Microsoft CISO Workshop

1 – Cybersecurity Briefing

Microsoft Cybersecurity Solutions Group

Introductions

Expectations
Name Role
for today
“Security is our top priority and
we are committed to working
with others across the industry
to protect our customers.”
Satya Nadella
Chief Executive Officer, Microsoft Corporation

Ensuring security to enable your digital

transformation through a comprehensive platform,
unique intelligence, and broad partnerships
Microsoft CISO workshop
Lunch
Your strategy Security management
learnings and principles

Kickoff and introduction

Identity and access management

Threat protection
(A) Identify-Protect
(B) Detect-Respond-Recover
Information protection

Joint planning

CISO WORKSHOP OBJECTIVE:

Learn how Microsoft can help you achieve your cybersecurity goals
Microsoft Cybersecurity Briefing
CxO View CISO View – Cybersecurity Landscape + Microsoft Approach Next steps

Platform

Key Strategies
Accelerating
Cybersecurity Resilience Intelligence
Threats
CISO Workshop

Imperatives & Partners

Opportunities
Digital
Transformation

Security Hygiene

Technical capabilities
PC & Mobile Software As A Service Information
Identity & Access
Devices (Saas) Protection

Critical Hygiene

Reference Architecture
Cloud Platform IoT And Operational
Security Operations Center Hybrid Cloud Infrastructure
(SOC) Technology
Security
& Trust
Threat evolution is accelerating

Malware-Less Attacks

‘File-less’ Malware

Tailored/Targeted Malware

Mass Distribution Malware

THREAT
AGES
Malware and Infrastructure Identity and Apps
 Your enterprise in transformation
Requires a modern identity and access security perimeter
Cloud Technology

SaaS adoption

Modern Enterprise Perimeter

Infrastructure as a Service Platform as a Service

Internet of Things 1st class mobile experience

ENGAGE EMPOWER OPTIMIZE TRANSFORM

YOUR CUSTOMERS YOUR EMPLOYEES YOUR OPERATIONS YOUR PRODUCTS
Building a resilient cybersecurity program

On-
Responsibility SaaS PaaS IaaS prem

Information and Data

Devices (Mobile and PCs) ESTABLISH A MODERN PERIMETER

Accounts and Identities

Identity and directory infrastructure

Applications

Network Controls
MODERNIZE INFRASTRUCTURE SECURITY
Operating system

Physical hosts

Physical network
“TRUST BUT VERIFY” EACH CLOUD PROVIDER
Physical datacenter

Microsoft Customer
Running Dual Perimeters

ATTACKERS
ATTACKERSUSING
USINGIDENTITY
IDENTITYTACTICS
TACTICS
SECURING
SECURINGMODERN
MODERNSCENARIOS
SCENARIOS(CLOUD,
(CLOUD,MOBILE,
MOBILE,IOT)
IOT)

MODERN PERIMETER
(Identity Controls)

CLASSIC PERIMETER
(Network Controls)

FULLY
FULLYZERO
ZEROTRUST
TRUST
Evolution of Roles and Responsibilities
MODERN PERIMETER
Modern Architectures
(Identity Controls)
CLASSIC PERIMETER
Legacy Architectures
(Network Controls)

“STOP THE PRESSES!” CONTINUOUS VALIDATION

Security roles will change with architectural/operational models

Manual Resource Administration Administration

Administration Author & Govern Automation

Containment at all layers

Containment with Network Network
NetworkContainment
Containment (Net, App, ID, Data, etc.)

Quality Check Before Release Development

Development Security SME in DevOps process

Project based Engagement Architecture

Architecture Continuous Engagement & Improvement
Imperatives and Opportunities

Recognize Fundamental Transformations Meet Challenges + Embrace Opportunities

DRIVE STRATEGIC OUTCOMES

Security & Compliance Identity and Access Information Threat

Management Management Protection Protection
Gain end-to-end visibility Ensure only the right Protect documents, Thwart hackers and
into your organization’s people have access to your databases, and emails recover quickly if attacked
security and compliance + organizational systems against leaks, tampering,
manage policy centrally and destruction
 Identity & access
management

Information
protection

Built in
Threat
security Platform protection

Security
management
Microsoft Intelligent Security Graph Shared threat data
Unique insights, informed by trillions of signals from partners,
researchers, and law
OneDrive enforcement
Outlook
5B worldwide
threats
detected on
devices every
month
470B
emails 6.5T
analyzed
200+
threat signals
analyzed daily
global cloud consumer Botnet data from
and commercial Microsoft Digital
Windows
services Crimes Unit
Azure
Microsoft
accounts

Enterprise security Bing

for 90% of 18B+ Bing web

Fortune 500 pages scanned

1B+ Xbox Live 630B

monthly
Azure user authentications
accounts
Active in security and open source communities

Top contributor ~50% of IaaS VMs

to GitHub in in Azure run Linux
2016

Board Membership
Key Challenges and Strategic Opportunities
Identity-based attacks
Adopt identity-based protection
are up 300% this year

Information is your
Protect information wherever it goes
most attractive target

Attackers constantly
Detect attacks faster and automate response
evolving techniques

Most enterprises report using Use tools that integrate investigation

more than 60 security solutions experience and provide guidance
Security Operations Center (SOC) Software as a Service
Cybersecurity Reference Architecture
Microsoft Threat Experts Incident Response, Recovery, & CyberOps Services
April 2019 – https://aka.ms/MCRA | Video Recording | Strategies
Office 365
Azure Sentinel – Cloud Native SIEM and SOAR (Preview) Secure Score

Vuln Cloud App Azure Microsoft Office 365 Azure Customer Lockbox
Security This is interactive! Roadmaps and Guidance
Mgmt Security Center Defender

Advanced Threat Protection (ATP) 1. Present Slide 1. Securing Privileged Access

Dynamics 365
MSSP
2. Hover for Description
2. Office 365 Security
Identity & Access
Graph Security API – 3rd Party Integration 3. Click for more information
3. Rapid Cyberattacks ( Information Protection Azure Active
Wannacrypt/Petya) Directory
Alert & Log Integration

Conditional Access – Identity Perimeter Management

Clients Hybrid Cloud Infrastructure
Cloud App Security Azure AD Identity
Unmanaged & On Premises Datacenter(s) 3rd party IaaS Microsoft Protection
Azure Information Leaked cred protection
Mobile Devices Azure Protection (AIP) Behavioral Analytics
Azure Security Center – Cross Platform Visibility, Protection, and Threat Detection Configuration Hygiene

Classification Labels
Discover
Just in Time VM Access Classify Azure AD PIM
Azure Security Adaptive App Control Protect
NGFW Multi-Factor
Intune MDM/MAM Firewall Appliances Monitor
Extranet

Authentication
Edge DLP Hold Your Own Key (HYOK)
Azure Policy Azure AD B2B
Managed Clients SSL Proxy
AIP Scanner Azure AD B2C
IPS/IDS Azure Key Vault
Express Route Azure WAF Hello for Business
System Center Windows Server 2019 Security Azure Antimalware Office 365 MIM PAM
Configuration Manager
Intranet Servers

Window 10 + Just Enough Admin, Hyper-V Containers, Nano server, and more… • Data Loss Protection
Application & Network • Data Governance
Microsoft Defender ATP Security Groups Azure ATP
Shielded VMs • eDiscovery
VMs
Backup & Site
Azure Stack
Recovery Azure SQL Active Directory
Secure Threat Threat Detection
Privileged Access Workstations (PAWs) Disk & Storage
Score Analytics SQL Encryption & ESAE Admin Forest
Encryption
Data Masking
Confidential
Windows 10 Enterprise Security Included Azure SQL Info
IoT and Operational Technology Computing
with Azure Protection
Network protection App control (VMs/etc.) DDoS attack
Credential protection Isolation
Windows 10 IoT IoT Security Maturity Model Premium Mitigation+Monitor Microsoft Defender ATP
Exploit protection Antivirus
Reputation analysis Behavior monitoring Security
Full Disk Encryption Azure IoT Security Azure Sphere IoT Security Architecture Feature
Attack surface Compliance Manager
reduction
S Mode
Security Development Lifecycle (SDL)
Trust Center Intelligent Security Graph
 Identity and Access Management
CHALLENGES MICROSOFT’S APPROACH Azure Active Directory

• PRODUCTIVITY WHILE Enable easy and secure Azure AD Identity

Hello for Business Protection
SECURING against passwordless authentication with Leaked cred protection
biometrics Multi-Factor Behavioral Analytics
Authentication
• Phishing + password • …while protecting passwords today
spray attacks
Conditional Access based on Conditional Access Intelligent Security Graph

• Compromised devices intelligence, device state, behavior,

& accounts and MFA
IDENTITY PARTNERS DEVICES (via Intune/EDR)

• LATERAL TRAVERSAL Guidance and Technology for Azure AD PIM Roadmaps and Guidance
ATTACKS using Credential Theft Securing Privileged Access (SPA) Privileged Access Workstations (PAWs) 1. Securing Privileged Access
2. Office 365 Security
Advanced credential theft attack MIM PAM
3. Rapid Cyberattacks (
detection with Azure ATP Azure ATP Wannacrypt/Petya)

• 3RD PARTY ACCOUNT RISK Move 3rd party accounts to Azure AD B2B
B2B/B2C solutions to lower risk
and increase productivity Azure AD B2C
Security Operations Center (SOC)
CHALLENGES MICROSOFT’S APPROACH
• Legacy model results in Assist with Incident Response and
wasted security expertise Recovery as well as proactively
• Analyst Overload - too hunting for adversaries
many false positives Cloud-native SIEM+SOAR for
• Poor Investigation simplifying advanced detection, Security Operations Center (SOC)
Workflow investigation, and remediation Microsoft Threat Experts Incident Response, Recovery, and Hunting Services

• Manual integration for Integrated investigation Security Information and Event

Azure Sentinel Management
– Cloud (SIEM)
Native SIEM Analytics/Automation
and SOAR (Preview)
tools and threat intelligence experience across all assets include Vuln Cloud App Azure Windows Office 365 Azure
• Constantly evaluating deep visibility into Windows/Linux/ Mgmt Security Security Center Defender

Advanced Threat Protection (ATP)

products Mac desktops and servers, Office MSSP

365, Active Directory, and Azure Graph Security API – 3rd Party Integration
Tenants. Alert & Log Integration

Integrate existing SOC tools and

Microsoft capabilities with Graph
Security API and Log Integration
Intelligent Security Graph provides
integrated intelligence for
detection

Intelligent Security Graph

Clients - PC and Mobile Devices
Conditional Access Azure Security Center

CHALLENGES
• Manage risk, health, and compliance Clients

across broad spectrum of device platforms Unmanaged &

Mobile Devices
and ownership (BYOD, Corporate Devices,
Macs, Unmanaged and Mobile Devices) MICROSOFT’S APPROACH
• Provide secure managed PCs through Cross platform security and management Intune MDM/MAM

lifecycle (identify, protect, detect, (Windows, Linux, Mac,

respond, recover) iOS, and Android)
Managed Clients

Endpoint protection platform (EPP)

System Center
• Leading capabilities for next generation Configuration Manager

antivirus (as recognized in industry tests), Windows Defender ATP

exploit & network protection, behavior

monitoring, application control, and Secure Threat

isolation Score Analytics

• IT configuration management, policy Windows 10 Enterprise Security

enforcement and conditional access

Network protection App control
Credential protection Isolation
Exploit protection Antivirus

• Security administration with compliance,

Reputation analysis Behavior monitoring
Full Disk Encryption
Attack surface
threat analytics, and secure score reduction
S Mode

Integrated Endpoint detection and

response (EDR) post-breach detection,
Hybrid Cloud Infrastructure
CHALLENGES
Hybrid Cloud Infrastructure
On Premises Datacenter(s) 3rd party IaaS Microsoft
• Limited experience and Azure
toolsets for securing MICROSOFT’S Azure Security Center – Cross Platform Threat Protection and Threat Detection Configuration Hygiene
Just in Time VM Access
hybrid architecture and APPROACH NGFW Security Adaptive App Control
Platform as a Service Appliances

Extranet
• Critical Risks - Privilege Cross-Platform and Edge DLP
Azure Policy
Cross-Cloud – security SSL Proxy
management and IPS Azure Key Vault
capabilities
security hygiene critical Express Route
Azure WAF
to enable visibility and
for cloud workloads Windows Server 2016 Security
control Azure Antimalware

Intranet Servers
Window 10 + Just Enough Admin, Hyper-V Containers, Nano server, and more…
Application & Network
Deep Azure Defenses – Shielded VMs Security Groups
VMs
Integrated with platform Azure Stack
Backup & Site
Recovery
to secure Azure
Disk & Storage
workloads, assess Privileged Access Workstations (PAWs)
Encryption
compliance Confidential
Computing
On Premises security Included with DDoS attack
investments to modernize Azure (VMs/etc.)
Premium Security
Mitigation+Monitor
security and leverage Feature

cloud learnings +
Security Development Lifecycle (SDL)
technology
Compliance Manager
Marketplace – Integrate
existing capabilities and
skills
Privilege Management –
Protect against high
Software as a Service (SaaS)
CHALLENGES MICROSOFT’S APPROACH Software as a Service

Office 365
• Governance, Risk, and Platform Security – Deep investments in physical security, Red/Blue
Compliance challenges of Teams, encryption, privileged access, & more
sprawling SaaS estate Dynamics 365
and unsanctioned shadow IT

• Security Operations Center Manage Shadow IT Risk – CAS enables you to discover,
(SOC) requires visibility into SaaS assess, approve, and manage SaaS (via API +Proxy)
activities and threats Cloud App Security
SOC Enablement – Microsoft Cloud App Security (CAS)
provides anomaly detection, alerting, and SIEM integration Office 365
• Office 365 ATP provides advanced security (sandbox Advanced Threat Protection (ATP)
detonation, etc.) for email, SharePoint, Teams, and more
Office 365
• Threat Intelligence provides analytics on attack Security &
Compliance
trends for your tenant and your industry

Roadmaps and Guidance

Office 365 Guidance – Security Roadmap + Secure Score 1. Securing Privileged Access
Secure Score
recommendations guide you through security journey 2. Office 365 Security
3. Rapid Cyberattacks(Wannacrypt/Petya)

Compliance – GDPR and NIST compliance visibility on Office 365 Compliance Manager
and Dynamics 365 with Compliance Manager

Information Protection – CAS integration with Azure Information Protection to

discover + protect data Customer Lockbox
• Customer Lockbox to provide final control of access to data by Microsoft personnel
IoT and Operational Technology
Significant potential value and security/privacy risks

CHALLENGES IoT and Operational Technology

• End to end approach required for Windows 10 IoT IoT Security Maturity Model
effective IoT security
• Large brownfield of existing devices IoT Security Solutions Azure Sphere IoT Security Architecture

to manage and secure

Security Development Lifecycle (SDL)
• ~9 Billion new microcontroller
devices shipping every year
for a wide range of IoT devices from MICROSOFT’S
low power crop sensors to powerful APPROACH
devices for point of sale (POS)
Secure a wide range of HW platforms
in partnership with silicon partners,
OEMs, and suppliers (for Edge and IoT
devices). Enable both brownfield and
greenfield devices to achieve higher
levels of security
Support wide range of platforms
including Linux, Windows and RTOS with
open source SDKs in many languages
Provide security monitoring, alerts
and mitigation from the device to the
cloud application using Azure Security
Center for a wide range of IoT devices
and solutions
Information Protection
Information Protection

CHALLENGES Conditional Access

Edge DLP
• Information Protection and Data MICROSOFT’S APPROACH Cloud App Security
Governance Strategy
Broad Coverage for structured and
• Label, track, and show data loss or Office 365 DLP
unstructured data across formats,
manipulation of a file.  
cloud, & devices Azure Information
• Implement corporate policies to Protection (AIP)
Full Information Lifecycle Discover

Classification Labels
protect different levels of sensitive Classify
data • DISCOVER existing and newly Protect
created sensitive data Monitor
• Protecting sensitive information
• CLASSIFY automatically + user Hold Your Own
• Challenging to discover and classify Key (HYOK)
control (based on policy), integration
data across mobile devices, SaaS,
with DLP AIP Scanner
cloud infrastructure, and on-premises
• PROTECT the data itself, not just
• Need full lifecycle data protection for
storage or network locations Azure SQL
identified data
Threat Detection
• MONITOR and revocation
SQL Encryption &
capabilities for security and Data Masking
compliance Azure SQL Info
Protection

Endpoint DLP
 Next steps
CISO WORKSHOP NEXT STEPS

Your
Your strategy
strategy Recommended
Recommended strategies
strategies
and
and priorities
priorities and
and capabilities
capabilities

Build
Build plan
plan to
to work
work together
together Identify participants

Choose engagement style

ENGAGEMENT STYLES

Single Day Topic by Topic

More Effective Slower, but Easier to Schedule All Attendees

Your priorities
Suggested Stakeholders / Attendees
ALL SESSIONS
• CISO (at least intro/closing) • Security Architect(s)

SECURITY MANAGEMENT IDENTITY & ACCESS MANAGEMENT

• Vulnerability Management • Identity Security Architects
• Compliance and Policy Monitoring/Enforcement • Identity Architects
• Legal/Compliance Officer • Identity Operations Teams
• Collaboration/Productivity Lead

INFORMATION PROTECTION THREAT PROTECTION

• Information Protection Architect/Engineer IDENTIFY-PROTECT
• Collaboration/Productivity Lead • Network Security Engineer
• Data Protection Officer • Network & Server Architect/Engineer
• Chief Privacy Officer • Endpoint Security Engineer
• Endpoint Engineer
DETECT-RESPOND-RECOVER
• SOC Analyst
• SOC Manager
TYPICAL ORGANIZATIONAL MEMBERSHIP
• Security Organization • Threat Intelligence Lead
• Partner within Organization
Next steps
Schedule a workshop
Build a plan to work together:

Review your strategy and priorities

Review Microsoft’s recommended strategies and capabilities

What are your top 3-5 strategic priorities?

1.
2.
3.
4.
5.
© 2018 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be
registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft
Corporation as of the date of this presentation.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS

PRESENTATION.
 “The
“The problem
problem withwith CISOs,
CISOs, and
and thethe
entire
entire cyber
cyber security
security field
field for
for that
that
matter,
matter, isis that
that you
you keep
keep asking
asking forfor
Un-Named
CFO more
more money
money andand resources
resources but but
can’t
can’t guarantee
guarantee or or even
even articulate
articulate
what
what I’m
I’m buying.”
buying.”
 Cyber Resiliency
Aligned - Align and Integrate cybersecurity with business strategy, processes, and initiatives

Mindset Cloud Hygiene

Adopt a mindset that assumes Use cloud technologies to Lower overall risk by
compromise and focuses on:
•Tap into community 1.Identify well-known risks
•Raising attacker costs resources and knowledge 2.Steadily burn down list
•Rapid response/recovery •Accelerate innovation
(security and productivity)

Key Measures of Success

Cost of Attack Mean Time To Remediation  (MTTR)
Three Major Forces in Digital Transformation
Adoption Speed impacts Benefit/Risk curve

INCREASE COMPETITIVE DECREASE

ADVANTAGE ORGANIZATIONAL RISK

REALIZE VALUE FROM INCREASED NEW CONTROLS AND

NEW TECHNOLOGY RISK FROM NEW APPROACHES
THREATS
Three Major Forces in Digital Transformation
Adoption Speed impacts Benefit/Risk curve

INCREASED
RISK FROM
NEW THREATS

NEW CONTROLS AND

REALIZE VALUE FROM
APPROACHES
NEW TECHNOLOGY
Machine Learning
Helps overcome human limitations using large datasets

1. Scales out Human Expertise

2. Shines a light in human blind spots

Microsoft Finance - Digital Transformation Areas

Financial Analysis Strategy Business Process Risk

& Reporting & Forecasting Automation Management

Revenue Reporting Financial Forecast Reconciliation Tax Processing

• Near Realtime • Predictive • Cost savings • Cost Savings
Financial Reporting Analysis • Time savings • Compliance with
• Scale to meet • Instant Insights • Improved Accuracy New tax rules
changing business • Broader and
Deeper Views
MINDSET CLOUD HYGIENE
Quick Primer on Security Culture

Deeply respect Deeply care Limited background Prevalent

truth and facts about keeping the in business/ ‘Underdog’ attitude
organization safe communications • Not involved early
• Many security people in business/risk
incorrectly assume/ decision process
accept accountability
• Strained relationship
with IT and Business
backgrounds
 Your enterprise in transformation
Requires a modern identity and access security perimeter
Cloud Technology

SaaS adoption

Modern Enterprise Perimeter

Infrastructure as a Service Platform as a Service

Internet of Things 1st class mobile experience

ENGAGE EMPOWER OPTIMIZE TRANSFORM

YOUR CUSTOMERS YOUR EMPLOYEES YOUR OPERATIONS YOUR PRODUCTS
Designing for Failure – The Mindshift
THEN NOW
Reliability: Resilience:
Designed not to fail Designed to recover quickly

Prevent: Assume Compromise:

Every possible attack Protect, detect, and respond along
attack phases
! ! !

! ! !
Ruin Their ROI
Changing the economics of cybersecurity
ATTACKERS: MICROSOFT:
MAXIMIZE RETURN ON INVESTMENT (ROI) SIMPLIFY ADVANCED CAPABILITIES
(return may be monetary/political/etc.)
DEFENDERS: across platforms, clouds, and IoT
RUIN ATTACKER ROI
by raising attack cost with protection
+ rapid response/recovery
COST OF
ATTACK

NATION STATE

SIMPLIFICATION
INTEGRATION
DEFENDER ORGANIZED CRIME
INTELLIGENCE
BUDGET
AMATEUR
ATTACKER RESOURCE LEVELS VARY

NOTE: Cost of attack is continuously changing with technical advancement + business model evolution
MINDSET CLOUD HYGIENE
Security Advantages of Cloud Era
TRADITIONAL APPROACH CLOUD-ENABLED SECURITY

Unique Business Value

Commodity Resources

Security
Securityisisaachallenging
challengingand
andunder-resourced
under-resourcedfunction
function Cloud
CloudTechnology
Technologyenables
enablessecurity
securityto:
to:
Satisfied responsibility Unmet responsibility Shift commodity responsibilities to provider and re-allocate
your resources
Partially met responsibility Cloud Provider
responsibility Leverage cloud-based security capabilities for more effectiveness
(Trust but verify)
Use Cloud intelligence improve detection/response/time
Real world example – Dofoil / Smoke Loader
Protection in milliseconds

ML
Local ML models, behavior-based detection algorithms,
Just before noon, behavior-based

t
generics, heuristics

en
algorithms detected a massive campaign

Cli
Metadata-based ML models Protection in milliseconds
Most components of the attack were blocked
at first sight by metadata-based ML models

L M
Sample analysis-based
ML models Protection in seconds

ud
Additional Protection was provided by sample
Clo analysis-based ML models for some components
Detonation-
based
ML models
On March 6, Windows Defender Antivirus blocked more
than 400,000 instances of several sophisticated trojans
http://aka.ms/dofoil
Big data
analytics
Other recent cases: Emotet | Bad Rabbit
MINDSET CLOUD HYGIENE
Hygiene

Hygiene is critically important, but very difficult

Executive support needed to spend time/money to reduce
“Black Swan Nest” of risk

Start with established guidance

NIST, Center For Internet Security (CIS),
Microsoft, and DHS have built a clear
prioritized roadmap to start with
https://aka.ms/CyberHygiene
Resiliency call to action
Getting to cybersecurity resiliency

Hit Refresh on security mindset, adopt “assume compromise”

 Incidents happen, but you must manage them well and learn from them

Adopt Cloud Rapidly (especially for security) Our

OurIncident
IncidentLearnings
Learnings
http://aka.ms/IRRG
 Increase agility and community connection http://aka.ms/IRRG

Focus on hygiene efforts Hygiene

HygieneRecommendations
Recommendations
https://aka.ms/CyberHygiene
https://aka.ms/CyberHygiene
 Clean up lingering technical debt

Security
SecurityROI
ROIand
andCost
Costof
ofAttack
Measure Security Success better Attack
https://youtu.be/maQh35MdFKY
https://youtu.be/maQh35MdFKY
 Cost of attack
 Mean time to remediation
References
Additional Resources
Microsoft Security Blog
https://www.microsoft.com/security/blog

Security Intelligence Report

www.microsoft.com/sir

Whitepaper - Microsoft as a Trusted Advisor and Partner on Cyber Resilience

https://info.microsoft.com/MicrosoftasaTrustedAdvisorandPartneronCyberResilience-Registration.html

Virtual Security Summit (Recorded)

https://buildazure.com/2018/02/16/microsoft-virtual-security-summit-2018/

Microsoft Secure Score

https://www.cisecurity.org/benchmark/azure/

Compliance Manager
https://aka.ms/ComplianceManager

Secure DevOps Toolkit

Documents | Download
Microsoft Finance Digital Transformation

Revenue Reporting
• https://www.microsoft.com/itshowcase/Article/Content/895/Redesigning-our-revenue-reporting-system-for-cloud-architecture

• https://www.microsoft.com/itshowcase/Article/Content/933/Microsoft-reinvents-sales-processing-and-financial-reporting-with-Azure

Tax
• https://www.microsoft.com/itshowcase/Article/Content/759/Microsoft-IT-builds-a-big-data-tax-solution-for-Finance-with-Azure

Forecast
• https://www.microsoft.com/itshowcase/Article/Content/771/Using-predictive-analytics-to-improve-financial-forecasting

• https://www.microsoft.com/itshowcase/Article/Content/770/Predictive-analytics-improves-the-accuracy-of-forecasted-sales-revenue
TRUST BUT VERIFY
Carefully select & monitor cloud providers
Carefully select & monitor cloud providers
Ensure cloud providers (large or small) provide assurances you need

Compliance Alignment Security and Privacy

• Compliant- Meet all • Business Model - Does provider • Responsible - Execute well on security
compliance and data compete with our organization? best practices? (physical security,
sovereignty requirements? E.g. (Retail, Advertising, patching, backups, secure coding
(including yearly 3rd party industry services) practices, etc.)
reviews) • Data Ownership/Mining – Does • Responsive/Proactive - Rapidly
• Assistance - Does provider provider (or partners / underlying correct security issues & notify me of
invest in helping my cloud provider) mine our data or breaches affecting my data? Help me
organization meet our our customers data? with my security challenges?
compliance needs? • Resolute - Reject non-binding
• Self-service artifacts & If so, for what purpose? requests to disclose personal and other
documentation Product Improvement? data?
Advertising?
• Assessment & • Transparent - Will provider tell me
Other line of business?
Reporting tools where my data is stored, who has
access to it, and why?
“Businesses and users are going
to embrace technology only if
they can trust it.”
Satya Nadella
Chief Executive Officer, Microsoft Corporation
Critical Hygiene = Technical Debt to Pay Off
Cloud can speed this up, but some hard work must be done
“NEW”
“NEW”ELEMENT
ELEMENT INCREASE
INCREASEPRIORITY
PRIORITY INCREASE
INCREASEPRIORITY
PRIORITY INCREASE
INCREASEPRIORITY
PRIORITY
••Credential
Credentialtheft
theft ••Backups
Backups ••Patching
Patching ••Web app security
Web app security
••File
Filepermissions
permissions ••Retire
Retireold
oldprotocols
protocols ••Performance
Performancemonitoring
monitoring

Auditors Targeted data theft Ransomware Destruction Cryptominers ???...

(& phishing, (Rapid cyberattacks)
SPAM, botnet)

New monetization models just reshuffle priorities of same old hygiene debt
Microsoft Investments into Critical Hygiene

CROSS-INDUSTRY PARTNERSHIPS PLATFORM INVESTMENTS

 Critical Cybersecurity Hygiene:
Patching

CIS, DHS, Microsoft, and NIST

68
Security Must Meet Dual Challenges

Innovation
Adapt to new threats and
cybersecurity capabilities

Hygiene
Prioritize, Implement, and Sustain
well-established best practices

69 Image from https://upload.wikimedia.org/wikipedia/it/0/04/30-31_Cygni.jpg

Current Hygiene Landscape
• Important - Small number of hygiene root causes contribute to many security
incidents (massive impact events, data breaches, malware infections, etc.)
– Applying security hygiene practices make it harder for attackers to succeed and reduces
risk of damage (both likelihood and impact)
• Difficult - How, when, and what to patch can be difficult decisions for any
organization
– Patching is often resource-intensive, and the act of applying patches can reduce system
and service availability
– Delays in patch deployment create a larger window of opportunity for attackers
– Existing tools are insufficient for many environments and situations

70
cyberhygiene@nist.gov
 Increase cybersecurity ecosystem resiliency by
Purpose engaging in activities that help organizations rapidly
and effectively improve security hygiene.

• What to do first? – Prioritized 30-90-beyond roadmaps

Current that help organizations get started with key initiatives
Approach • How to be successful End-to-end? – Discover and
(Focused on
Implementation and Planning)
overcome common obstacles (e.g. stakeholder buy-in,
success criteria, architecture/tool gaps, processes, etc.)
• Connect to Existing Standards – Connect initiatives to
existing standards of good security hygiene

cyberhygiene@nist.gov
Workgroup Progress To Date (May 2018)

UPDATE + ENDORSE RECOMMENDATIONS END TO END GUIDANCE FOR

AT HTTP://AKA.MS/RAPIDATTACK PATCHING PROCESS/TOOLS
(COMPLETE) (SEEKING INPUT AND FEEDBACK ON PLAN)

72
cyberhygiene@nist.gov
Summary of Key Recommendations
Measures that directly impact the known attack playbook https://aka.ms/rapidattack

Quick wins: 0-30 Days 1 Create destruction-resistant backups of your critical systems and data
2 Immediately deploy critical security updates for OS, browser, & email
DIRECT ATTACK MITIGATION
RAPID ENABLEMENT
3 Isolate (or retire) computers that cannot be updated and patched
4 Implement advanced e-mail and browser protections
5 Enable host anti-malware and network defenses get near-realtime
blocking responses from cloud (if available in your solution)
6 Implement unique local administrator passwords on all systems
7 Separate and protect privileged accounts

Less than 90 Days 1 Validate your backups using standard restore procedures and tools
2 Discover and reduce broad permissions on file repositories
DIRECT ATTACK MITIGATION
LONGER ENABLEMENT
3 Rapidly deploy all critical security updates
4 Disable unneeded legacy protocols
Next Quarter + Beyond 5 Stay current – Run only current versions of operating systems and apps
NIST National Cybersecurity Center of Excellence (NCCoE)

Accelerate adoption of secure

technologies: collaborate with
innovators to provide real-world,
standards-based cybersecurity
capabilities that address business needs
Engagement & Business Model

DEFINE ASSEMBLE BUILD ADVOCATE

OUTCOME: OUTCOME: OUTCOME:

OUTCOME:
Define a scope of Build a practical, Advocate adoption
Assemble teams of industry
work with industry to usable, repeatable of the example
orgs, govt agencies, and
solve a pressing implementation implementation
academic institutions to
cybersecurity to address the using the practice
address all aspects of the
challenge cybersecurity guide
cybersecurity challenge
challenge

75
CyberHygiene@NIST.gov
• Share your thoughts and feedback
– Organization - How your patch mitigation program works
• Acquisition requirements for vendors
• Patch Deployment processes (stages, speed, criteria)
• Isolation strategies (for unpatchable assets like aging OT/ICS/SCADA/etc.)
• Other insights
– Security Vendor
• Interested in participation in NCCoE lab testing

76
cyberhygiene@nist.gov