TODAY, YOU ARE EXPERIENCING A REVOLUTION OF CYBER-THREATS Wall Street Journal, JP Morgan, White House, Bushehr nuclear reactor, RSA, Microsoft, Google, Apple, Facebook,struggling Sony, Target, Heartland ,EBay Heartland ICANN Home Depot THE EVOLUTION OF ATTACKS
2003-2004 Volume and Impact
Script Kiddies
BLASTER, SLAMMER
Motive: Mischief THE EVOLUTION OF ATTACKS
2005-PRESENT
Organized Crime
RANSOMWARE, CLICK-FRAUD, 2003-2004 IDENTITY THEFT Motive: Profit Script Kiddies
BLASTER, SLAMMER
Motive: Mischief THE EVOLUTION OF ATTACKS
2012 - Beyond
2005-PRESENT
Organized Crime
RANSOMWARE, Nation States, CLICK-FRAUD, Activists, 2003-2004 IDENTITY THEFT Terror Groups BRAZEN, Motive: Profit COMPLEX, Script Kiddies PERSISTENT Motives: BLASTER, SLAMMER IP Theft, Damage, Motive: Mischief Disruption SONY BREACH – EXTRAORDINARY DAMAGE
Sony Got Hacked “The [malware] sample with the Sony computer names in it was designed to systematically Hard: What We connect to each server on the list. ‘It contains a user name and password and a list Know and Don’t of internal systems and it connects to each of Know So Far them and wipes the hard drives.”
KIM ZETTER Wired December 2, 2014
Source: Sony Got Hacked Hard: What We Know and Don’t Know So Far, Kim Zetter, Wired Magazine, December 3, 2014 SONY BREACH – ADDING TERROR TO PLAYBOOK
Sony Hackers “The world will be full of fear, remember the 11th of Threaten 9/11 Attack September 2001. We on Movie Theaters recommend you to keep yourself distant from the BRENT LANG places at that time.” Variety December 5, 2014
Source: Hackers Threaten Sony Employees in New Email: ‘Your Family Will Be in Danger’, Dave McNary, MSN, December 5, 2014. Image: G. Hodan ADDRESSING THE THREATS REQUIRES A NEW APPROACH:
RUIN THE ATTACKERS BREAK THE ATTACK ELIMINATE THE ECONOMIC MODEL PLAYBOOK VECTORS OF ATTACK
Security from the inside out – beyond bigger walls Require
Device security
Identity protection
Data protection
Threat resistance
Protection against modern security threats
Secure Secure your Secure your hardware identities data Secure Hardware
Device integrity maintained using UEFI Secure Boot Trusted Platform Module (TPM) protects critical secrets Biometrics sensors going mainstream on Windows Virtualization base security (VBS) isolates sensitive Windows processes and data using Virtualization based security powered by hardware
OS
CPU Virtualization based security powered by hardware
OS VBS
Hyper-V
CPU with Virtualization Extensions Protection against modern security threats
Secure Secure your Secure your hardware identities data Shared shhh! secrets
Easily mishandled or lost
(Hint: The user is the problem) Microsoft Passport and Windows Hello
Easy to deploy two-factor password alternative Breach, theft, and phish resistant credentials Single sign-on experience Convenient enterprise grade security for both enterprises and consumers Supports PIN and biometric sign-in using Windows Hello Hello Chris WINDOWS HELLO Fingerprint Iris Facial FIDO ALLIANCE
Example Board level members Windows Hello Demo Credential Guard
Pass the Hash (PtH) attacks are the #1 go-to tool for hackers Used in nearly every major breach and APT type of attack Credential Guard uses VBS to isolate Windows authentication services and derived credentials Fundamentally breaks delivered credential theft using MimiKatz, etc Cred Guard powered by Virtualization based security Protection against modern security threats
Secure Secure your Secure your hardware identities data $240 87% 58% PER RECORD
…of senior managers admit to Have accidentally sent sensitive Average per record cost of a data regularly uploading work files to a information to the wrong person1 breach across all industries2 personal email or cloud account1
1Stroz Friedberg, “On The Pulse: Information Security In American Business,” 2013 2HIPPA Secure Now, “A look at the cost of healthcare data breaches,” Art Gross, March 30, 2012 DEVICE DATA LEAK SHARING PROTECTION SEPARATION PROTECTION PROTECTION
BitLocker enhancementsProtect system andin Containment Prevent Protect data when Windowsdata when 8.1 device is Data separation unauthorized users shared with others, lost or stolen and apps from or shared outside InstantGo accessing and of organizational 3rd party adoption leaking data devices and control DEVICE DATA LEAK SHARING PROTECTION SEPARATION PROTECTION PROTECTION
BitLocker enhancements in Windows 8.1 InstantGo 3rd party adoption
BitLocker Enterprise data protection Rights Management Services BitLocker data protection
Protects data when a device is lost or stolen using full disk encryption Provides single sign on and protection from cold boot attacks Easy to deploy and manageable (via MBAM) at scale Excellent integration, performance, and reliability Submitted for Common Criteria and FIPS 140-2 certification. Will be supported for HIPPA, PCI DSS, etc scenarios Enterprise data protection
Delivers user friendly corporate/personal data separation and containment Ensures only trusted apps can access business data Helps prevent accidental data leakage through copy and paste scenarios Integrates with Microsoft Azure Right Management for secure roaming and sharing Available on mobile and the desktop Microsoft Azure Rights Management
Protect information from unauthorized access—internal and external (Do Not Forward and Company Confidential, Office 365 Message Encryption) Easy for users and easy for IT to enforce policies to improve data security Protects SharePoint, Exchange, and Office document and can work cross platform Bitlocker Demo TODAYS CHALLENGE
APPS Your security depends on a platform where: APPS MUST EARN TRUST BEFORE USE NEW APPROACHES WITH WINDOWS 10
Next Generation Device State based Active Threat Detection App Control Condition Access Next Generation App Control Secure your devices with Device Guard Device Guard
Provides next generation app control and kernel mode protection
Uses signed policies to help prevent users and malware with elevated privilege from changing IT’s app control policies
Protects kernel mode processes and drivers from zero days and vulnerabilities using hardware enforced vulnerability mitigations Device Guard powered by Virtualization based security
OS VBS
Guard Guard
Device Device Credential Credential
Hyper-V
CPU with Virtualization Extensions
Device Guard Code Integrity Demo Windows 10 webinar series Q&A Guidance
1 Please Sign in to Livestream to access Q&A function 2 To facilitate discussion, please use this format when posting questions: A technical team will be helping with your questions during the 1 hour webinar and for 30 minutes after. “
Click on the LOG IN button and sign in or Example: register through the pop-up Windows before LJChiu_1: Who is Cortana? Q&A QWang_1: Why is it Blue instead of Red? LJ_Chiu_2: Who is Contoso?
3 Questions may not be answered in the sequence by which it came in. Type the questions in the Chat Box Thank you!
These slides are provided for educational purposes only. You are required to check on latest resources on what’s available and up to date information