Microsoft Digital Crimes Unit · Risk management Governance Control. ... on security, starting with...
Transcript of Microsoft Digital Crimes Unit · Risk management Governance Control. ... on security, starting with...
Microsoft Confidential
Microsoft Digital Crimes UnitOle Tom SeierstadNational Security [email protected]
Microsoft Confidential
Cybersecurity is a Boardroom-level Issue
160MData records compromised
from top 8 breaches in 2015
556Mvictims of cybercrime
per year
$400Bcost of cyberattacks to
companies each year
71%of companies admit they
fell victim to a successful
cyber attack the prior year
$3 Trillionestimated cost in economic
value from cybercrime
industry by 2020
140+Median # of days between
infiltration and detection
Microsoft Confidential
Microsoft’sSECURITY POSTURE
DETECTusing targeted signals, behavioral monitoring, and machine learning
RESPONDclosing the gap between discovery and action
PROTECTacross all endpoints, from sensors to the datacenter
Microsoft Confidential
MICROSOFT’S UNIQUE PERSPECTIVE
300B user authentications each month
1B Windows devices updated
200B emails analyzed for spam and malware
We have built a culture of
strong privacy principles
and leading security
practices
We proactively fight
cybercrime and advocate
extensively for enhancing
cybersecurity
We invest deeply in
building a trustworthy
computing platform
and security expertise
CybersecurityPrivacy
Compliance
Transparency
AdvocacyRisk management Governance
Control
Security is at
the core of
our business
We do not mine your enterprise data
for advertising purposes
More than 12 years of unwavering focus
on security, starting with the Bill Gates’ Trustworthy
Computing memo and
continuing today
We enable governments to review and confirm
the integrity of our source code at our
Transparency Centers
“We do not provide anyone with direct,
unfettered access to customer data.”
– Brad Smith, General Counsel
Foundational tenets: Security
Development Lifecycle and
Operational Security Assurance
We have built a culture of strong privacy principles and leading security practices
We have a
best-in-class
global
cybersecurity
services team
We deliver products and services that are secure
We help our
customers
and partners
to protect
their assets
We invest deeply in building a trustworthy computing platform and security expertise
We work to keep our
customers data secure
& private
Fighting cybercrime
Big Data | Investigations | Legal Action
Security intelligence
Policy &
advocacy
Government
security programs
We proactively fight cybercrime and advocate extensively for enhancing cybersecurity
Making a global
impact.
Microsoft Active
Protections Program
(MAPP)
50+partners
Law enforcement requests
The Law Enforcement Request Report discloses
details of requests every 6 months.
Microsoft doesn’t provide any government with
direct or unfettered access to Customer Data.
Microsoft only releases specific data
mandated by the relevant legal demand.
If a government wants customer data it
needs to follow the applicable legal process.
Microsoft only responds to requests for specific
accounts and identifiers.
Microsoft does not
disclose Customer Data
to law enforcement
unless as directed by
customer or required by
law, and will notify
customers when
compelled to disclose,
unless prohibited by law.
9
Source: http://aka.ms/letranspreport
Apps and Data
SaaS
Microsoft protecting you
Malware Protection Center Cyber Hunting Teams Security Response Center
DeviceInfrastructure
CERTs
PaaS IaaS
Identity
INTELLIGENT SECURITY GRAPH
Cyber Defense
Operations Center
Digital Crimes Unit
Antivirus NetworkIndustry Partners
Microsoft Confidential
A Layered Approach to Security
Helping to protect our customers, our company, and our world
These growing threats demand a coordinated response:
• Cyber Security Services Engineering
• Digital Crimes Unit
• Information Security & Risk Management
• Microsoft Azure
• Microsoft Security Response Center
• Microsoft Threat Intelligence Center
• Office 365
• Windows & Devices Group
Cyber Defense Operations Center
Microsoft Confidential
A safer digital experience for
every person and organization
on the planet
The Microsoft Digital Crimes Unit
Public and private partnerships to fight
technology facilitated crimes
.
Combining novel legal strategies, cutting-
edge forensics, cloud and big data
analytics
Microsoft Confidential
Protecting Vulnerable Populations
www.support.microsoft.com/reportascam
Microsoft Taking Action:
DCU investigates tech fraud cases globally building evidence to take action
Education programs through media, Microsoft Retail Stores, and the Cybercrime Center
The Scheme:
Fraudsters pose online and on phone as tech
support from high tech companies including
Microsoft
A victim is often asked for remote access and
charged for unnecessary technical services
Victims may lose money, personal
information or be exposed to malware
Technical Support Scams
Microsoft Confidential
Protecting Vulnerable Populations
PhotoDNA has helped detect
millions of illegal images online
www.microsoft.com/photodna
Free cloud-based service
PhotoDNA
Over 100 organizations use the
technology to keep their
platforms safe
Illegal images are reported to the
National Center for Missing and
Exploited Children and other
appropriate authorities
Microsoft Confidential
Malware
DisruptionsDCU acquires targets,
investigates, and orchestrates
global partnerships to take
actionWorking with Law Enforcement and others to disrupt the criminal infrastructure
Our malware intelligence is
embedded into Microsoft’s
products and services
We enable CERTs/ISPs globally
to notify and remediate
Microsoft Confidential
Actionable Intelligence from Malware Disruptions
Microsoft Confidential19
Dorkbot malware spreads, steals, distributes and disables
DorkbotOperationDecember 2015 USB flash drives Instant messaging
programs Social networks
Steals credentialsSteals personal
informationDistributes other
malwareDisables security
protection
Russian
Federation
16 %
Turkey
5 %
Argentina
14 %
China
4 %
India
21 %
Indonesia
17 %
Iran
3 %
Malaysia
9 %
Mexico
8 %
Philippines
3 %
Disruption
Partners
Since disruption,
Dorkbot-infected
devices have
connected to
our sinkhole thru
15 million IP
addresses
Countries where
Dorkbot was
detected
Disruption
Partners
Microsoft Confidential
Malware Infections
Microsoft Confidential
Data insights from enforcement actions allow us to share a unique perspective with customers
Digital Risk Dashboards |
Products And Services | GSP
Legal Strategy | Investigations | Analytics
Malware Disruptions | Strategic Enforcement |
Civil Action | Criminal Referrals
CTIP | Activation Data
Microsoft Confidential
Customerbenefits –Azure AD
22
Microsoft Confidential
Microsoft is committed to building trust with governments and sharing security information
Government Security
Program objectives
Help protect
governments and their
citizens
Build trust and
transparency
Strengthen public-
private partnerships
Direct access to Microsoft
product and security resources
Access to Transparency Centers
to work with source code
Remote access to online source
code
Technical data, including
Microsoft Azure and O365
Information sharing about
threats and vulnerabilities
leveraging CTIP