GBS Security - WordPress.com
How we see malware introduced • Phishing • Targeted Phishing • Water hole • Download (software (+’free’), music, films, serialz) Domain.Local DC Attack Operator Client DomainAdmin Advise Protect Detect ENGAGE Respond Assessment, Education, Mitigations Security Assessments Workshops Active Directory Windows Securing Windows Client Web Servers Direct Sharepoint Access SQL Exchange Bitlocker and MBAM PKI Premier Security Advisor Securing Windows Server Right Forensics (english) Management Services Certificate Services Endpoint Protection Enterprise Auditing Mitigations POP Securing Lateral Account Movements POP EMET POP – Hardening AD Domain and DC Bulletin Advisor Microsoft Confidential Direct Access Microsoft Security Risk Assessment (MSRA) Protection for your most valuable assets and accounts to help prevent compromise from cyber-attacks Respond Security Development Lifecycle Services (SDL) Microsoft provides an assessment of your software assurance program, identifies enhancements, and delivers a roadmap to strengthen and mature your software development practices. Protect Detect Rapid review of customer’s IT security program, tailored to business and security needs On-site, in-person interviews and technical examination to provide a comprehensive look at security technologies and operational practices Examination of the program’s business foundations, including security goals, risk posture, and policies and standards Continuous monitoring of your network for attacks, vulnerabilities, and persistent threats Investigate and disrupt suspicious events to provide a diagnosis and potential mitigations Microsoft Threat Detection Service (MTDS) Allows customers to detect errors and report them to check for malicious activity. It also helps in deriving intelligence from the error reports to regulate and manage errors efficiently. Incident Response Enhanced Security Administration Environment (ESAE) & Privileged Administrator Workstation (PAW) The ESAE offering leverages advanced security technologies and recommended practices to provide administrative environments and workstations with enhanced security protection. EMET – Enterprise Reporting (EMET ERS) Pilot deployment of (EMET) to including deployment of Enterprise Reporting Services and dashboard for all EMET mitigated events. Persistent Adversary Detection Service (PADS) Proactively determine whether a system is under threat via a discreet incident response prior to an actual emergency and examines high value assets or a sample of systems for signs of advanced implants not typically found by commodity anti-virus or intrusion detection system technologies. Microsoft offers the IR&R service to determine whether a system is under targeted exploitation via a discreet incident response engagement that examines high value assets or exploited systems for signs of advanced implants not typically found by commodity anti-virus or intrusion detection system technologies. Our approach consists of the following strategic assessments to help assess the current environment and processes, and then deliver a roadmap for meeting business goals and objectives: Assessments The MSRA was developed by Microsoft to provide a Risk Assessment service to help customers manage risk in their complex enterprise environments. SDL is a software development process that helps customers build more secure software and address security compliance requirements while reducing development cost. The main recommendations concern credential hygiene, security monitoring, and configuration management. All three of these items should be done as quickly as possible because of the extreme risk of credential theft and of compromise to the CUSTOMER systems… 48 hours - The average time it takes to get Domain Administrator credentials once a single machine has been compromised within the environment. With 8.1/2012 R2 Features Production Domain(s) Enhanced Security Admin Environment (ESAE) Domain and Forest Administration Security Alerting Domain and Forest Application & Service Hardening Lateral Traversal Mitigations Server and System Management App and Data Management Helpdesk and Workstation Management User Assistance and Support Hardened Hosts and Accounts Privileged Account Workstation (PAW) Managed Access Request System (MARS) Protected Users Auth Policies and Silos RDP w/Restricted Admin EMET Production Pilot • Assist with your EMET Deployment to pilot group of workstations EMET ERS (Enterprise Reporting Services) Deployment and Configuration • • Provides a Dashboard roll-up view of EMET events Top 10 Machines; Hourly EMET mitigation events; Compliance Reports; Trending and Analysis Benefits: • • • All EMET Agents will act as a sensor on your network EMET ERS can be used to help speed tune EMET during your pilot and deployment and provide basic detection EMET will also work in conjunction with MTDS MTDS On premise MTDS Hosted Malware will normally cause applications or the whole operating system to crash. These crashes which include a memory dump can be collected and analysed. No agent required – simple configuration update to point error logs to a central collector. Can detect 0-day and custom unique malware code. Robust Security Reporting with Actionable Data Technologies Unique to Microsoft Unique malware database which is built up by the worlds largest sensor network Worldwide Sensor Network and Ecosystem Insight Respond - IR/PADS The Incident Response and Recovery Service (IR&R) is an offering for clients who are looking to investigate and disrupt today’s determined human adversaries and similar advanced actors who specialize in targeted exploitation . The service is an onsite, discreet incident response engagement that involves the examination of high value assets or known exploited systems for signs of advanced implants not typically found by commodity AV or IDS technologies. A team of Microsoft IR&R consultants travel to the customer site and perform analyses on the affected servers or endpoints as a starting point. The team utilizes a sophisticated toolset that leverage custom Microsoft capabilities including specialized detection tools, malware analysis, signature generation, and custom cyber intelligence. Typical period of performance is one work week at the customer site, but can be customized for large clients with multiple geographic sites or organizational components. What if I have a Cybersecurity Incident? For Incident Response, start using your existing Microsoft Premier Services agreement Any staff member who has been authorized with access to open Premier Support cases should do so with a “Severity A” classification for Cyber incidents. GBS Security Deep Remote Technical Support GBS First Responder Global Onsite Support within 24-hours or less Cybersecurity IR&R Team Onsite Security Incident Response Team Under attack IR&R Suspicious of an attack/needs detection PADS MTDS Cybersecurity strategy & approach MSRA, ADSA ESAE EMET-ERS SDL PAW Massive global telemetry Malicious Software Removal Tool • 700 millions monthly Bing • +18B pages scans per month Windows Defender • 250 millions Exchange Online • 35 billion messages scanned Digital Crimes Unit (CITP) Software and Services company Builds the software people relies on • Security Development Lifecycle • ISO/IEC 27034-1:2011 Operates major online and cloud services • Cloud Security Alliance Target for cyber attacks Unparalleled visibility into the threat environment • MSIT • ISRM internal experiences • ACE team • Global Foundation Services • Global Business Support Security Massimo Agrelli CyberSecurity Architect Microsoft Services – Cybersecurity Global Practice Massimo.Agrelli@Microsoft.com © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
© Copyright 2024