Windows 10 Identity And Security - Info.microsoft

Transcription

Windows 10Identity and Security

“CYBER SECURIT Y IS A CEO ISSUE.”-MCKINSEY 3.0TRILLIONImpact of lost productivityand growth 3.5MILLIONAverage cost of a data breach(15% YoY increase) 500Corporate liability coverage.CYBER THREATS ARE A M A T E R I A L R I S K TO YOUR BUSINESSSource: McKinsey, Ponemon Institute, VerizonMILLION

EVOLUTION OF ATTACKSMischiefFraud and TheftDamage and DisruptionScriptKiddiesOrganizedCrimeNations, Terror Groups,ActivistsUnsophisticatedMore sophisticatedVery sophisticated andwell resourced

RANSOMWARE

ANATOMY OF AN A TTA CKBrowser or Doc Exploit DeliveryENTERMalicious Attachment DeliveryPhishing AttacksUSERInternet Service CompromiseESTABLISHDEVICEBrowser or Doc Exploit ExecutionMalicious Attachment ExecutionStolen Credential UseKernel ExploitsKernel-mode MalwareEXPANDNETWORKPass-the-HashENDGAMEBUSINESS DISRUPTIONLOST PRODUCTIVITYDATA THEFTESPIONAGE, LOSS OF IPRANSOM

ANATOMY OF AN A TTA CK: STR ONTIUMPHISHINGUSERBrowser or Doc Exploit ExecutionDEVICEPASS-THE-HASHNETWORKENDGAMETheft of sensitive information, disruption of government.

ANATOMY OF AN A TTA CK: STR ONTIUMPHISHINGUSERBrowser or Doc Exploit ASS-THE-HASHNETWORKENDGAMETheft of sensitive information, disruption of government.

ANATOMYAN A TTACK: wser or Doc Exploit ExecutionDEVICEPASS-THE-HASHNETWORK runsExploitLand on exploit pageRedirected to legitimate pageENDGAMETheft of sensitive information, disruption of government.

THE WINDOWS 10 DEFENSE STACKPROTECT, DETECT & reach detectioninvestigation icecontrolSmartScreenWindowsBuilt-inHello2FA nGuardDeviceBitLockerprotectionand /DriveBitLockerencryptionto erMicrosoftDevice nProtectionConditional accessATPDevice GuardDevice ControlWindowsDevice DefenderGuardCredential GuardMicrosoft PassportSecurity policiesWindowsNetwork/FirewallDefenderWindows Hello :)

CAPABILITYGame changeThreatprotectionwithover time and SoftwareWindowsasa ServicesAttackers take advantage ofProtection Gapperiodsbetweenreleases ourDisrupt andout innovateadversaries by designTIMEPRODUCTRELEASETHREATSOPHISTICATION

Windows 7 Security otectionPRE-BREACHInformationprotectionBreach detectioninvestigation &responsePOST-BREACH

Windows 10 Security on Legacy or Modern Devices(Upgraded from Windows 7 or 32-bit Windows onPRE-BREACHInformationprotectionBreach detectioninvestigation &responsePOST-BREACH

Windows 10 Security on Modern Devices(Fresh Install or upgraded from 64-bit Windows 8 nPRE-BREACHInformationprotectionBreach detectioninvestigation &responsePOST-BREACH

THE WINDOWS 10 DEFENSE STACKPROTECT, DETECT & SmartScreenWindows Hello :)Windows FirewallCredential GuardBitLocker andBitLocker to GoDevice GuardMicrosoft EdgeDevice ControlDevice GuardSecurity policiesWindows DefenderWindowsInformationProtectionBreach detectioninvestigation &responseConditional AccessWindows DefenderATP

DEV ICE PROTECTIONSECURE ROOTS OF TRUSTDevice integrityCryptographic processingBiometrics sensorsVirtualization

TR A DITIONA L PL ATFORM STACKAppsWindows Platform ServicesKernelDevice Hardware

V IR TUA LIZA TION BA SED SECUR ITY W INDOW S 10KernelKernelWindows Operating SystemSystem ContainerHyper-VHyper-VDevice HardwareHypervisorTrustlet #3Windows PlatformServicesTrustlet #2Trustlet #1Apps

VIRTUALIZATION BASED SECURITY THE FUTUREAppsWindows PlatformServicesWindows PlatformServicesKernelKernelAppContainerCritical System ProcessesKernelWindows Operating SystemHyper-VSystemContainerHyper-VDevice HardwareHypervisor

THE WINDOWS 10 DEFENSE STACKPROTECT, DETECT & evice integritySmartScreenWindows Hello :)Device controlWindows FirewallCredential GuardBitLocker andBitLocker to GoMicrosoft EdgeDevice GuardWindows DefenderWindowsInformationProtectionBreach detectioninvestigation &responseConditional AccessWindows DefenderATP

T RADIT IONAL APPROACHType of threats to consider and mitigateDevice TamperingVulnerabilitiesMalwarePhishing

COMPREHENSIVE TH R EA T R ESISTENCEOffice ATPSmartScreenWindows FirewallExternalInternalMicrosoft EdgeWindows DefenderDevice Guard

Windows 10PROTECT FROM THE EDGEProtect devices before they encounter threats

PROACTIVE THREAT IDENTIFICATION AND PROTECTIONMicrosoft SmartScreen Phishing and malware filtering technology forMicrosoft Edge and Internet Explorer 11 inWindows 10.Provides protection from drive-by attacks.Cloud service is continuously updated, nothing foryou to deploy.Exchange Online Advanced Threat Protection Cloud-based email filtering service helps protectagainst unknown malware and viruses.URL trace technology examines potentiallyharmful links.

Windows 10PROTECT FROM WITHINOperating system used defense in depth to addressthreats that get inside the perimeter

MICROSOFT EDGE: DESIGNED FOR SECUR E BR OWSINGMicrosoft Edge is the most secure browser Microsoft has ever shippedTacticsStrategyObjectiveKeep our customerssafe when browsingthe web Make it difficult andcostly for attackers tofind and exploitvulnerabilities inMicrosoft EdgeEliminate vulnerabilities before attackers can find them Break exploitation techniques used by attackersContain the damage when vulnerabilities are discoveredPrevent navigation to known exploit sites

MICROSOF T EDGE: BUILDING A SA FER BR OWSERFundamentally improve security and enable users to confidently experience the web when using Windows 10wwwDEFEND USERSDEFEND THE BROWSERNew(SmartScreen)(Universal Windows Platform)(Windows Address Space Layout Randomization on 64-bit systems)(Microsoft Passport and Windows Hello)(MemGC)(Cert. Reputation, EdgeHTML, W3C Content Security Policy,HTTP Strict Transport Security)(Control Flow Guard)

MICROSOFT EDGE SECUR ITY IMPR OV EMENTSBefore – Full access to Win32.sys Microsoft Edge and Flash nolonger have full access towin32k.sys—API calls arefilteredOnly 40% of interfaces areavailable to Flash and Edgereducing attack surfaceFlash player moves into itsown AppContainerWorking directly with Adobeto harden Flash player to beresistant to vulnerabilityexploitsMicrosoft Edge BrowserWindows KernelEdge Content ProcessFlash Host ProcessWin32k.sysToday – 60% less surface area of attack on a highly targeted libraryMicrosoft Edge BrowserWindows KernelEdge Content ProcessAllowed Win32k.sys interfacesFlash Host ProcessBlocked Win32k.sys interfaces

MICROSOF T EDGEHardware based isolation enables the most secure browsing experienceWindows Defender Application Guardprotects the device from advanced attackslaunched against Microsoft EdgeMalware and vulnerability exploits targetingthe browser, including zero days, are unableto impact the operating system, apps, dataand networkApplication Guard uses virtualization basedsecurity to hardware isolate to isolateMicrosoft Edge and any browsing activityaway from the rest of the systemClosing Microsoft Edge wipes all traces ofattacks that may been encountered whileonline

HARDWARE ISOL ATION WITHWINDOWS DEFENDER APPLICATION GUARDMicrosoft EdgeAppsWindows PlatformServicesWindows PlatformServicesKernelKernelWindows DefenderApplication Guard ContainerCritical System ProcessesKernelWindows Operating SystemHyper-VSystem ContainerHyper-VDevice HardwareHypervisor

TODA Y’ S CH ALLENGE:APPS

YOUR SECUR ITY DEPENDS ON A PL ATFORM WHERE:APPS MUST EARNTRUST BEFORE USE

Windows 10NEXT GENERATION APP CONTROLSecure your devices with Device Guard

DEVICE GUARDHardware Rooted App ControlWindows desktop can be locked downto only run trusted apps, just like manymobile OS’s (e.g.: Windows Phone)Untrusted apps and executables, suchas malware, are unable to runSigned policy secures configurationfrom tamperingProtects system core (kernel mode)and drivers from zero days andvulnerabilitiesRequires Windows 8 certified orgreater hardware with VT-X and VT-D

DEV ICE GUA R D IN V BS ENV IR ONMENTD E C I S I V E M I T I G AT I O NKernelKernelWindows Operating SystemSystemContainerHyper-VHyper-VDevice HardwareHypervisorTrustlet #3Windows PlatformServicesTrustlet #2DEVICEGUARDApps

WINDOWS DEFENDERANTI-VIRUS PROTECTIONProtection that competes to winScored 98.1% detection rating from AV Comparatives testingagainst top competitors (March 2016).Behavior and cloud-powered malware detectionCan detect fast changing malware varietals using behavior monitoringand cloud-powered protection that expedites signature deliveryTamper ResistantWindows Trusted Boot and platform isolation protectWindows Defender from attacks and enable it to self-repairBuilt into Windows and Always Up-To-DateNo additional deployment & Infrastructure. Continuously up-todate, lower costsMicrosoft Protection Stars AVTest6543210201420152016

THE WINDOWS 10 DEFENSE STACKPROTECT, DETECT & evice integritySmartScreenWindows Hello :)Device controlWindows FirewallCredential GuardBitLocker andBitLocker to GoMicrosoft EdgeDevice GuardWindows DefenderWindowsInformationProtectionBreach detectioninvestigation &responseConditional AccessWindows DefenderATP

WINDOWS 10 IDENTITY GOA LSMainstreamtwo-factorauthenticationMake credentialstheft resistantand breach andphish proofDeliver solutionto bothconsumer andbusiness usersProvide asolution thatworks in allscenarios andindustries

Windows 10USER IDENTITY & AUTHENTICATION

SH A R ED SECRETSEasily mishandled or lost(Hint: The user is the problem)shhh!

PKI SOLUTIONSComplex, costly,and under attack

ENTER PR ISE DEMANDSReduce costsSimplifyimplementation

WINDOWS H ELLO FOR BUSINESSDevice-Based Multi-FactorUSER CREDENTIALUTILIZE FAMILIARDEVICESAn asymmetrical key pairProvisioned via PKI or createdlocally via Windows 10SECURED BYHARDWARE

FIDO AL L IANCEExample boardlevel members

BIOMETRIC MODA LITIES Improved security Fingerprint and facial recognition Ease of use Impossible to forget VBS support

COMPA NION DEV ICE AUTHENTICATIONWINDOWS HELLO COMPANION DEVICE FRAMEWORKPhoneBand 2WearableUSBRFIDCard

COM PA NION D EV ICE SCENARIOSCompanion as second factorCredentials are mobile andremain on companionIncrease convenience and improve security.Adds additional security by storing creds off of thedevice. Helps with compliance and convenience.

Windows 10DERIVED CREDENTIALS& ACCESS TOKENS

“PASS THE HASH”ATTACKSToday’s security challenge

TOD A Y’ S SECUR ITY CH A LLENGE:PASS THE HASH AT TACKSAccess to onedevice can lead toaccess to many1.2.3.Single IT Pro’s machine iscompromisedUsing IT Pros access tokenattacker looks forkiosk/shared devices andmines them for tokensRepeatIT Pro manageskiosks/shared devices onnetworkAttacker steals IT Pro’saccess token

TO DAY ’ S S O LU T I O N : C R E D E N T I A L G U A R D Protects LSA Service (LSASS) andderived credentials (NTLM Hash)Fundamentally breaks derivedcredential theft using MimiKatz,Windows PlatformServicesKernelKernelWindows Operating SystemSystemContainerHyper-VHyper-VDevice HardwareHypervisorTrustlet #3Credential Guard uses VBS to isolateWindows authentication fromWindows operating systemAppsTrustlet #2 Pass the Hash (PtH) attacks are the#1 go-to tool for hackers. Used innearly every major breach and APTtype of attackCredentialGuard

THE WINDOWS 10 DEFENSE STACKPROTECT, DETECT & evice integritySmartScreenWindows Hello :)Device controlWindows FirewallCredential GuardBitLocker andBitLocker to GoMicrosoft EdgeDevice GuardWindows DefenderWindowsInformationProtectionBreach detectioninvestigation &responseConditional AccessWindows DefenderATP

YOUR INFORMATION PR OTECTION NEEDSDEVICEPROTECTIONBitLockerProtectsystem andenhancementsindatawhen8.1device isWindowslost or stolenInstantGo3rd party IONContainmentPreventunauthorized usersand apps fromaccessing andleaking dataProtect data whenshared with others,or shared outsideof organizationaldevices and controlData separation

INFORMATION PR OTECTION NEEDSDEVICEPROTECTIONBitLockerenhancements inWindows 8.1InstantGoBitLocker3rd OTECTIONAzure Rights ManagementOffice 365Windows Information Protection

Windows 10DATA-AT-REST PROTECTIONThe threat of lost or stolen devices

DEVICE ENCRYPTIONBitLockerModern devices may be encrypted outof-box with BitLocker technologyIncreased global acceptance of TPMTPM pervasive on Windows devices byend 2015Easiest deployment, leading security,reliability, and performanceSingle sign-on for modern devices andconfigurable Windows 7 hardwareEnterprise grade management (MBAM)and compliance (FIPS)

INFORMATION PR OTECTION rotect system anddata when device islost or stolenContainmentPreventunauthorized appsfrom accessingdataData separationSHARINGPROTECTION

MA R KET SOLUTIONSFOR DATA LOSS PREVENTIONMobile PlatformsDesktop PlatformsUsing ContainersLimited Platform IntegrationCompromised user experienceBetter user experienceEase of deploymentDifficult to deployLowest costHigher cost

INTRODUCING WINDOWS INFOR MA TION PR OTECTIONIntegrated protection against accidental data leaksProtects data at rest locallyand on removable storage.Common experience acrossall Windows 10 devices withcopy and paste protection.Ships in the Windows 10Anniversary UpdateSeamless integration intothe platform, No modeswitching and use any app.Corporate vs personal dataidentifiable wherever it rests onthe device and can be wiped.Prevents unauthorized appsfrom accessing business dataand users from leaking datavia copy and paste protection.

WINDOWS INFORMAT ION PROTECTION LIFECYCLE

INFORMATION PR OTECTION HARINGPROTECTIONContainmentPreventunauthorized appsfrom accessingdataProtect data whenshared with others,or shared outsideof organizationaldevices and controlBYOD separation

SHARING PR OTECTIONRights Management ServicesProtect all file types, everywhere theygo, cloud, email, BYOD, Support for all commonly used devicesand systems – Windows, OSX, iOS,AndroidSupport for B2B and B2B via Azure ADSupport for on premise and cloudbased scenarios (e.g.: Office 365)Seamless, easy to provision andsupport for FIPS 140-2 regulationand compliance

THE WINDOWS 10 DEFENSE STACKPROTECT, DETECT & evice integritySmartScreenWindows Hello :)Device controlWindows FirewallCredential GuardBitLocker andBitLocker to GoMicrosoft EdgeDevice GuardWindows DefenderWindowsInformationProtectionBreach detectioninvestigation &responseConditional AccessWindows DefenderATP

Windows 10SECURE YOUR ENVIRONMENTWITH CONDITIONAL ACCESSKeep unhealthy devices out with Intune and WindowsDevice Health Attestation.

UNKNOW N PC HEALTHImportant resourcesToday healthis assumed12

WINDOWS DEV ICE HEALT H AT TESTATION ENABL ES:MDMS to gateaccess based ondevice integrityand health34Important resources521

AT TACKS HAPPEN FAST AND ARE H A R D TO STOPIf an attacker sends an emailto 100 people in yourcompany 23 people will open it 11 people will open theattachment and six will do it in thefirst hour.

WINDOWS DEFENDERADVANCED THREAT PROTECTIONDETECT ADVANCED ATTACKS AND REMEDIATE BREACHESBuilt into WindowsNo additional deployment & Infrastructure. Continuouslyup-to-date, lower costs.Behavior-based, cloud-powered breach detectionActionable, correlated alerts for known and unknown adversaries.Real-time and historical data.Rich timeline for investigationEasily understand scope of breach. Data pivotingacross endpoints. Deep file and URL analysis.Unique threat intelligence knowledge baseUnparalleled threat optics provide detailed actor profiles1st and 3rd party threat intelligence data.

US DEPART MENT OF DEFENSEMICR OSOFT R ECEIV ES TH EULTIMA TE WINDOWS 10SECUR ITY PR OOF POINT FR OMUS DEPA R TMENT OF DEFENSEPENTA GON OR DER S WINDOWS 10TO BE INSTALLED ON ALL4 MILLION OF ITS PCS

dentitiesInformationprotectionThreatresistance

Resources:aka.ms/ITInnovationContinue your learningDownload the presentation, access online training and demos, try Windows 10 for free.aka.ms/ITInnovationResourcesBuild your IT Pro skillsAttend the Microsoft Tech Summit.www.microsoft.com/techsummit

THE WINDOWS 10 DEFENSE STACK PROTECT, DETECT & RESPOND PRE-BREACH POST-BREACH Conditional Access Windows Defender ATP Breach detection investigation & response Device protection Device integrity Device control Information protection BitLocker and BitLocker to Go