security transformation overview - oxford computer group...
TRANSCRIPT
![Page 1: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/1.jpg)
Security Transformation Overview
James Cowling, CTO
NYC CISO Forum
![Page 2: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/2.jpg)
Do Not Distribute
![Page 3: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/3.jpg)
Do Not Distribute
•••
Agenda
![Page 4: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/4.jpg)
Do Not Distribute
•••••
Introductions
![Page 5: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/5.jpg)
Do Not Distribute
![Page 6: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/6.jpg)
Do Not Distribute
•••
•••
Technical and Market Drivers
![Page 7: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/7.jpg)
Do Not Distribute
••
•••
•
•••
What is the Security Transformation?
![Page 8: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/8.jpg)
Do Not Distribute
•
Cyber Attack Cycles
![Page 9: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/9.jpg)
Do Not Distribute
Red Team vs Blue Team
Recon Delivery Foothold Persist Move Elevate Exfiltrate
Gather Detect Alert Triage Context Plan Execute
![Page 10: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/10.jpg)
Do Not Distribute
Increasing Response Speed
Recon Delivery Foothold Persist Move Elevate Exfiltrate
Gather Detect Alert Triage Context Plan Execute
![Page 11: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/11.jpg)
Do Not Distribute
•
•••
Massive Data and Machine Learning
![Page 12: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/12.jpg)
Do Not Distribute
Security Solutions
![Page 13: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/13.jpg)
Do Not Distribute
Security Solutions
![Page 14: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/14.jpg)
Do Not Distribute
•••
•
••
•
Data Protection
![Page 15: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/15.jpg)
Do Not Distribute
••
•
Cloud App Security - Discovery
![Page 16: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/16.jpg)
Do Not Distribute
App Security Scoring
![Page 17: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/17.jpg)
Do Not Distribute
Data Leak Visibility
![Page 18: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/18.jpg)
Do Not Distribute
Data Leak Analysis
![Page 19: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/19.jpg)
Do Not Distribute
Policy Controls
![Page 20: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/20.jpg)
Do Not Distribute
Policy Violations
![Page 21: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/21.jpg)
Do Not Distribute
Security Solutions
![Page 22: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/22.jpg)
Do Not Distribute
Security Solutions
![Page 23: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/23.jpg)
Do Not Distribute
•
•
•
•
•
Endpoint Protection
![Page 24: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/24.jpg)
Do Not Distribute
Malware Protection and Analysis
![Page 25: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/25.jpg)
Do Not Distribute
Incident Analysis
![Page 26: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/26.jpg)
Do Not Distribute
Malware Deep Analysis
![Page 27: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/27.jpg)
Do Not Distribute
•
•
•
Global Signals, used Globally
![Page 28: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/28.jpg)
•
•
Correlation as Data Graph
![Page 29: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/29.jpg)
Do Not Distribute
••
•
•
•
•
Azure Security Graph
![Page 30: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/30.jpg)
Do Not Distribute
Malware Machine Activity
![Page 31: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/31.jpg)
Do Not Distribute
O365 Threat Protection
![Page 32: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/32.jpg)
Do Not Distribute
Machine Activity Details
![Page 33: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/33.jpg)
Do Not Distribute
Real-Time Threat Analysis
![Page 34: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/34.jpg)
Do Not Distribute
Microsoft Advanced Threat AnalyticsSecurity Information and Event Management (SIEM)
ATA
Devices and servers
Behavioral analytics
Forensics for known attacks and issues
Advanced Threat Analytics
Profile normal entity behavior (normal versus abnormal)
Search for known security attacks and issues
Detect suspicious user activities, known attacks, and issues
SIEM Active
Directory
![Page 35: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/35.jpg)
Do Not Distribute
Security Solutions
Azure Security Graph
![Page 36: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/36.jpg)
Do Not Distribute
Anomaly detection• Heuristic and machine learning
Risk event detection• Per user risk level
Risk based policies• Require MFA for risky accounts
Azure AD Identity protection
![Page 37: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/37.jpg)
Do Not Distribute
Azure AD Identity Protection -Dashboard
![Page 38: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/38.jpg)
Do Not Distribute
Azure AD Identity Protection –Risk Events
![Page 39: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/39.jpg)
Do Not Distribute
Identity-Driven Security
Conditions
Allow accessOr
Block access
Actions
Enforce MFA per user/per app
Location (IP range)
Device state
User groupUser
NOTIFICATIONS, ANALYSIS, REMEDIATION,
RISK-BASED POLICIESCLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT
MFA
IDENTITY
PROTECTION
Risk
![Page 40: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/40.jpg)
Do Not Distribute
Operations Management Suite
![Page 41: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/41.jpg)
Do Not Distribute
Gain Insight
![Page 42: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/42.jpg)
Do Not Distribute
Create Alerts
![Page 43: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/43.jpg)
Do Not Distribute
Security Solutions
Azure Security Graph
![Page 44: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/44.jpg)
Do Not Distribute
Security Solutions
Azure Security Graph
![Page 45: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/45.jpg)
Do Not Distribute
••••••
••
•
•
Identity Governance and Protection
![Page 46: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/46.jpg)
Do Not Distribute
•••••
•
Third Party solutions
![Page 47: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/47.jpg)
Do Not Distribute
Security Solutions
Azure Security Graph
![Page 48: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/48.jpg)
Do Not Distribute
Security Solutions
Azure Security Graph
![Page 49: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/49.jpg)
Do Not Distribute
•
•
•
•
Impact of the Security Transformation
![Page 50: Security Transformation Overview - Oxford Computer Group USoxfordcomputergroup.com/.../Security-Transformation-Overview-5-10 … · Security Transformation Overview James Cowling,](https://reader034.vdocuments.site/reader034/viewer/2022042803/5f4a5dd99a9e1a76956b089c/html5/thumbnails/50.jpg)
Do Not Distribute
•
•••
•
Can you profit from Security Transformation?