REVOLUTION
TODAY, YOU ARE EXPERIENCING A
OF CYBER-THREATS
Wall Street Journal, JP Morgan, White House, Bushehr nuclear reactor, RSA, Microsoft, Google, Apple, Facebook, Sony, Target, Heartland ,EBay Heartland ICANN Home Depot
struggling
THE EVOLUTION OF ATTACKS
Volume and Impact
Script Kiddies
BLASTER, SLAMMER
Motive: Mischief
2003-2004
THE EVOLUTION OF ATTACKS
2005-PRESENT
Organized Crime
RANSOMWARE, CLICK-FRAUD,
IDENTITY THEFT
Motive: Profit
Script Kiddies
BLASTER, SLAMMER
Motive: Mischief
2003-2004
THE EVOLUTION OF ATTACKS
2005-PRESENT
Organized Crime
RANSOMWARE, CLICK-FRAUD,
IDENTITY THEFT
Motive: Profit
Script Kiddies
BLASTER, SLAMMER
Motive: Mischief
2012 - Beyond
Nation States, Activists,
Terror Groups
BRAZEN, COMPLEX,
PERSISTENT
Motives:IP Theft,Damage,
Disruption
2003-2004
“The [malware] sample with the Sony computer names in it was designed to systematically connect to each server on the list. ‘It contains a user name and password and a list of internal systems and it connects to each of them and wipes the hard drives.”
Sony Got Hacked
Hard: What We
Know and Don’t
Know So Far
KIM ZETTER
Wired
December 2, 2014
Source: Sony Got Hacked Hard: What We Know and Don’t Know So Far, Kim Zetter, Wired Magazine, December 3, 2014
SONY BREACH – EXTRAORDINARY DAMAGE
Source: Hackers Threaten Sony Employees in New Email: ‘Your Family Will Be in Danger’, Dave McNary, MSN, December 5, 2014. Image: G. Hodan
Sony Hackers
Threaten 9/11 Attack
on Movie Theaters
BRENT LANG
Variety
December 5, 2014
“The world will be full of fear, remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time.”
SONY BREACH – ADDING TERROR TO PLAYBOOK
ADDRESSING THE THREATS REQUIRES A NEW APPROACH:
Security from the inside out – beyond bigger walls
RUIN THE ATTACKERS ECONOMIC MODEL
BREAK THE ATTACK PLAYBOOK
ELIMINATE THE VECTORS OF ATTACK
Require
Data protection
Identity protection
Threat resistance
Device security
Protection against modern security threats
Secure hardware
Secure your identities
Secure yourdata
Device integrity maintained using UEFI Secure Boot
Trusted Platform Module (TPM) protects critical secrets
Biometrics sensors going mainstream on Windows
Virtualization base security (VBS) isolates sensitive Windows processes and data using
Secure Hardware
Virtualization based security powered by hardware
OS
CPU
Virtualization based security powered by hardware
OS VBS
Hyper-V
CPU with Virtualization Extensions
Protection against modern security threats
Secure hardware
Secure your identities
Secure your data
Shared secrets
shhh!
Easily mishandled or lost
(Hint: The user is the problem)
Easy to deploy two-factor password alternative
Breach, theft, and phish resistant credentials
Single sign-on experience
Convenient enterprise grade security for both enterprises and consumers
Supports PIN and biometric sign-in using Windows Hello
Microsoft Passport and Windows Hello
WINDOWS HELLO
Facial
Hello Chris
Fingerprint Iris
FIDO ALLIANCE
Example Board level members
Windows Hello Demo
Pass the Hash (PtH) attacks are the #1 go-to tool for hackers
Used in nearly every major breach and APT type of attack
Credential Guard uses VBS to isolate Windows authentication services and derived credentials
Fundamentally breaks delivered credential theft using MimiKatz, etc
Credential Guard
Cred Guard powered by Virtualization based security
Protection against modern security threats
Secure hardware
Secure your identities
Secure your data
2HIPPA Secure Now, “A look at the cost of healthcare data breaches,” Art Gross, March 30, 2012
Have accidentally sent sensitive information to the wrong person1
58%
…of senior managers admit to regularly uploading work files to a personal email or cloud account1
87%
Average per record cost of a data breach across all industries2
$240PER
RECORD
1Stroz Friedberg, “On The Pulse: Information Security In American Business,” 2013
DEVICE PROTECTION
DATA SEPARATION
LEAK PROTECTION
SHARING PROTECTION
DEVICE PROTECTION
BitLocker enhancements in Windows 8.1
InstantGo
3rd party adoption
Protect system and data when device is lost or stolen
Containment
Data separation
DATA SEPARATION
Prevent unauthorized users and apps from accessing and leaking data
LEAK PROTECTION
Protect data when shared with others, or shared outside of organizational devices and control
SHARING PROTECTION
DEVICE PROTECTION
DATA SEPARATION
LEAK PROTECTION
SHARING PROTECTION
DEVICE PROTECTION
BitLocker enhancements in Windows 8.1
InstantGo
3rd party adoption
DATA SEPARATION
LEAK PROTECTION
SHARING PROTECTION
BitLocker Enterprise data protection Rights Management Services
Protects data when a device is lost or stolen using full disk encryption
Provides single sign on and protection from cold boot attacks
Easy to deploy and manageable (via MBAM) at scale
Excellent integration, performance, and reliability
Submitted for Common Criteria and FIPS 140-2 certification. Will be supported for HIPPA, PCI DSS, etc scenarios
BitLocker data protection
Delivers user friendly corporate/personal data separation and containment
Ensures only trusted apps can access business data
Helps prevent accidental data leakage through copy and paste scenarios
Integrates with Microsoft Azure Right Management for secure roaming and sharing
Available on mobile and the desktop
Enterprise data protection
Protect information from unauthorized access—internal and external (Do Not Forward and Company Confidential, Office 365 Message Encryption)
Easy for users and easy for IT to enforce policies to improve data security
Protects SharePoint, Exchange, and Office document and can work cross platform
Microsoft Azure Rights Management
Bitlocker Demo
TODAYS CHALLENGE
APPS
Your security depends on a platform where:
APPS MUST EARN TRUST BEFORE USE
NEW APPROACHES WITH WINDOWS 10
Active Threat DetectionDevice State based
Condition Access
Next Generation
App Control
Next Generation App ControlSecure your devices with Device Guard
Provides next generation app control and
kernel mode protection
Uses signed policies to help prevent users and
malware with elevated privilege from
changing IT’s app control policies
Protects kernel mode processes and
drivers from zero days and vulnerabilities
using hardware enforced vulnerability
mitigations
Device Guard
Device Guard powered by Virtualization based security
OS VBS
Hyper-V
CPU with Virtualization Extensions
Cre
den
tial
Gu
ard
Devic
e
G
uard
Device Guard Code Integrity Demo
Windows 10 webinar series
Q&A Guidance
To facilitate discussion, please use this
format when posting questions:
“<First Name initials><Last
Name>_<number>: <question>”
Example:LJChiu_1: Who is Cortana?
QWang_1: Why is it Blue instead of Red?
LJ_Chiu_2: Who is Contoso?
Questions may not be answered in the
sequence by which it came in.
Click on the LOG IN button and sign in or
register through the pop-up Windows before
Q&A
Type the questions in the Chat Box
Please Sign in to Livestream to access Q&A function
A technical team will be helping with your questions
during the 1 hour webinar and for 30 minutes after.
1 2
3
Thank you!
These slides are provided for educational purposes only.
You are required to check on latest resources on what’s available and up to date information