Volle Power mit Windows 10 und Enterprise Mobility Suite Johannes Nöbauer Bereichseiter Enterprise Services Agenda Arbeitsplatz 4.0 Windows 10 & Microsoft Enterprise Mobility & Security * Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013 ** Forrester Research: “2013 Mobile Workforce Adoption Trends,” Feb. 4, 2013 *** Gartner Source: Press Release, Oct. 25, 2012, http://www.gartner.com/newsroom/id/2213115 Ernüchternte Statistik 200+ The median # of days that attackers reside within a victim’s network before detection 75%+ $500B $3.5M of all network intrusions are due to compromised user credentials The total potential cost of cybercrime to the global economy The average cost of a data breach to a company Die Häufigkeit und Gewandtheit der Cyber-Angriffe werden sogar noch schlimmer “There are two kinds of BIG companies. Those who have been hacked, and those who don’t know they have been hacked.” Windows 10 Schneller Besser Sicherer Microsoft Enterprise Mobility + Security Suite Identity and access management EMS E5 Information protection Identity-driven security Azure Active Directory Premium P2 Azure Information Protection Premium P2 Microsoft Cloud App Security Identity and access management with advanced protection for users and privileged identities Intelligent classification and encryption for files shared inside and outside your organization Enterprise-grade visibility, control, and protection for your cloud applications (includes all capabilities in P1) (includes all capabilities in P1) Azure Active Directory Premium P1 EMS E3 Managed mobile productivity Secure single sign-on to cloud and on-premises apps MFA, conditional access, and advanced security reporting Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Information Protection Premium P1 Microsoft Advanced Threat Analytics Encryption for all files and storage locations Protection from advanced targeted attacks leveraging user and entity behavioral analytics Cloud-based file tracking Microsoft Enterprise Mobility & Security Azure Active Directory Premium Azure Information Protection Advanced Threat Analytics Microsoft Intune Azure Active Directory Self Service Password Reset Multifaktor Authentifizierung Single-Sign On über Hybrid Clouds Your Directory on the cloud Connect and Sync on-premises directories with Azure. * * Azure Active Directory Connect PowerShell SQL (ODBC) LDAP v3 Web Services ( SOAP, JAVA, REST) Other Directories Microsoft Azure Active Directory Your Directory on the cloud Connect and Sync on-premises directories with Azure. 2400+ Preintegrated popular SaaS apps. Other Directories Microsoft Azure Active Directory SaaS apps Azure Multi Factor Authentication Optionen Demo Azure Active Directory Microsoft Azure Active Directory Identity-driven Security Actions Conditions Location (IP range) Device state User User group Allow access Or Enforce MFA per user/per app Risk Block access MFA IDENTITY PROTECTION NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT Cloud-powered Schutz Konsoldierte Ansicht auf die durch „machine learning“ basierte Erkennung von Bedrohungen Infected devices Brute force attacks Configuration vulnerabilities Leaked credentials Suspicious sign-in activities Remediation Empfehlung Riskbased policies MFA Challenge Risky Logins “Risk severity” Berechnung Machine-Learning Engine Change bad credentials Block attacks Risiko-basierter „Conditional Access“ schützt automatisch vor verdächtigen Anmeldungen und gefährdeten Anmeldeinformationen Sign-in Risk Policy mit Tor Browser Microsoft Enterprise Mobility & Security Azure Active Directory Premium Azure Information Protection Advanced Threat Analytics Microsoft Intune Microsoft Azure Information Protection Wie kann ich sicher stellen das Dokumente nur die gewünschte Zielpersonen verschlüsselt erreichen und diese nur spezifische Rechte haben Wie kann ich den Zugriff nachverfolgen Wie kann ich die Berechtigungen wieder entziehen Azure Rights Management Service Authentication and collaboration Client integration Integration Rights Management 101 File is protected by an AES symmetric key License protected by orgowned key Use Rights + Secret Cola Formula Water HFCS Brown #16 Protect #!@#!#!@#! ()&)(*&)(@#! #!@#!#!@#! ()&)(*&)(@#! #!@#!#!@#! ()&)(*&)(@#! Usage rights + symmetric key stored in file as ‘license’ Secret Cola Formula Unprotect Water HFCS Brown #16 Rights Management 101 Enlightened apps use the RMS SDK which communicates with the RMS key management servers Use Rights + #!@#!#!@#! ()&)(*&)(@#! #!@#!#!@#! ()&)(*&)(@#! #!@#!#!@#! ()&)(*&)(@#! File content is never sent to the RMS server/service RMS-enlightened apps enforce rights, Generic Protection offered by the RMS App Demo Azure Information Protection Microsoft Enterprise Mobility & Security Azure Active Directory Premium Azure Information Protection Advanced Threat Analytics Microsoft Intune Microsoft Azure Threat Analytics Werde oder bin ich schon im internen Netzwerk angegriffen? Wie finde Account Credentials Angriffe Habe ich unsichere Admin Logons im internen Netz Die Muster der Cyber-SecurityAngriffe ändern sich Today’s cyber attackers are: Compromising user credentials in the vast majority of attacks Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs Die Muster der Cyber-SecurityAngriffe ändern sich Today’s cyber attackers are: Compromising user credentials in the vast majority of attacks Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs Die Muster der Cyber-SecurityAngriffe ändern sich Today’s cyber attackers are: Compromising user credentials in the vast majority of attacks Using legitimate IT tools rather than malware – harder to detect Staying in the network an average of eight months before detection Costing significant financial loss, impact to brand reputation, loss of confidential data, and executive jobs Problemstellung Traditional IT Security Lösungen sind typischerweise : Komplex Neigen zu “false positives” Ausgelegt für den “perimeter” Schutz Ersteinrichtung, Feinabstimmung, Erstellen von Regeln für Schwellwerte/Baselines können lange dauern. Sie erhalten zu viele Berichte an einem Tag mit mehreren "false positives", die wertvolle Zeit erfordern, die Sie nicht haben. Wenn Benutzerlogin Informationen gestohlen wurden und Angreifer sich bereits im Netz befinden, bietet Ihre aktuelle Abwehr nur mehr eingeschränkten Schutz. Übersicht Microsoft Advanced Threat Analytics Eine lokale Lösung um fortschrittliche Sicherheits Angriffe zu identifizieren, bevor diese Schaden anrichten Vergleich: Kreditkartenunternehmen überwachen das Verhalten der Karteninhaber Gibt es ungewöhnlich Aktivitäten, wird der Karteninhaber benachrichtigt um die Transaktionen zu überprüfen Microsoft Advanced Threat Analytics bringt dieses Konzept zur IT und Anwender einer bestimmten Organisation Wie Microsoft Advanced Threat Analytics arbeitet 4 Alert ATA reports all suspicious activities on a simple, functional, actionable attack timeline ATA identifies Who? What? When? How? For each suspicious activity, ATA provides recommendations for the investigation and remediation. Topology Topology - Gateway Captures and analyzes DC network traffic via port mirroring Listens to multiple DCs from a single Gateway Receives events from SIEM Retrieves data about entities from the domain Performs resolution of network entities Transfers relevant data to the ATA Center Topology - Center Manages ATA Gateway configuration settings Receives data from ATA Gateways and stores in the database Detects suspicious activity and abnormal behavior (machine learning) Provides Web Management Interface Supports multiple Gateways Video Demo Azure Advanced Threat Analytics Microsoft Enterprise Mobility & Security Azure Active Directory Premium Azure Information Protection Advanced Threat Analytics Microsoft Intune Microsoft Intune Bring Your Own Device Mobiles Device Management MIT IT-Kontrolle OHNE private Enteignung App-Management für mobile Unternehmens-Apps Schön Êigener App-Store PC-Management und MDM integriert Managed Antivirus ist wieder Today’s challenges Users Users expect to be able to work in any location and have access to all their work resources. Devices The explosion of devices is eroding the standards-based approach to corporate IT. Apps Data Deploying and managing applications across platforms is difficult. Users need to be productive while maintaining compliance and reducing risk. Empowering people with our Enterprise Mobility Suite Enable users Allow users to work on the devices of their choice and provide consistent access to corporate resources. Unify your environment Users Devices Apps Data Deliver a unified application and device management onpremises and in the cloud. Protect your data Management. Access. Protection. Help protect corporate information and manage risk. Enterprise mobility management with Intune Mobile device management User Mobile application management PC management IT Intune helps organizations provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure. Device Lifecycle Management Enroll Provision • Provide a self-service Company Portal for users to enroll devices • Deliver custom terms and conditions at enrollment • Bulk enroll devices using Apple Configurator or service account • Restrict access to Exchange email if a device is not enrolled • Deploy certificates, email, VPN, and WiFi profiles • Deploy device security policy settings • Install mandatory apps • Deploy app restriction policies • Deploy data protection policies User IT Retire Manage and Protect • Revoke access to corporate resources • Perform selective wipe • Audit lost and stolen devices • Restrict access to corporate resources if policies are violated (e.g., jailbroken device) • Protect corporate data by restricting actions such as copy/cut/paste/save outside of managed app ecosystem • Report on device and app compliance Deployment Option 1: Intune only Intune standalone (cloud only) IT Intune web console Manage and Protect • No existing infrastructure necessary • No existing Configuration Manager deployment required • Simplified policy control • Simple web-based administration console • Faster cadence of updates • Always up-to-date Devices Supported Mobile devices and PCs • Windows PCs (x86/64, Intel SoC) • Windows RT • Windows Phone 8.x • iOS • Android Deployment Option 2: SCCM + Intune MDM Configuration Manager integrated with Intune (hybrid) System Center 2012 R2 Configuration Manager with Microsoft Intune • • • • • Build on existing Configuration Manager deployment Full PC management (OS deployment, endpoint protection, application delivery control, custom reporting) Deep policy control requirements Greater scalability Extensible administration tools (RBA, PowerShell, SQL reporting services) IT Configuration Manager console System Center Configuration Manager Devices Supported • • • • • Windows PCs (x86/64, Intel SoC) Windows to Go Windows Server Linux Mac OS X • • • • Windows RT Windows Phone 8.x iOS Android Domain joined PCs Mobile devices Demo Microsoft Intune Danke! für Ihre Aufmerksamkeit