CIO Summit - Academic Conferences Limited
Defending against modern threats Kruger National Park – ICCWS 2015 Herman Opperman (CISSP, nCSE, MCSE-Sec) - Architect, Cybersecurity Global Practice Microsoft Corporation Trends from the field Perimeter Security Trust All Internal DiD Cyber Strategy Assume Breach Host Data Physical Application PROACTIVE THREAT Network Governance Weaponization Delivery Exploitation REACTIVE Operations Reconnaissance Installation Command & Control Action on Objectives Microsoft SIR Vol. 17 The Security Intelligence Report (SIR) is an analysis of the current threat landscape based on data from over a billion systems worldwide. Featured Intelligence: • Securing account credentials • The challenge of expired security software • The Microsoft DCU and the legal side of fighting malware Worldwide threat assessment • Vulnerabilities • Exploits • Malware Source: microsoft.com/SIR CGP Portfolio Protect CYBERSECURITY STRATEGY SECURE PLATFORM SECURE ADMINISTRATION SECURE SOFTWARE DEVELOPMENT SYSTEMS MEMORY DEFENCE LONGTERM CYBERSECURITY ARHITECTURE ADVANCED PERSISTENT THREAT DETECTION Detect RESPONSE AND RECOVERY Respond PROACTIVE DISCOVERY FOR INDICATORS OR THREAT 4 Security Essentials Run Latest Microsoft & Third Party Products Implement Good Patch Management Practices Align Active Directory to Current Threat Environment Assess Threats & Countermeasures of IT Infrastructure and Operational Practices Implement Secure Software Development Practices * http://www.eweek.com/security/java-primary-cause-of-91-percent-of-attacks-cisco.html Thank you for your time. CGP Portfolio Microsoft Security Risk Assessment (MSRA) • Rapid review of customer’s IT security program, tailored to business and security needs • On-site, in-person interviews and technical examination to provide a comprehensive look at security technologies and operational practices • Examination of the program’s business foundations, including security goals, risk posture, and policies and standards Protect Enhanced Security Administration Environment (ESAE) • In addition to enforcing two-factor authentication for domain administrative accounts with smartcards, ESAE implements auditing and monitoring of high-impact administrative activity Privileged Administrator Workstation (PAW) Security Development Lifecycle Services (SDL) Focuses on protecting administrator credentials (Tier 1) by adding layer of protection to administrative workstations. • Customers learn and apply the secure software development practices Microsoft has developed and implemented internally • Reduces the number and severity of software vulnerabilities in a customer’s custom software solution Enhanced Mitigation Experience Toolkit (EMET ERS) Pilot deployment of (EMET) to including deployment of Enterprise Reporting Services and dashboard for all EMET mitigated events. Cybersecurity Architect (CSA) Detect Persistent Adversary Detection Service (PADS) Microsoft Threat Detection Service (MTDS) Microsoft offers the PADS service to proactively determine whether a system is under threat via a discreet incident response prior to an actual emergency and examines high value assets or a sample of systems for signs of advanced implants not typically found by commodity anti-virus or intrusion detection system technologies. Allows customers to detect errors and report them to check for malicious activity both in a hosted or On Premises solution. It also helps in deriving intelligence from the error reports to regulate and manage errors efficiently. Incident Response and Recovery (IR&R) Respond Microsoft offers the IR&R service to determine whether a system is under targeted exploitation via a discreet incident response engagement that examines high value assets or exploited systems for signs of advanced implants not typically found by commodity anti-virus or intrusion detection system technologies.
© Copyright 2024