Het beveiligen van de productiviteit, samenwerking en enterprise data is van cruciaal belang op het moment dat organisaties transformeren naar een Digital Workplace. De “Anniversary Update” van Windows 10 bevat enorm veel nieuwe functionaliteiten om deze zaken te waarborgen. In combinatie met de Enterprise Mobility + Security (EMS) oplossing van Microsoft zijn bedrijven in staat om identiteiten onder controle te houden en enterprise data te behoeden voor fouten van medewerkers. In deze deep dive sessie breng ik je op de hoogte van nieuwe functionaliteiten, zoals Enterprise Data Protection en Phone Sign-in.
3. Malicious Attachment Execution
Browser or Doc Exploit Execution
Stolen Credential Use
Internet Service Compromise
Kernel-mode Malware
Kernel Exploits
Pass-the-Hash
Malicious Attachment Delivery
Browser or Doc Exploit Delivery
Phishing Attacks
ESPIONAGE, LOSS OF IPDATA THEFT RANSOMLOST PRODUCTIVITYBUSINESS DISRUPTION
ENTER
ESTABLISH
EXPAND
ENDGAME
NETWORK
DEVICE
USER
Anatomy of an attack
4. PASS-THE-HASH
Browser or Doc Exploit Execution
Theft of sensitive information, disruption of government.
PHISHING
NETWORK
DEVICE
USER
ENDGAME
Anatomy of an attack
5. PASS-THE-HASH
Browser or Doc Exploit Execution
Theft of sensitive information, disruption of government.
PHISHING
NETWORK
DEVICE
USER
ENDGAME
Anatomy of an attack
http://natoint.com/900117-spain-forces-conclude-mission-in-central-african-republic/
6. Browser or Doc Exploit Execution
PHISHING
ENDGAME
PASS-THE-HASH
Browser or Doc Exploit Execution
Theft of sensitive information, disruption of government.
PHISHING
NETWORK
DEVICE
USER
ENDGAME
Anatomy of an attack
PASS-THE-HASH NETWORK
DEVICE
USER
Land on exploit page
Exploit runs
Redirected to legitimate page
Total Elapsed Time: 00:00.1
9. Windows as a Service
Threat protection over
time
Attackers take advantage
of periods between
releases
P R O D U C T
R E L E A S E
CAPABILITY
10. Windows as a Service
P R O D U C T
R E L E A S E
T H R E A T
S O P H I S T I C A T I O N
CAPABILITY
Game change with
Windows and
Software as a Services
Disrupt and out
innovate our
adversaries by
design
Protection Gap
16. Virtualization Based Security
Kernel
Windows Platform
Services
Apps
Kernel
System Container
Trustlet#1
Trustlet#2
Trustlet#3
Hypervisor
Device Hardware
Windows Operating System
Hyper-VHyper-V
19. Access to one device can
lead to access to many
1.
Single IT Pro’s machine is
compromised
IT Pro manages
kiosks/shared devices on
network
Attacker steals IT Pro’s
access token
2.
Using IT Pros access
token attacker looks for
kiosk/shared devices and
mines them for tokens
3.
Repeat
20. Credential Guard
Pass the Hash (PtH) attacks are
the #1 go-to tool for hackers.
Used in nearly every major
breach and APT type of attack
Credential Guard uses VBS to
isolate Windows authentication
from Windows operating system
Protects LSA Service (LSASS) and
derived credentials (NTLM Hash)
Fundamentally breaks derived
credential theft using MimiKatz,