session_4_-_defender_defends5456445.pptx
MuhammadAmir785555
38 views
41 slides
Sep 08, 2024
Slide 1 of 41
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
About This Presentation
hello
Slide Content
Defender Defends Microsoft Defender Protecting The Government of British Columbia BC Government Privacy and Security Forum, June 19, 2024 James D. Argue Team Lead, Architect CYBERSECURITY AND DIGITAL TRUST
Agenda Defender eXtended Detection and Response (XDR) Defender for Endpoint (MDE - Devices and Servers) Defender for Identity (MDI) Defender for Office 365 (MDO) Defender Defending Defender for Cloud (MDC – future use ) Defender Vulnerability Management ( future use ) Microsoft Defender May s hare with peers and partner organizations within your community, but not via publicly accessible channels. 2
Defender eXtended Detection and Response (XDR) All Defender products in a unified pre- and post-breach enterprise defense suite. Includes custom detections, telemetry, live response, containment, and more. Different sources amalgamated into one tool. 3
XDR - All Defenders! 4
Defender for Endpoints (MDE) Is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. 5
MDE Deployment Deployed to managed mobile devices through Intune (2021-present). Deployed to Windows workstations by removing previous antivirus software. MDE is built into Windows in read-only mode, but needed configuring to send telemetry to the BC Gov Security console (late 2021). MDE goes active mode when other protective software is absent (previous antivirus software removed in early 2022). Best deployment to 9x.x% of workstations! Deployed to 100% of Linux servers and 75% of Windows servers in managed datacenters. Workstations 2021-22 Servers In progress 2024 6
MDE other stuff Automatic Investigations may submit files or file hashes for Microsoft’s analysis. Isolate workstations and quarantine suspicious files: Workstations: Incident Responders (IR) can Isolate and use Live Response Files: Will show in Windows Security > Virus & threat protection > Current threats > Protection history. App & browser control: Protecting Microsoft Edge; planning for Edge blocking mode soon, and Chrome and Firefox planning for warning mode, dates TBD. Protects against malicious apps, files, websites. Defender for Cloud Apps: Risk scores and possible controlled access to SaaS applications, e.g., WeChat, … 7
MDE – Cloud Apps 8
Defender for Identities (MDI) Advanced Identity Fraud Detection MDI is a cloud-based security solution that uses our on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. 9
Defender for Office 365 (MDO) Exchange Online Protection (EOP): Prevents broad, volume-based, known email attacks. BC Gov plan also adds phishing simulations, post-breach investigation, hunting, and response, and automation. Includes “Zero-hour auto purge” (ZAP). 10
MDO – Message Handling Mail delivery goes through EOP in the cloud for screening Exchange Online (EOL) MDO can access and quarantine messages. On-premise Exchange – partially cleaned – no access to mailboxes from cloud but possible to intercept before delivery. Attack simulations are best used for EOL mailboxes. Attack simulation packages available. Users clicking get passed over to training – will get training from Microsoft online library. Zero-hour auto purge observing ZAP at 95%+ success preventing malicious messages. 11
MDO – Defender Portal 12
MDO - Investigations 13
MDO - Investigations 14
MDO – User reported messages 15
MDO – User reported 16
MDO – Catching the Phish 17
MDO – Attack simulations 18
MDO – Attack simulations 19
MDO - Policies 20
MDO – Safe Attachments policies 21
MDO – Safe Attachments policies 22
MDO – Safe Links policies 23
MDO – Anti-malware policies .zip’s allowed! 24
by yakultjapa CC BY-NC-SA 3.0 Defender Defending! 25
Defender Portal security.microsoft.com Related Alerts are gathered into Incidents. Drill down to see the chain of events. Threat Hunting Include custom detection rules created by CDT staff. Incidents for remediation will follow existing IR processes E.g., workstation with malware reported to MISO for response. 26
Defender Portal – Incidents! 27
Defender Portal – Defenders Together as One! 28
Defender Portal - Incident 29
Defender Portal – Drilling down Attack chain. Cool. Not cool. Shows decoded obfuscated command. Cool. Not cool. 30
Defender Portal – Scary* * Security Analyst investigated – was scanner looking for log4j vulnerability on DMZ servers. No exploit used – tuning out. Possible Log4j exploit! 2 servers! 31
Defender Portal – Evil never sleeps 32
Defender Portal – Evil never sleeps 33
Defender Portal – Custom detections 34
By Aleksei-Liakh CC BY-NC-ND 3.0 Defender in the Future 35
Defender for Cloud (MDC) Blueprint in development for a Microsoft cloud-native application protection platform (CNAPP) protecting IaaS and PaaS. Each team could have own services in the BC Gov Tenancy. Public Cloud team working with OCIO-ES CDT Branch. Gov of Canada advice https://www.tbs-sct.canada.ca/pol/doc-eng.aspx?id=32787 . 36
MDC 37
MDC – Easy to apply compliance 38 SAMPLE
MDE – Vulnerability Management OCIO-ES CDT Vulnerability & Risk Management Team to use new software vulnerability data coming from MDE 39
MDE – Vulnerability Management 40 SAMPLE
Defender Defends Thank you James D. Argue Team Lead, Architect CYBERSECURITY AND DIGITAL TRUST
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 38
- Slides 41
- Age 449 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views