Defending against modern threats
Kruger National Park – ICCWS 2015
Herman Opperman (CISSP, nCSE, MCSE-Sec)
- Architect, Cybersecurity Global Practice
Microsoft Corporation
Trends from the field
Perimeter Security
Trust All Internal
DiD
Cyber Strategy
Assume Breach
Host
Data
Physical
Application
PROACTIVE
THREAT
Network
Governance
Weaponization
Delivery
Exploitation
REACTIVE
Operations
Reconnaissance
Installation
Command & Control
Action on Objectives
Microsoft SIR Vol. 17
The Security Intelligence Report (SIR) is an analysis
of the current threat landscape based on data from
over a billion systems worldwide.
Featured Intelligence:
• Securing account credentials
• The challenge of expired security software
• The Microsoft DCU and the legal side of fighting
malware
Worldwide threat assessment
• Vulnerabilities
• Exploits
• Malware
Source: microsoft.com/SIR
CGP Portfolio
Protect
CYBERSECURITY
STRATEGY
SECURE PLATFORM
SECURE ADMINISTRATION
SECURE SOFTWARE DEVELOPMENT
SYSTEMS MEMORY DEFENCE
LONGTERM CYBERSECURITY ARHITECTURE
ADVANCED PERSISTENT THREAT
DETECTION
Detect
RESPONSE AND RECOVERY
Respond
PROACTIVE DISCOVERY FOR
INDICATORS OR THREAT
4 Security Essentials
Run Latest Microsoft &
Third Party Products
Implement Good
Patch Management Practices
Align Active Directory
to Current Threat Environment
Assess Threats &
Countermeasures
of IT Infrastructure and
Operational Practices
Implement Secure Software
Development Practices
* http://www.eweek.com/security/java-primary-cause-of-91-percent-of-attacks-cisco.html
Thank you for your time.
CGP Portfolio
Microsoft Security Risk Assessment (MSRA)
• Rapid review of customer’s IT security program, tailored to business and security
needs
• On-site, in-person interviews and technical examination to provide a comprehensive
look at security technologies and operational practices
• Examination of the program’s business foundations, including security goals, risk
posture, and policies and standards
Protect
Enhanced Security Administration Environment (ESAE)
• In addition to enforcing two-factor authentication for domain administrative accounts
with smartcards, ESAE implements auditing and monitoring of high-impact administrative
activity
Privileged Administrator Workstation (PAW)
Security Development Lifecycle Services (SDL)
Focuses on protecting administrator credentials (Tier 1) by adding layer of protection to
administrative workstations.
• Customers learn and apply the secure software development practices Microsoft has
developed and implemented internally
• Reduces the number and severity of software vulnerabilities in a customer’s custom
software solution
Enhanced Mitigation Experience Toolkit (EMET ERS)
Pilot deployment of (EMET) to including deployment of Enterprise Reporting Services and dashboard for all EMET mitigated events.
Cybersecurity Architect (CSA)
Detect
Persistent Adversary Detection Service (PADS)
Microsoft Threat Detection Service (MTDS)
Microsoft offers the PADS service to proactively determine whether a system is under
threat via a discreet incident response prior to an actual emergency and examines high
value assets or a sample of systems for signs of advanced implants not typically found by
commodity anti-virus or intrusion detection system technologies.
Allows customers to detect errors and report them to check for malicious activity both in a
hosted or On Premises solution. It also helps in deriving intelligence from the error reports
to regulate and manage errors efficiently.
Incident Response and Recovery (IR&R)
Respond
Microsoft offers the IR&R service to determine whether a system is under targeted exploitation via a discreet incident response engagement that examines high value assets or exploited
systems for signs of advanced implants not typically found by commodity anti-virus or intrusion detection system technologies.