TODAY, YOU ARE EXPERIENCING A REVOLUTION OF CYBER-THREATS Wall Street Journal, JP Morgan, White House, Bushehr nuclear reactor, RSA, , Google, Apple, Facebook,struggling Sony, Target, Heartland ,EBay Heartland ICANN Home Depot THE EVOLUTION OF ATTACKS

2003-2004 Volume and Impact

Script Kiddies

BLASTER, SLAMMER

Motive: Mischief THE EVOLUTION OF ATTACKS

2005-PRESENT

Organized Crime

RANSOMWARE, CLICK-FRAUD, 2003-2004 IDENTITY THEFT Motive: Profit Script Kiddies

BLASTER, SLAMMER

Motive: Mischief THE EVOLUTION OF ATTACKS

2012 - Beyond

2005-PRESENT

Organized Crime

RANSOMWARE, Nation States, CLICK-FRAUD, Activists, 2003-2004 IDENTITY THEFT Terror Groups BRAZEN, Motive: Profit COMPLEX, Script Kiddies PERSISTENT Motives: BLASTER, SLAMMER IP Theft, Damage, Motive: Mischief Disruption SONY BREACH – EXTRAORDINARY DAMAGE

Sony Got Hacked “The [malware] sample with the Sony computer names in it was designed to systematically Hard: What We connect to each on the list. ‘It contains a user name and password and a list Know and Don’t of internal systems and it connects to each of Know So Far them and wipes the hard drives.”

KIM ZETTER Wired December 2, 2014

Source: Sony Got Hacked Hard: What We Know and Don’t Know So Far, Kim Zetter, Wired Magazine, December 3, 2014 SONY BREACH – ADDING TERROR TO PLAYBOOK

Sony Hackers “The world will be full of fear, remember the 11th of Threaten 9/11 Attack September 2001. We on Movie Theaters recommend you to keep yourself distant from the BRENT LANG places at that time.” Variety December 5, 2014

Source: Hackers Threaten Sony Employees in New Email: ‘Your Family Will Be in Danger’, Dave McNary, MSN, December 5, 2014. Image: G. Hodan ADDRESSING THE THREATS REQUIRES A NEW APPROACH:

RUIN THE ATTACKERS BREAK THE ATTACK ELIMINATE THE ECONOMIC MODEL PLAYBOOK VECTORS OF ATTACK

Security from the inside out – beyond bigger walls Require

Device security

Identity protection

Data protection

Threat resistance

Protection against modern security threats

Secure Secure your Secure your hardware identities data Secure Hardware

Device integrity maintained using UEFI Secure Boot Trusted Platform Module (TPM) protects critical secrets Biometrics sensors going mainstream on Windows Virtualization base security (VBS) isolates sensitive Windows processes and data using Virtualization based security powered by hardware

OS

CPU Virtualization based security powered by hardware

OS VBS

Hyper-V

CPU with Virtualization Extensions Protection against modern security threats

Secure Secure your Secure your hardware identities data Shared shhh! secrets

Easily mishandled or lost

(Hint: The user is the problem) Microsoft Passport and Windows Hello

Easy to deploy two-factor password alternative Breach, theft, and phish resistant credentials Single sign-on experience Convenient enterprise grade security for both enterprises and consumers Supports PIN and biometric sign-in using Windows Hello Hello Chris WINDOWS HELLO Fingerprint Iris Facial FIDO ALLIANCE

Example Board level members Windows Hello Demo Credential Guard

Pass the Hash (PtH) attacks are the #1 go-to tool for hackers Used in nearly every major breach and APT type of attack Credential Guard uses VBS to isolate Windows authentication services and derived credentials Fundamentally breaks delivered credential theft using MimiKatz, etc Cred Guard powered by Virtualization based security Protection against modern security threats

Secure Secure your Secure your hardware identities data $240 87% 58% PER RECORD

…of senior managers admit to Have accidentally sent sensitive Average per record cost of a data regularly uploading work files to a information to the wrong person1 breach across all industries2 personal email or cloud account1

1Stroz Friedberg, “On The Pulse: Information Security In American Business,” 2013 2HIPPA Secure Now, “A look at the cost of healthcare data breaches,” Art Gross, March 30, 2012 DEVICE DATA LEAK SHARING PROTECTION SEPARATION PROTECTION PROTECTION

BitLocker enhancementsProtect system andin Containment Prevent Protect data when Windowsdata when 8.1 device is Data separation unauthorized users shared with others, lost or stolen and apps from or shared outside InstantGo accessing and of organizational 3rd party adoption leaking data devices and control DEVICE DATA LEAK SHARING PROTECTION SEPARATION PROTECTION PROTECTION

BitLocker enhancements in Windows 8.1 InstantGo 3rd party adoption

BitLocker Enterprise data protection Rights Management Services BitLocker data protection

Protects data when a device is lost or stolen using full disk encryption Provides single sign on and protection from cold boot attacks Easy to deploy and manageable (via MBAM) at scale Excellent integration, performance, and reliability Submitted for Common Criteria and FIPS 140-2 certification. Will be supported for HIPPA, PCI DSS, etc scenarios Enterprise data protection

Delivers user friendly corporate/personal data separation and containment Ensures only trusted apps can access business data Helps prevent accidental data leakage through copy and paste scenarios Integrates with Microsoft Azure Right Management for secure roaming and sharing Available on mobile and the desktop Microsoft Azure Rights Management

Protect information from unauthorized access—internal and external (Do Not Forward and Company Confidential, Office 365 Message Encryption) Easy for users and easy for IT to enforce policies to improve data security Protects SharePoint, Exchange, and Office document and can work cross platform Bitlocker Demo TODAYS CHALLENGE

APPS Your security depends on a platform where: APPS MUST EARN TRUST BEFORE USE NEW APPROACHES WITH

Next Generation Device State based Active Threat Detection App Control Condition Access Next Generation App Control Secure your devices with Device Guard Device Guard

Provides next generation app control and kernel mode protection

Uses signed policies to help prevent users and malware with elevated privilege from changing IT’s app control policies

Protects kernel mode processes and drivers from zero days and vulnerabilities using hardware enforced vulnerability mitigations Device Guard powered by Virtualization based security

OS VBS

Guard Guard

Device Device Credential Credential

Hyper-V

CPU with Virtualization Extensions

Device Guard Code Integrity Demo Windows 10 webinar series Q&A Guidance

1 Please Sign in to Livestream to access Q&A function 2 To facilitate discussion, please use this format when posting questions: A technical team will be helping with your questions during the 1 hour webinar and for 30 minutes after. “_:

Click on the LOG IN button and sign in or Example: register through the pop-up Windows before LJChiu_1: Who is ? Q&A QWang_1: Why is it Blue instead of Red? LJ_Chiu_2: Who is Contoso?

3 Questions may not be answered in the sequence by which it came in. Type the questions in the Chat Box Thank you!

These slides are provided for educational purposes only. You are required to check on latest resources on what’s available and up to date information