Microsoft Networking Academy · Microsoft Networking Academy ... •Quick overview or what’snew this week ... (1) Security Management Process •164.308(a)(6) ...

Microsoft Networking Academywith the C+E Global Black Belts

Olivier Martin (@omartin) – Networking TSP GBB

Kevin Lopez (@kevlopez) – ER Partner Sales Executive GBB

Jaime Schmidtke (@jaimesc) – ER Partner Sales Executive GBB

Eddie Villalba (@edvilla) – Networking and Open Source TSP GBB

Bryan Woodworth (@brwoodwo) – Networking TSP GBB

Before we get started

• Welcome customers and partners!!!

• Material is public information No NDA info here.

• Use the IM window for questions.

• Sessions are recorded and posted here :

https://aka.ms/mna

• Introductory Sessions (200 level)• Quick overview or what’s new this week (5-10 minutes)

• Partner Spotlight of the week (35-45 minutes)

• Q&A (10 minutes)

• Deep Dive Sessions (300-400 level)• Short introduction (5 minutes)

• Deeper dive topic of the week (35-45 minutes)

• Q&A (10 minutes)

• Email [email protected] to receive detailed schedules for upcoming sessions!

• Available on Channel 9!

Microsoft Networking Academy

• Intro – Networking from 0-60

• Partner Spotlight – Full Stack Security for Azure with Alert Logic

• Ask the Experts Q&A

Agenda for April 28th, 2017 – Episode #7

Atlanta

Chicago

Los Angeles

Seattle

Silicon Valley Washington DC

AmsterdamDublin

London

Sao Paulo

Chennai

Hong Kong

Mumbai

Melbourne

Osaka

Singapore

Sydney

TokyoLas Vegas

TorontoMontreal

Quebec City

New York City

Dallas

Newport, WalesParis Beijing

Shanghai

Berlin

Frankfurt

Dallas

Washington DC

New York

Chicago

US Government

Germany

China

Azure Active Directory

Azure subscription

Azure subscription

Azure subscription

AccessControl

AccessControl

AccessControl

Virtual Network Virtual Network Virtual NetworkVirtual Network

FW FW

IIS IIS

SQL

IIS IIS

SQL

FW FW

IIS IIS

SQL

FW FW

IIS IIS

SQLExpressRoute ExpressRoute

Internet Internet Internet Internet

Azure load balancer

Azure load balancer

Azure load balancer

Azure load balancer

Azure load balancer

Azure load balancer

Azure load balancer

Partner SpotlightAlert Logic

ALERT LOGIC SOLUTIONS FOR AZURE

Vince Bryant, MS Partner Development Manager

Peter Baumbach, Solutions Engineer

Jason Giddens, Manager, Solutions Engineering

We protect cloud workloads & web applications

• Full-stack security

• Integrated analytics & experts

• Built for cloud

• Cost-effective outcomes

ASSESS

BLOCK COMPLY

DETECT

FULLY-MANAGED SECURITY, DELIVERED AS A SERVICE

Data

CenterHosting

Cloud has disrupted traditional security

DEPLOYMENT & MANAGEMENT PERFORMANCE & OPERATIONSCUSTOMER APPLICATION

REQUIREMENTS

TR

AD

ITIO

NA

L

SE

CU

RIT

Y

CL

OU

D

DR

IVE

RS

SLOW, COMPLEX

CONFIGURATIONS

AGILITY & AUTOMATION HYPER-SCALABILITY PRIORITY: WEB APPLICATIONS

SCALING CHOKEPOINTSPOOR DETECTION OF

WEB APP ATTACKS

vs vs vs

1

49

56

86

125

155

172

197

525

908

Denial of Service

Crimeware

Physical Theft / Loss

Payment Card Skimmers

Everything Else

Cyber-espionage

Privilege Misuse

Miscellaneous Errors

POS Intrusions

Web App Attacks

Security risk is shifting to unprotected web applications

Web app attacks are now the #1

source of data breaches

But less than 5% of data center security

budgets are spent on app security

Source: Verizon

UP 500% SINCE 2014

$23 to $1

Percentage of Breaches

10% 20% 30% 40%

Source: Gartner

Web App Attacks

Application protection is the customer’s responsibility

The first step to securing cloud workloads

is understanding the shared responsibility

model

Microsoft will secure most of the

underlying infrastructure, including the

physical access to the datacenters, the

servers and hypervisors, and parts of the

networking infrastructure…but the

customer is responsible for the rest.

Taken from the Shared Responsibility for Cloud Computing whitepaper, published by Microsoft in March 2016

Alert Logic helps protect across the entire stack

• Security Monitoring

• Log Analysis

• Vulnerability Scanning

• Network Threat Detection

• Security Monitoring

• Logical Network Segmentation

• Perimeter Security Services

• External DDOS, spoofing, and

scanning monitored

• Hypervisor Management

• System Image Library

• Root Access for Customers

• Managed Patching (PaaS, not IaaS)

• Web Application Firewall

• Vulnerability Scanning

• Secure Coding and Best Practices

• Software and Virtual Patching

• Configuration Management

• Access Management

(inc. Multi-factor Authentication)

• Application level attack monitoring

• Access Management

• Configuration Hardening

• Patch Management

• TLS/SSL Encryption

• Network Security

Configuration

CUSTOMER ALERT LOGICMICROSOFT

Web Apps

Server-side Apps

App Frameworks

Dev Platforms

Server OS

Hypervisor

Hardware

Databases

SaaS Technology

Web Security

Manager

Log

Manager

Threat

Manager

Web App

Attacks

OWASP

Top 10

Platform /

Library

Attacks

System /

Network

Attacks

Cloud Defender delivers full stack security, experts included

Cloud Defender Active Watch

Managed SecurityYour App Stack

Signatures &

Rules

Anomaly

Detection

Machine

Learning

Threat Intelligence

Security Research

Data Science

Security Content

Security

Operations Center

Security

Analytics

Experts

Analysis

Continuous delivery of high value cost-effective outcomes

Continuous reporting on

vulnerabilities and configuration flaws

Incident escalation and

remediation guidance – within 15

minutes

Attack filtering logic tuned specifically

for each web app

Log security monitoring, daily

review and archival

Detect

Assess

Block

Comply

Examples of outcomes we deliver

PROCESS

ANALYTICS

EXPERTS

TECHNOLOGY

HOW IT WORKS:

Alert Logic Threat Manager for 3 Tier Application Stack + Azure SQL

VNET

RESOURCE GROUP

Alert Logic

Web Traffic

Threat Manager

Appliance

AutoScale AutoScale Azure SQL

Database

Tier

Azure Storage

Table

SQL Logs

Application Tier

VM ScaleSets

Web Tier

VM ScaleSetsApplication

Gateway

VM

3-Tier applications using VMs only

VNET

RESOURCE GROUP

Web Traffic

Customer B

Alert Logic

Threat Manager

Appliance

VM

AutoScale

Application Tier

VM ScaleSets

AutoScale

Web Tier

VM ScaleSetsDatabase Tier

SQL VM

AvailabilitySets

VNET

RESOURCE GROUP

AutoScale

Application Tier

VM ScaleSets

AutoScale

Web Tier

VM ScaleSetsDatabase Tier

SQL VM

AvailabilitySets

Web Traffic

Customer A

ARM Template automate appliance deployments

https://github.com/alertlogic/al-arm-templates

Agents can be baked into VM images, or automatically installed using DevOps

toolsets

https://supermarket.chef.io/cookbooks/al_agents

Azure Activity Logs identify IOCs at the subscription level

https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-partners

These logs can show changes to NSG

configurations or privilege escalation

DEMOS

How can I find out more?

• Check out our website, and request a demo –www.alertlogic.com/azure

• Attend our webinar on June 7th -https://www.brighttalk.com/channel/11587/cloud-security-and-compliance

• Sign up for our weekly threat report -https://www.alertlogic.com/resources/threat-reports/

Thank you.

We scan the entire stack for vulnerabilities and config errors

Web Apps

Server-side Apps

App Frameworks

Dev Platforms

Server OS

Hypervisor

Databases

Our coverage is

prioritized by

applications and

workloads

running in the

cloud

Alert Logic is security built for the cloud

Prevent, detect and stop threats across your full app & infra stack

Add expert protection without adding staff or building SOC

Eliminate chokepoints in app production with security built for cloud

Expand capabilities quickly with modular services

Focus on actionable detail with expert verification and prioritization

Affordable advanced protection from 13 cents / hour / host

Incident identification and notification

ALERT LOGIC

CLOUD

Incident notification

Alert Logic

SOC

Customer / Partner

SecOps Team

ATTACK

CONSOLE

AWS

Azure

On-prem

CONSOLE

We can either work with your customer directly, or your teams if

you are managing the environment on behalf of the customer

Alert Logic – a Leader in Forrester’s 2016 NA MSSP WAVETM

“Alert Logic has a head start in the cloud, and it shows.

Alert Logic is an excellent fit for clients looking to secure their current or planned cloud migrations, clients requiring a provider than can span seamlessly between hybrid architectures, and those that demand strong API capabilities for integrations.”

- Forrester WAVETM Report

Addressing Customers with Compliance Requirements

Alert Logic

Solution PCI DSS SOX HIPAA & HITECH

Alert Logic

Web Security

Manager™

• 6.5.d Have processes in place to protect applications from

common vulnerabilities such as injection flaws, buffer

overflows and others

• 6.6 Address new threats and vulnerabilities on an ongoing

basis by installing a web application firewall in front of

public-facing web applications.

• DS 5.10 Network Security

• AI 3.2 Infrastructure resource

protection and availability

• 164.308(a)(1) Security Management

Process

• 164.308(a)(6) Security Incident

Procedures

Alert Logic

Log

Manager™

• 10.2 Automated audit trails

• 10.3 Capture audit trails

• 10.5 Secure logs

• 10.6 Review logs at least daily

• 10.7 Maintain logs online for three months

• 10.7 Retain audit trail for at least one year

• DS 5.5 Security Testing,

Surveillance and Monitoring

• 164.308 (a)(1)(ii)(D) Information

System Activity Review

• 164.308 (a)(6)(i) Login Monitoring

• 164.312 (b) Audit Controls

Alert Logic

Threat

Manager™

• 5.1.1 Monitor zero day attacks not covered by anti-virus

• 6.2 Identify newly discovered security vulnerabilities

• 11.2 Perform network vulnerability scans quarterly by an

ASV or after any significant network change

• 11.4 Maintain IDS/IPS to monitor and alert personnel; keep

engines up to date

• DS5.9 Malicious Software

Prevention, Detection and

Correction

• DS 5.6 Security Incident

Definition

• DS 5.10 Network Security

• 164.308 (a)(1)(ii)(A) Risk Analysis

• 164.308 (a)(1)(ii)(B) Risk Management

• 164.308 (a)(5)(ii)(B) Protection from

Malicious Software

• 164.308 (a)(6)(iii) Response &

Reporting

Alert Logic Security Operations Center providing Monitoring, Protection, and Reporting

Open Q&A

Thank you!Session recording will be posted shortly herehttp://aka.ms/MNA