stefan van der wiele | protect users identities and control access to valuable resources based on...
TRANSCRIPT
Hello, I would like to read this document.
First, tell me who you are
Let me check if I can trust you
Azure AD MFA
Require MFA
Allow access
Deny access
Force password reset******
Limit access
Controls
Users
Devices
Location
Apps
Conditions
Machinelearning
Policies
Real timeEvaluationEngine
SessionRisk
3
10TB
Effectivepolicy
Identity Protection at its best
Risk severity calculation
Remediation recommendations
Risk-based conditional access automatically protects against suspicious logins and compromised credentials
Gain insights from a consolidated view of machine learning based threat detection
Leaked credentials
Infected devices Configuration
vulnerabilities Risk-based
policies
MFA Challenge Risky Logins
Block attacks
Change bad credentials
Machine-Learning Engine
Suspicious sign-in activities
Brute force attacks
Every day we:
Machine Learning for security
Azure Active Directory
Azure Active Directory
Credentials
Azure Active Directory
Azure Active Directory
Credentials
Schroedinger's
User
?
SeemsGood
SeemsBad
Coder
Azure Active DirectorySchroedinger's
User
?Credentials
Classifier
Azure Active Directory
Analysis
SeemsGood
SeemsBad
Classifier
Schroedinger's
User
?Credentials
Self-reporting Threat dataRelying parties Behavior10+ TB Logs
Azure Active Directory
Analysis
SeemsGood
SeemsBad
Classifier
Self-reporting Threat dataRelying parties Behavior10+ TB Logs
Schroedinger's
User
?Credentials
Azure Active Directory
Analysis
SeemsGood
SeemsBad
Classifier
Self-reporting Threat dataRelying parties Behavior
Schroedinger's
User
?
LabelData We were right!
Credentials
10+ TB Logs
Azure Active Directory
Analysis
SeemsGood
SeemsBad
Classifier
Self-reporting Threat dataRelying parties Behavior
Schroedinger's
User
?
LabelData
We were wrong!
Credentials
10+ TB Logs
We were right!
Azure Active Directory
Analysis
SeemsGood
SeemsBad
Classifier
Self-reporting Threat dataRelying parties Behavior
Schroedinger's
User
?
SecurityAnalyst Label
Data
We were wrong!
Credentials
10+ TB Logs
We were right!
Azure Active Directory
Analysis
SeemsGood
SeemsBad
Classifier
Self-reporting Threat dataRelying parties Behavior
Schroedinger's
User
?
SecurityAnalyst Label
Data
Code updatesto Classifier
We were wrong!
Credentials
10+ TB Logs
We were right!
Credentials
Azure Active Directory
Analysis
SeemsGood
SeemsBad
Classifier
Self-reporting Threat dataRelying parties Behavior
Schroedinger's
User
?
SecurityAnalyst Label
Data
Deploy newClassifier
Code updatesto Classifier
We were wrong!
10+ TB Logs
We were right!
Credentials
Azure Active Directory
Analysis
SeemsGood
SeemsBad
Classifier
Self-reporting Threat dataRelying parties Behavior
Schroedinger's
User
?
We were wrong!
AnalyzeLabelData
Update
Deploy
10+ TB Logs
We were right!
Learner
Credentials
Azure Active Directory
Analysis
SeemsGood
SeemsBad
Classifier
Self-reporting Threat dataRelying parties Behavior
Schroedinger's
User
?
LabelData We were right!
We were wrong!
Analyze
Update
Deploy
10+ TB Logs
Identity Protection in Action: EDU Attack
We noticed a sharp increase in password lockouts
Large elevation in user lockouts.
Inspection show lockout increase
from single org.
UsersLocked Out
Per Day
Suspicious IP activity very different from in-country IPs
Generally lower user volume
Generally successful
In-Country Traffic
SuspectIP
Mostly failure traffic
Single UserAgent
Detailed suspicious IP view showed automated attacks
Initial bad guy
test run
Large scale account
failures/minuteAccountsAccessed
Per-Minute,Suspect IP
Microsoft Security Days18.Oktober 2017
Axel Ciml
Oxford Computer Group GmbH
10.2017
Unternehmen
• Fokussiert auf Identity and Security Management inkl. organisatorischer Unterstützung seit 1999
• 8 Niederlassungen weltweit, ca. 180 Consultants
• Büro am MS Campus in Redmond
• Erstellen Webcast für MS und OCG (eigener Youtube Kanal)
• Erstellen offizielle Microsoft Trainingsunterlagen (ADFS, PKI, IdM etc)
User Story
Herausforderung
Wirtschaftsprüfer Hinweise:
Probleme bei MA Austritt
Probleme bei Verwaltung externeMitarbeiter
Mangelhaftes Reporting
Einführung Azure Dienste
Office 365
Azure RMS(AIP)
Azure MFA
Rechtekonzept in Azure
Hybridszenario und Anbindung weitererSAS Dienste (z.B. Salesforce)
Lösung
• Anbindung HR, externe MA Verwaltung
• Userselfservice, Zutrittskontrolle,
• Rollenmanagement, Smartcardverwaltung
• Zentrales Reporting über “alle” Systeme
• Synchronisation OrgDaten mit Azure
• Implementierung von Azure RMS
• inkl. Datenklassifizierung
• Automatische Lizenzzuweisung(intern/extern)
• Rechtevergabe auf Zeit (PIM)
• Integration Salesforce in bestehendeUmgebung
• Hybrid da Vorgabe durch Kunden
Mehrwert
Kostenersparnis,
Servicelevel wurde erhöht
Hohe Dezentralisierung der administrativen Tätigkeiten
Sicherheitsvorgaben des Kunden erfüllen
Schutz des geistigen Eigentums
Flexibilität bei Produktauswahl (Cloud –on Prem)
Erhöhung der Sicherheit durch gezielte Lizenzvergabe
Vereinfachung der Benutzerverwaltung
Rasche Erweiterung ohne Änderung bestehender Infrastruktur
Nutzung unserer Expertise
• ½ tägiger Workshop: Einführung in ein IdM Projekt
• Zugriff auf fast 20 Jahre Expertise in der Umsetzung von IdM Projekten
• Wie bereit ist Ihr Unternehmen?
• Worauf ist zu achten?
• Wen benötigt man in einem IdM Projektteam?
• Welche sind die nächsten Schritte?
• Beantwortung Ihrer Fragen zu diesem Thema
• Ziel:
• Persönlicher Fahrplan wie Sie in ein IdM Projekt starten können
Offering
Kontakt
www.oxfordcomputergroup.at
