Cyber Security

Microsoft Vision and How Microsoft Protect Itself from Cyber Attacks

Prof Chris Peiris

AgendaMicrosoft Vision on Cyber Security• Advance Persistent Threat (APT) and Zero days

• Microsoft Security Intelligence Report – Thailand

• Case studies : How Microsoft Protect its assets against Cyber Attacks

Cyber Security Solution Portfolio• Cyber Security Solution Introduction

• Solutions on Protecting, Detecting and Responding to Cyber threats

• Unique Microsoft IP that protects

• at the “Windows Kernel” level.

• Converts whole Windows Operating System into a sensor to detect attacks

• Solution Roadmap

• Case studies : How Executive Yuan protect Taiwan from Cyber Attacks

• Next steps and actions

Is the threat real to us?

http://www.creditcards.com/credit-card-news/credit-card-fraud-price-list-1282.php

Changing Threat Landscape –The numbers game

Source: Microsoft Security Intelligence Report & Verizon 2013 Data Breach Investigations Report

Is the threat real to Enterprises?

Security Intelligence Report

18+ billion420 million

35 billion messages/month

250 million Millions

Billions700 million

40 billion

Millions

Enterprise Risk Mitigation System

Leveraging Cyber Threat Intelligence

Malware trends in Thailand

Malware encounters and infectionsThailand

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

3Q13 4Q13 1Q14 2Q14

En

cou

nte

r ra

te (

perc

en

t o

f all r

ep

ort

ing

co

mp

ute

rs)

Encounter rate

0

5

10

15

20

25

30

35

3Q13 4Q13 1Q14 2Q14

Co

mp

ute

rs c

lean

ed

per

1,0

00 s

can

ned

(C

CM

)

Infection rate

Thailand Worldwide

Top threat families by CCM in 2Q14Thailand

Family Most significant category CCM

1 Win32/Sality Worms & Viruses 5.1

2 Win32/Sefnit Trojans 4.1

3 Win32/Gamarue Worms & Viruses 3.5

4 Win32/Wysotot Trojans 1.8

5 MSIL/Bladabindi Backdoors 1.6

6 Win32/Ramnit Trojans 1.5

7 Win32/Nitol Other Malware 1.4

8 Win32/Pramro Trojans 0.9

9 VBS/Jenxcus Worms & Viruses 0.8

10 MSIL/Spacekito Trojans 0.6

Security Strategy Change

Perimeter Security DiD

Trust All Internal Assume Breach

Cyber Strategy

APT Firewall Network Anti Virus HW Fireeye

Win Kernel

How do we address these threats?

Microsoft Cyber Security Portfolio

Threat of not deploying the latest products

Security risks on desktops more than a decade ago don’t come close to today’s threat landscape

Protection against threats begins with modern software and hardware with the latest operating system

Windows XP is 6 x more likely

more likely than Windows 8

to be infected with malware than Windows 7

21xand

• Many companies don’t even think about upgrading an application which appears to function normally• Known, dangerous and exploitable security holes remain open on millions of PCs months and even

years after discovery and when updates are provided.• Software security flaws are a time bomb waiting to be detonated by a cybercriminal`

03.02.14

Cyber Security Services and Solutions Portfolio

Protect Enhanced Security Admin Environment (ESAE) Security Development Lifecycle Services (SDL) Microsoft Security Risk Assessment (MSRA)

Detect Microsoft Threat Detection Services (MTDS)

On Premise & Hosted Persistent Adversary Detection Service (PADS)

Respond Incident Response (IR)

Recover Tactical and Strategic Recovery Enterprise Security Strategy (CSA)

Identify

Protect

DetectRespond

Recover

Identify Active Directory Security Assessment (ADSA) Foundational Security Monitoring (FSM) Strategy/Cybersecurity Architect (CSA)

Case Study

How Taiwan Executive Yuan protects Taiwan from Cyber attacks

Security Improvement Program

Partitioning

Principles of a resilient architecture The overarching goal of a resilient architecture is to build a platform that can dynamically evolve in response to cyber threats and progressively adapt

to support the changing business mission. A resilient architecture incorporates design strategies, techniques and technologies that combine protective, detective, containment and recovery controls.

Microsoft Objective for Customer 1. Improve the resiliency and security maturity of credentials and information that supports Customers business critical platforms, enabling

continuity of operations whilst actively under attack. 2. Support Customer to achieve its organisational compliance outcomes.

Time

Objective Maturity

Level

Stage 1 Stage 2 Stage 3 Stage 4

ESAE AD # 1 Project

Adapt and deploy Tier 0 partitioning to a broader set of environments

Tier 0 - Broad (User & Services) privilege minimisation

Tier 2 - End point resilience – localised containment

Tier 1 – (Apps and Data) privilege minimisation and protection

Ongoing Assessments and Health Checks (Recurring Activity) – for measurement of progress, status and compliance activities

Training, organisation and operational change management

Advanced threat detection and monitoring

Architectural guidance, coordination, planning and risk management

Trusted identity and information services

Tier 0

Tier 2

Tier 1

Undefined and Inconsistent - Basic

Structured and Consistent -

Standardised

Integrated and Controlled - Rationalised

Basic

Standardised

Rationalised

Security Improvement Program

Contacts - Prof Chris Peiris Architect Lead – Public Sector Asia Pacific Japan @ Microsoft

- Leading sales and delivery capability for CyberSecurity solutions, Public Safety & National Security solutions and Government solutions.

- chrispei@Microsoft.com

- +612 6122 4687

Speaker Profile- Thought leader in the “Enterprise Architecture” space.

- Authored 10 books (including topics on Cloud, Enterprise Architecture, SOA, WCF, Security, Web services, Java, IIS and Windows Server topics),

- 25+ technical articles and reviews

- Frequent speaker at 25+ leading industry conferences / events.

- 18+ years of IT experience with Enterprise clients

- Education – PhD on Cloud, IT Masters, Bach Accounting & Computing.

- Associate Professor (Adjunct) at University of Canberra as recognition of thought leadership on Cloud Computing and Enterprise Architecture.

Linked In Profile

www.ChrisPeiris.com

Questions and feedback?

Next Steps?• Cyber Security EBC in Redmond, USA

Links:

See Public Whitepapers: Determined Adversaries and Targeted Attacks (Oct 2012)

Microsoft Security Intelligence Report, Jan-June 2012, vol 13, section “Defending Against Pass-the-Hash Attacks”

Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques (Dec 2012),with step-by-step instructions in Appendix A

Securing Active Directory: An Overview of Best Practices (Apr 2013)http://technet.microsoft.com/en-us/library/dn205220.aspx