Microsoft Networking Academy · Microsoft Networking Academy ... •Quick overview or what’snew...
Transcript of Microsoft Networking Academy · Microsoft Networking Academy ... •Quick overview or what’snew...
Microsoft Networking Academywith the C+E Global Black Belts
Olivier Martin (@omartin) – Networking TSP GBB
Kevin Lopez (@kevlopez) – ER Partner Sales Executive GBB
Jaime Schmidtke (@jaimesc) – ER Partner Sales Executive GBB
Eddie Villalba (@edvilla) – Networking and Open Source TSP GBB
Bryan Woodworth (@brwoodwo) – Networking TSP GBB
Before we get started
• Welcome customers and partners!!!
• Material is public information No NDA info here.
• Use the IM window for questions.
• Sessions are recorded and posted here :
https://aka.ms/mna
• Introductory Sessions (200 level)• Quick overview or what’s new this week (5-10 minutes)
• Partner Spotlight of the week (35-45 minutes)
• Q&A (10 minutes)
• Deep Dive Sessions (300-400 level)• Short introduction (5 minutes)
• Deeper dive topic of the week (35-45 minutes)
• Q&A (10 minutes)
• Email [email protected] to receive detailed schedules for upcoming sessions!
• Available on Channel 9!
Microsoft Networking Academy
• Intro – Networking from 0-60
• Partner Spotlight – Full Stack Security for Azure with Alert Logic
• Ask the Experts Q&A
Agenda for April 28th, 2017 – Episode #7
Atlanta
Chicago
Los Angeles
Seattle
Silicon Valley Washington DC
AmsterdamDublin
London
Sao Paulo
Chennai
Hong Kong
Mumbai
Melbourne
Osaka
Singapore
Sydney
TokyoLas Vegas
TorontoMontreal
Quebec City
New York City
Dallas
Newport, WalesParis Beijing
Shanghai
Berlin
Frankfurt
Dallas
Washington DC
New York
Chicago
US Government
Germany
China
Azure Active Directory
Azure subscription
Azure subscription
Azure subscription
AccessControl
AccessControl
AccessControl
Virtual Network Virtual Network Virtual NetworkVirtual Network
FW FW
IIS IIS
SQL
IIS IIS
SQL
FW FW
IIS IIS
SQL
FW FW
IIS IIS
SQLExpressRoute ExpressRoute
Internet Internet Internet Internet
Azure load balancer
Azure load balancer
Azure load balancer
Azure load balancer
Azure load balancer
Azure load balancer
Azure load balancer
ALERT LOGIC SOLUTIONS FOR AZURE
Vince Bryant, MS Partner Development Manager
Peter Baumbach, Solutions Engineer
Jason Giddens, Manager, Solutions Engineering
We protect cloud workloads & web applications
• Full-stack security
• Integrated analytics & experts
• Built for cloud
• Cost-effective outcomes
ASSESS
BLOCK COMPLY
DETECT
FULLY-MANAGED SECURITY, DELIVERED AS A SERVICE
Data
CenterHosting
Cloud has disrupted traditional security
DEPLOYMENT & MANAGEMENT PERFORMANCE & OPERATIONSCUSTOMER APPLICATION
REQUIREMENTS
TR
AD
ITIO
NA
L
SE
CU
RIT
Y
CL
OU
D
DR
IVE
RS
SLOW, COMPLEX
CONFIGURATIONS
AGILITY & AUTOMATION HYPER-SCALABILITY PRIORITY: WEB APPLICATIONS
SCALING CHOKEPOINTSPOOR DETECTION OF
WEB APP ATTACKS
vs vs vs
1
49
56
86
125
155
172
197
525
908
Denial of Service
Crimeware
Physical Theft / Loss
Payment Card Skimmers
Everything Else
Cyber-espionage
Privilege Misuse
Miscellaneous Errors
POS Intrusions
Web App Attacks
Security risk is shifting to unprotected web applications
Web app attacks are now the #1
source of data breaches
But less than 5% of data center security
budgets are spent on app security
Source: Verizon
UP 500% SINCE 2014
$23 to $1
Percentage of Breaches
10% 20% 30% 40%
Source: Gartner
Web App Attacks
Application protection is the customer’s responsibility
The first step to securing cloud workloads
is understanding the shared responsibility
model
Microsoft will secure most of the
underlying infrastructure, including the
physical access to the datacenters, the
servers and hypervisors, and parts of the
networking infrastructure…but the
customer is responsible for the rest.
Taken from the Shared Responsibility for Cloud Computing whitepaper, published by Microsoft in March 2016
Alert Logic helps protect across the entire stack
• Security Monitoring
• Log Analysis
• Vulnerability Scanning
• Network Threat Detection
• Security Monitoring
• Logical Network Segmentation
• Perimeter Security Services
• External DDOS, spoofing, and
scanning monitored
• Hypervisor Management
• System Image Library
• Root Access for Customers
• Managed Patching (PaaS, not IaaS)
• Web Application Firewall
• Vulnerability Scanning
• Secure Coding and Best Practices
• Software and Virtual Patching
• Configuration Management
• Access Management
(inc. Multi-factor Authentication)
• Application level attack monitoring
• Access Management
• Configuration Hardening
• Patch Management
• TLS/SSL Encryption
• Network Security
Configuration
CUSTOMER ALERT LOGICMICROSOFT
Web Apps
Server-side Apps
App Frameworks
Dev Platforms
Server OS
Hypervisor
Hardware
Databases
SaaS Technology
Web Security
Manager
Log
Manager
Threat
Manager
Web App
Attacks
OWASP
Top 10
Platform /
Library
Attacks
System /
Network
Attacks
Cloud Defender delivers full stack security, experts included
Cloud Defender Active Watch
Managed SecurityYour App Stack
Signatures &
Rules
Anomaly
Detection
Machine
Learning
Threat Intelligence
Security Research
Data Science
Security Content
Security
Operations Center
Security
Analytics
Experts
Analysis
Continuous delivery of high value cost-effective outcomes
Continuous reporting on
vulnerabilities and configuration flaws
Incident escalation and
remediation guidance – within 15
minutes
Attack filtering logic tuned specifically
for each web app
Log security monitoring, daily
review and archival
Detect
Assess
Block
Comply
Examples of outcomes we deliver
PROCESS
ANALYTICS
EXPERTS
TECHNOLOGY
HOW IT WORKS:
Alert Logic Threat Manager for 3 Tier Application Stack + Azure SQL
VNET
RESOURCE GROUP
Alert Logic
Web Traffic
Threat Manager
Appliance
AutoScale AutoScale Azure SQL
Database
Tier
Azure Storage
Table
SQL Logs
Application Tier
VM ScaleSets
Web Tier
VM ScaleSetsApplication
Gateway
VM
3-Tier applications using VMs only
VNET
RESOURCE GROUP
Web Traffic
Customer B
Alert Logic
Threat Manager
Appliance
VM
AutoScale
Application Tier
VM ScaleSets
AutoScale
Web Tier
VM ScaleSetsDatabase Tier
SQL VM
AvailabilitySets
VNET
RESOURCE GROUP
AutoScale
Application Tier
VM ScaleSets
AutoScale
Web Tier
VM ScaleSetsDatabase Tier
SQL VM
AvailabilitySets
Web Traffic
Customer A
Agents can be baked into VM images, or automatically installed using DevOps
toolsets
https://supermarket.chef.io/cookbooks/al_agents
Azure Activity Logs identify IOCs at the subscription level
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-partners
These logs can show changes to NSG
configurations or privilege escalation
How can I find out more?
• Check out our website, and request a demo –www.alertlogic.com/azure
• Attend our webinar on June 7th -https://www.brighttalk.com/channel/11587/cloud-security-and-compliance
• Sign up for our weekly threat report -https://www.alertlogic.com/resources/threat-reports/
We scan the entire stack for vulnerabilities and config errors
Web Apps
Server-side Apps
App Frameworks
Dev Platforms
Server OS
Hypervisor
Databases
Our coverage is
prioritized by
applications and
workloads
running in the
cloud
Alert Logic is security built for the cloud
Prevent, detect and stop threats across your full app & infra stack
Add expert protection without adding staff or building SOC
Eliminate chokepoints in app production with security built for cloud
Expand capabilities quickly with modular services
Focus on actionable detail with expert verification and prioritization
Affordable advanced protection from 13 cents / hour / host
Incident identification and notification
ALERT LOGIC
CLOUD
Incident notification
Alert Logic
SOC
Customer / Partner
SecOps Team
ATTACK
CONSOLE
AWS
Azure
On-prem
CONSOLE
We can either work with your customer directly, or your teams if
you are managing the environment on behalf of the customer
Alert Logic – a Leader in Forrester’s 2016 NA MSSP WAVETM
“Alert Logic has a head start in the cloud, and it shows.
Alert Logic is an excellent fit for clients looking to secure their current or planned cloud migrations, clients requiring a provider than can span seamlessly between hybrid architectures, and those that demand strong API capabilities for integrations.”
- Forrester WAVETM Report
Addressing Customers with Compliance Requirements
Alert Logic
Solution PCI DSS SOX HIPAA & HITECH
Alert Logic
Web Security
Manager™
• 6.5.d Have processes in place to protect applications from
common vulnerabilities such as injection flaws, buffer
overflows and others
• 6.6 Address new threats and vulnerabilities on an ongoing
basis by installing a web application firewall in front of
public-facing web applications.
• DS 5.10 Network Security
• AI 3.2 Infrastructure resource
protection and availability
• 164.308(a)(1) Security Management
Process
• 164.308(a)(6) Security Incident
Procedures
Alert Logic
Log
Manager™
• 10.2 Automated audit trails
• 10.3 Capture audit trails
• 10.5 Secure logs
• 10.6 Review logs at least daily
• 10.7 Maintain logs online for three months
• 10.7 Retain audit trail for at least one year
• DS 5.5 Security Testing,
Surveillance and Monitoring
• 164.308 (a)(1)(ii)(D) Information
System Activity Review
• 164.308 (a)(6)(i) Login Monitoring
• 164.312 (b) Audit Controls
Alert Logic
Threat
Manager™
• 5.1.1 Monitor zero day attacks not covered by anti-virus
• 6.2 Identify newly discovered security vulnerabilities
• 11.2 Perform network vulnerability scans quarterly by an
ASV or after any significant network change
• 11.4 Maintain IDS/IPS to monitor and alert personnel; keep
engines up to date
• DS5.9 Malicious Software
Prevention, Detection and
Correction
• DS 5.6 Security Incident
Definition
• DS 5.10 Network Security
• 164.308 (a)(1)(ii)(A) Risk Analysis
• 164.308 (a)(1)(ii)(B) Risk Management
• 164.308 (a)(5)(ii)(B) Protection from
Malicious Software
• 164.308 (a)(6)(iii) Response &
Reporting
Alert Logic Security Operations Center providing Monitoring, Protection, and Reporting