Professional Documents
Culture Documents
aka.ms/MCRA
Zero Trust and Related Topics
aka.ms/MCRA
Security Guidance May 2021 - https://aka.ms/MCRA
CEO
Securing Digital
Transformation
https://www.nist.gov/cyberframework
https://www.cisecurity.org/cis-benchmarks/
Managing Information\Cyber Risk May 2021 - https://aka.ms/SecurityRoles
Security responsibilities or “jobs to be done”
Incident
Response
Incident
Management
Threat
Hunting
Azure Sentinel – Cloud Native SIEM, SOAR, and UEBA for IT, OT, and IoT
https://aka.ms/MCRA
Azure Endpoint Office 365 Identity SaaS
& 3rd party & Server/VM Email and Apps Cloud & Microsoft Cloud Other Tools,
clouds On-Premises App Security Logs, and
Data
Sources
Security Documentation
Microsoft Best Practices
Top 10
Benchmarks CAF WAF
Discover
Monitor Classify
Protect
B2B B2C
Azure Backup
Security & Other Services
Discover
Monitor Classify
Protect
B2B B2C
Azure Backup
Security & Other Services
S3
https://aka.ms/MCRA
S3
Azure Arc
Cloud App Security (CASB)
Identity &
Brute force Conditional access for
an account cloud apps
User receives Opens an Azure AD
an email attachment Identity protection &
+
Conditional access
Command and
Exploitation Installation Control channel Lateral Domain
Clicks on a URL Reconnaissance Movement Dominance
!
Browse
a website
Azure Defender Attacker attempts
lateral movement
Privileged account
compromised
Disgruntled or disenchanted
Potential
Subject to stressors Insider has access Anomalous
sabotage
to sensitive data activity detected
Defend across attack chains
https://aka.ms/MCRA
Browse
a website
Azure Defender Attacker attempts
lateral movement
Privileged account
compromised
Disgruntled or disenchanted
Potential
Subject to stressors Insider has access Anomalous
sabotage
to sensitive data activity detected
Operational Technology (OT) Security Reference Architecture https://aka.ms/MCRA
©Microsoft Corporation
Azure
Zero Trust Principles - Assume breach, verify explicitly, Use least privilege access (identity and network)
Why are we having a Zero Trust conversation?
Verify explicitly
Always validate all available data To help secure both data and Minimize blast radius for breaches
points including productivity, limit user access using and prevent lateral movement by
• User identity and location • Just-in-time (JIT) • Segmenting access by network,
• Device health • Just-enough-access (JEA) user, devices, and app awareness.
• Service or workload context • Risk-based adaptive polices • Encrypting all sessions end to
• Data classification • Data protection against out of end.
• Anomalies band vectors • Use analytics for threat detection,
posture visibility and improving
defenses
User
Groups/Role
Microsoft
Location Azure AD
Privileges
Session risk Microsoft
User Risk 365 Defender Microsoft
Information
Security & Protection
Compliance
Device Policy Engine
Microsoft
Managed or BYOD Defender for
Endpoint Microsoft
Health & compliance Cloud App
Device risk Microsoft Security
Endpoint
Type and OS version Manager
Encryption status
Digital Ecosystems
Data/Information
APIs
Apps & Systems
Secured Zones
Zero Trust Core Principles
Business Strategy and Organizational Culture – Shapes Zero Trust Strategy and Priorities
Technology
5. Risk & Complexity Reduction
8. Asset-centric security 9. Least privilege
2. Goal Alignment – Security must align with and enable organization goals within the risk 2. Security mechanisms must be pervasive, simple, scalable,
tolerance and threshold. and easy to manage.
3. Risk Alignment – Security risk must be managed and measured using a consistent risk
framework and considering organizational risk tolerance and thresholds. 3. Assume context at your peril.
Least Privilege – Access to systems and data must be granted only as required and removed when no 10. Data privacy (and security of any asset of sufficiently high
longer required. value) requires a segregation of duties/privileges.
10. Simple and Pervasive Security – Security mechanisms must be simple, scalable, and easy to implement and 11. By default, data must be appropriately secured when
manage throughout the organizational ecosystem (whether internal or external). stored, in transit, and in use.
11. Explicit Trust Validation – Assumptions of integrity and trust level must be explicitly validated against
organization risk threshold and tolerance.
https://aka.ms/MCRA
Analysts
and Hunters
MAPPING CHALLENGES
https://aka.ms/MCRA
How do signals and AI help protect you?
Microsoft Threat Intelligence
Built on diverse signal sources and AI
Microsoft Trust Center
https://aka.ms/MCRA
Microsoft Defender for Endpoint Azure AD Identity Protection Microsoft Defender for Identity
Intermediaries
Intermediaries
https://aka.ms/deploySPA
Machine Learning
(ML) Applications API