2. 2Digital Transformation Realized™
Latest
2015
2014
2013
Hacks resulting in loss of more than 30,000 records
Source: Informationisbeautiful.net
Largest Data Breaches
JP Morgan
Chase
76000000
Target
70000000
AOL
2400000
Ebay
MySpace
164000000Experian /
T-Mobile
Anthem
800000000
Banner
Health
Mail.ru
25000000
Linux
Ubuntu
forums
Clinton
Campaign
Carefirst
British
Airways
AshleyMadison.com
Adult Friend
Finder
Dominos
Pizzas
(France)
Evernote
50000000
Home Depot
56000000
European
Central
Bank
Kromtech
MSpy
Japan
Airlines
Philippines’
Commission on
Elections
55000000
Telegram
Securus
Technologies
70000000
NASDAQ
Sony
Pictures
Nintendo
Neiman
Marcus
Staples
OHV
Scribd
US Office of
Personnel
Management
(2nd Breach)
VK
100544934
Vtech
UPS
Yahoo Japan
Washington
State Court
System
Twitch TV
Ubuntu
Wendy’s
Verizon
uTorrent
Syrian
Government
Adobe
36000000
Central
Hudson
Gas &
Electric
National
Childbirth
Trust
Hacking
TeamCarPhone
Warehouse
Invest
Bank
Community
Health
Services
Apple
A&B
Altegrity
Mac
Rumours
.com
Premera
LivingSocial
50000000
TalkTalk
US Office of
Personnel
Management
4. 4Digital Transformation Realized™
Risk Mitigation and Digital Transformation
The Digital Transformation is driving change in the way IT is
leveraged throughout the business
The way IT is secured and risks mitigated within the business
will also rapidly evolve as threats enter new vectors
The technologies for mitigating risks are a combination of
longstanding best practices and modern capabilities
The defense against the modern (and existing) threats of the
Digital Transformation start now
1
2
3
4
6. 6Digital Transformation Realized™
Companies are Becoming More Digital
Enabling the customer
experience with technology
Enabling partner interactions
through technology
Driving efficiency
in internal operations
Customers Partners Employees
8. 8Digital Transformation Realized™
Digital Transformation
Modern Applications
IoT, Mixed Reality,
Collaboration, ECM, BPM
SecureModern IT Management
DevOps and IT Service,
Business Process
Transformation, Governance
Customer Engagement
CRM, Extranets, B2B solutions
Cloud Data Center
Identity & Device Management ,
Cloud Integration & Management,
Unified Communications
Analytics & Data
BI, SQL, Predictive
Analytics, Big Data
Mobile
SecureMobile
9. The way IT is secured and risks
mitigated within the business
will rapidly evolve as threats
enter new vectors
10. 10Digital Transformation Realized™
Top New Threats with Financial Impact
Customer User Database Compromise
IoT Device Compromise
Internal Identity Compromise
Confidential Data Compromise
Predictive Analytics Compromise
Source Code Compromise
Social Engineering Theft
Physical Access paired with Theft
11. 11Digital Transformation Realized™
Modern Security Layers to Mitigate Risk
Network Operating System Identity Application
Information Communications Management Physical
13. 13Digital Transformation Realized™
Risk Mitigation Combining Layers and NIST
Detect
Big data detection patterns
Respond
Automated response
mechanisms
Recover
Declarative configuration
Protect
Cloud consistent
protection patterns
Digital
Transformation
Identify
Cloud threat identification
Network
Identity
Application
Information
Communications
Management
Physical
Operating System
14. 14Digital Transformation Realized™
Modern Security Layers and NIST
DetectRespond
Recover Protect
Digital
Transformation
Identify
Network
The extent to which traffic can reach the
intended destination based on its qualities, being
from a known source, appropriate port, and of
certain characteristics.
Millions of hacked agents
Network boundary is everywhere
Applications are customer facing
15. 15Digital Transformation Realized™
Modern Security Layers and NIST
DetectRespond
Recover Protect
Digital
Transformation
Identify
Operating System
The extent to which the operating system is
protected from attack based on its inherent flaws,
as well as the extent to which it provides for
modern protections from modern invasive
approaches.
Out-of-Date Operating Systems
Your clients are your network boundary
IoT clients, mobile, and devices exposed
16. 16Digital Transformation Realized™
Modern Security Layers and NIST
Recover
DetectRespond
Protect
Digital
Transformation
Identify
Identity
The extent to which authentication to an application
provides a more important role in security in the
modern age, as well as what access the authenticated
person has based on role based access control.
Weak passwords everywhere
Applications not properly identity secured
Brute force techniques increasing
in capability
17. 17Digital Transformation Realized™
Modern Security Layers and NIST
Recover
DetectRespond
Protect
Digital
Transformation
Identify
Application
The security of the actual application
itself, as was tested and written using patterns
and practices which mitigate known
threats and attack vectors.
Applications using APIs and
features with known flaws
Interaction between
application components
Boundary security flaws on endpoint
18. 18Digital Transformation Realized™
Modern Security Layers and NIST
DetectRespond
Recover Protect
Digital
Transformation
Identify
Information
The extent to which documents and data are
protected regardless of location and are
controlled based on their qualities.
Confidential information is
widely accessible
Secure content is used to
gain other content
Users who “should” have access change
19. 19Digital Transformation Realized™
Modern Security Layers and NIST
Management
The extent to which management tools have evolved to
address modern threats which require analysis and response
exceeding manual effort. These scenarios look more like “big
data” and machine learning scenarios than manual reviews and
responses that traditional security practices employed.
DetectRespond
Recover Protect
Digital
Transformation
Identify
Breadth of threats exceeds
human capabilities
Response needs are immediate
Employees not properly trained
20. 20Digital Transformation Realized™
Modern Security Layers and NIST
Communications
The extent to which application communications (or
even personal communications) are protected and
private based on identity and application qualities.
No assurance that the network
is secured
Modern devices are connected to
the internet
Pass-the-Hash, Password Extraction
DetectRespond
Recover Protect
Digital
Transformation
Identify
21. The technologies for mitigating risks
are a combination of longstanding
best practices and modern capabilities
22. 22Digital Transformation Realized™
NIST CSF to Category / Microsoft technology map
Mapping in Technology Solutions
Protect(PR)
Data Security (PR.DS):
Information and records (data)
are managed consistent with
the organization’s risk strategy
to protect the confidentiality,
integrity, and availability
of information.
PR.DS-3: Assets are formally managed throughout removal,
transfers, and disposition
PR.DS-4: Adequate capacity to ensure availability is
maintained
Cloud Datacenter Operations Management Suite & System Center
Modern IT Management
PR.DS-5: Protections against data leaks are implemented
Customer Enablement Enterprise Mobility Suite
Cloud Datacenter Operations Management Suite & System Center
Modern IT Management Azure Resource Management Standards
Office365
PR.DS-6: Integrity checking mechanisms are used to verify
software, firmware, and information integrity
Customer Enablement Enterprise Mobility Suite
Modern IT Management Operations Management Suite & System Center
PR.DS-7: The development and testing environment(s) are
separate from the production environment
Cloud Datacenter Azure Resource Management Standards
Modern IT Management Visual Studio Team Services
PR.IP-1: A baseline configuration of information
technology/industrial control systems is created and
maintained
Modern IT Management Operations Management Suite &System Center
ServiceNow
PR.IP-2: A System Development Life Cycle to manage systems
is implemented
Modern IT Management Visual Studio Team Services
Operations Management Suite & System Center
ServiceNow
23. 23Digital Transformation Realized™
Tool Categories and Mapping
ServiceNow Operations
Management Suite
Visual Studio
Team Services
Azure Machine
Learning
Modern Service
Management Platform
Modern Operational
and Automation
Platform
Modern Development
Platform
Predictive
Analytics
24. 24Digital Transformation Realized™
Tool Categories and Mapping
Enterprise Mobility +
Security Suite
Office365
Dynamics 365
Azure Platform as a Service
Azure Cloud Platform, Windows Server
Azure Stack
Windows 10
Microsoft IoT Platform
Client Management
Platform
Collaboration
and Business
Process Platform
Cloud
Platform
End User
Computing Platform
25. 25Digital Transformation Realized™
Anatomy of Attacks and Defense
ServiceNow
Dynamics
Power BI
System Center
SCCM
MIM
ATA
Azure Stack
VM Ware
Network
EMS OMS USTS
Azure
ML Log Data
ARM + DSC
Code
Inventory
Log Data
Log Data
Inventory
Automation
Log Data/IDS
ARM + Code DSC
Log Data
I
I
IoT
Suite
27. The defense against the
modern threats of the Digital
Transformation start now
28. 28Digital Transformation Realized™
Steps to Starting Out
Admit that
you can do better
Know that you
can always do better
Make a plan for addressing the
security threats that are most relevant
based on risk and financial impact
First Second Then
30. 30Digital Transformation Realized™
Get Specific with Assessments
Discover Assess
ID System Owner
Business
Process
Hardware
Product
Software
Product
Configuration Threat Vulnerability Controls
Impact
(Low-Med-
High)
Complexity
(Low-Med-
High)
Risk
(Low-Med-
Hgih)
Priority
00001
Workstations
and Servers
Denise Smith X
Privilege
Escalation
Local
Administrators
LAPS High Low High 1
00002 Active Directory Qiong Wu X
Unauthorized
Use
Privileged
Accounts
MIM PAM Med Med Low 4
00003
Workstations
and Servers
Naoki Sato X Code Execution Patching SCCM X Med Med 3
00004
Business
Culture
Daniel Roth X
Social
Engineering
Phishing KnowBe4 High Low High 2
00005 WiFi Andrea Dunker X
Unauthorized
Use
Pre-shared Key 802.1X Low High Med 5
00006
Workstations
and Servers
Eric Gruber X
Business Data
Loss
Malicious
Software
Device Guard High High Med 6
31. 31Digital Transformation Realized™
Concurrency’s Engagements
Review, assess and make
a plan, strategic and tactical,
working with CISO
Address threats through
targeted process improvements,
technologies, and education
Develop a backlog
and keep improving the
security state
Plan and Design Execution Continuous
Improvement
32. 32Digital Transformation Realized™
Key points
Understand that security is not something
to procrastinate on
Leverage NIST CSF to develop a prioritized plan
Address key operating system and identity
threats first
Don’t underestimate the importance of a security
management platform
1
2
3
4
33. 33Digital Transformation Realized™
Digging into the Details
Presentations on individual scenarios
for the Digital Transformation, including:
Securing the Client to
Application Threat: Part 1
Securing the Client to
Application Threat: Part 2
Securing Content and
Communications
You will have access to the NIST to Technology Mapping, the whitepaper, and this presentation through a follow-up call
34. Part 1:
Securing the Client
An Employee, their Laptop and
a Hacker walk into a Bar…
35. 35Digital Transformation Realized™
We are not an appealing target for attackers, I’m probably
fine. I couldn’t stop them anyway.
An attacker would need to get someone’s password to start
hacking on us.
Breaking into our Network would require an experienced and
sophisticated attacker.
What do you think?
36. 36Digital Transformation Realized™
I’m using some of the laziest methods
They are easy to demo and understand
Much better methods and tools are available
They are easy to use, but might feel abstract
Attack Methods in this Demo
39. 39Digital Transformation Realized™
BitLocker
Would have prevented access to the file system
Is built-in to Windows Enterprise/Pro Edition
Manage with GPO, MBAM, AAD Join / Intune
− “InstantGo” capable devices (aka Connected Standby)
− Microsoft Surface/Book, Lenovo ThinkPad, Dell Venue
What could have stopped that?
40. 40Digital Transformation Realized™
Conditional Access
Single Sign On
Enterprise State Roaming
MDM Registration / Intune
New Intune Portal!
Azure AD Join / Domain Join++
43. 43Digital Transformation Realized™
Macro Security settings
GPO to “Disable all except digitally signed”
GPO for Trust Center/Trusted Locations
Client Activity Analysis with Defender ATP
What could have stopped that?
45. 45Digital Transformation Realized™
BitLocker (indirectly)
− Encrypts the file system, not files
Azure Information Protection (Azure RMS)
− Encrypts individual files by user action*
Windows Information Protection (WIP, prev. EDP)
− Encrypt “Enterprise Data” by device policy
What could have stopped that?
47. 47Digital Transformation Realized™
Local Admins can export Wifi Profiles
Exports any network saved by any user
Also exports client-side certificates
− Ensure the cert private key is not Exportable
− Consider using RADIUS authentication
Consider managing Wifi setting with GPO/MDM
What could have stopped that?
51. 51Digital Transformation Realized™
− LAPS / Better Passwords
• Generate and Rotate STRONG Local Admin Passwords
− Device Guard / AppLocker (for non-admins)
• Prevent running unsigned applications (mimikatz)
− Credential Guard
• Prevent dumping hashes
− Advanced Threat Analytics
• Detected machine account querying AD
What could have stopped that?
52. 52Digital Transformation Realized™
LAPS
− Randomize and Change STRONG Local Admin Passwords
Windows Firewall
− Block RDP / Disable RDP, allow trusted sources
Group Policy
− Prevent Remote Use of Local Accounts
Network Segmentation
− Separate Client and Servers networks with ACLs
What could have stopped that?
54. 54Digital Transformation Realized™
Group Managed Service Accounts
− Passwords managed by Machines, not saved in registry
Device Guard / AppLocker
− Prevent running unsigned applications
GPO / Access Control
− Prevent Service Accounts from logging in remotely
Monitor with OMS / SysMon
What could have stopped that?
58. 58Digital Transformation Realized™
Network Segmentation
− Restrict network access to the DC’s
GPO / Access Control
− Prevent Non-Domain Admin’s from logging in to DC’s
− Prevent Domain Admin’s from being using on Non-DC’s
Isolation / Protection
− Restrict access to the DC’s Physical / Virtual hardware
What could have stopped that?
64. 64Digital Transformation Realized™
Securing Content and Communication
Review of security issues with content and communications scenarios and
live review of example
Review of technologies to protect content and communications scenarios
and live review of example
How to get started with protecting content and communications scenarios
through both policy and technology
65. 65Digital Transformation Realized™
Data protection realities
87% of senior managers admit
to regularly uploading work
files to a personal email or
cloud account.*
87%
58% have accidentally sent
sensitive information to the
wrong person.*
58%
Focus on data leak prevention
for personal devices, but
ignore the issue on corporate
owned devices where the risks
are the same
? %
66. 66Digital Transformation Realized™
Security Issues with Content and Communications
Confidential
content is
everywhere Content
needs to be
shared,
despite its
security status
Certain
locations
should never
access
content
Content is
shared when
not intended
to be
67. 67Digital Transformation Realized™
Modern Content Security Needs
Protect various
content types
Protect in-place
and in-flight
Share with anyone
securely
Important
applications and
services are
enlightened
Meet with varied
organizational
needs
Protect
everywhere and
layer security
68. 68Digital Transformation Realized™
Technical Solution Layers Applied
Network • Location Awareness for Office365 w/ MFA
Application • Office365 applies Azure Information Protection
Information • Azure Information Protection
Operating System • Local Bitlocker Encryption
Identity • EM+S with Azure Active Directory Platform
Management
• Operations Management Suite (OMS)
• Enterprise Mobility + Security
• ServiceNow
69. 69Digital Transformation Realized™
Steps to Starting Out
Define corporate content types and scenarios based on business use cases and
organizational policies
Build rights management policies based on defined business requirements
Incrementally roll out location awareness and Azure Information Protection based
on the defined rights management policies and business requirements
70. 70Digital Transformation Realized™
Concurrency’s engagements
Plan and Design
Review, assess and make a plan, strategic and tactical, working with CISO
Execution
Address threats through targeted process improvements, technologies, and education
Continuous improvement
Develop a backlog and keep improving the security state