADVANCED THREAT PROTECTION
DETECT ADVANCED ATTACKS AND REMEDIATE BREACHES
Unique threat intelligence knowledge base Unparalleled threat optics provide detailed actor profiles
1st and 3rd party threat intelligence data.
Rich timeline for investigationEasily understand scope of breach. Data pivoting
across endpoints. Deep file and URL analysis.
Behavior-based, cloud-powered breach detectionActionable, correlated alerts for known and unknown adversaries.
Real-time and historical data.
Built into WindowsNo additional deployment & Infrastructure. Continuously
up-to-date, lower costs.
CUSTOMER