![Page 1: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/1.jpg)
![Page 2: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/2.jpg)
![Page 3: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/3.jpg)
![Page 4: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/4.jpg)
![Page 5: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/5.jpg)
![Page 6: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/6.jpg)
![Page 7: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/7.jpg)
![Page 8: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/8.jpg)
![Page 9: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/9.jpg)
Custom &
3rd Party tools
(as needed)
SIEM
![Page 10: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/10.jpg)
• Most investigations start with EDR
capability (regardless of alert source)
• Investigations often pivot into identity
and Email/SaaS capabilities.
Custom &
3rd Party tools
(as needed)
SIEM
Data Lake + Azure Monitoring
![Page 11: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/11.jpg)
SIEMSIEM + SOAR as a Service
Azure Sentinel (Pilot)
Built on Azure Monitor, Logic Apps, and Microsoft’s UEBA/ML Technology
Custom &
3rd Party tools
(as needed)
![Page 12: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/12.jpg)
![Page 13: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/13.jpg)
DETECT RESPOND RECOVER
INCIDENT MANAGEMENTCoordinate Data Breaches and Major Incidents with:
Leadership | Legal | Communications | Risk Management | Others
THREAT INTELLIGENCEProvide External Context to inform decisions
Investigations | Hunting | Leadership | Technical Detections and Defenses
SOC ANALYSTSReactively remediate incidents and proactively hunt for attackers
Escalate to higher tier as needed
Tier 3
Tier 2
Tier 1
Mean Time to Acknowledge (MTTA) / Remediate (MTTR)
Lower tiers may be automated and/or outsourced to MSSP
![Page 14: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/14.jpg)
Machine learning applied to:• Reduce manual effort• Reduce wasted effort
on false positives• Speed up detection
![Page 15: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/15.jpg)
Microsoft Trust Center
![Page 16: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/16.jpg)
Existing SIEMMicrosoft Provides APIs and connectors Built-in 1st & 3rd party connectors
Alert Integration & Actions
Log IntegrationOffice 365, Azure, Azure Advanced
Threat Protection (ATP), Microsoft
Defender ATP, Microsoft Cloud App
Security
Built in
connectors
varies depending
on SIEM vendor
![Page 17: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/17.jpg)
GRAPH API Account, Mail, Calendar,
documents, directory, devices, etc.
{ }
GRAPH
SECURITY
API { }
http://aka.ms/graphsecurityapi | https://aka.ms/graphsecuritydocs
SIEM / Others FIREWALL
PROVIDER
![Page 18: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/18.jpg)
Enrichment with Intelligence (Geo location, IP Reputation)
Core capabilities
© Microsoft Corporation Azure
Microsoft
Services
Public Clouds
Securitysolutions
Integrate
ServiceNow
Community
Other tools
Apps, users, infrastructure
CollectAutomate &
orchestrate response
Playbooks
Investigate & hunt suspicious activities
Interactive Attack Visualization,Azure Notebooks
Analyze & detect threats
Machine learning, UEBA
Data SearchData Repository
Azure Monitor (log analytics)
Data Ingestion
![Page 19: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/19.jpg)
Cloud Native SIEM + SOAR - Azure Sentinel (Preview)
Integrated toolset for rapid threat remediation
Microsoft Security Center
Built on Azure Monitor, Logic Apps, and Microsoft’s UEBA/ML Technology
![Page 20: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/20.jpg)
![Page 21: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/21.jpg)
Loads (compromised device)
average price ranges
• PC - $0.13 to $0.89
• Mobile - from $0.82 to $2.78
Spearphishing services
range from $100 to
$1,000 per successful
account take over
0days price range
varies from $5,000
to $350,000
Ransomware:
$66 upfront
Or
30% of the profit (affiliate model)
Proxy services to evade IP
geolocation prices vary
As low as $100 per week
for 100,000 proxies.
Denial of Service
(DOS) average prices
day: $102.05
week: $327.00
month: $766.67Compromised accounts
As low as $150 for 400M.
Averages $0.97 per 1k.
![Page 22: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/22.jpg)
Loads (compromised device)
average price ranges
• PC - $0.13 to $0.89
• Mobile - from $0.82 to $2.78
Spearphishing services
range from $100 to $1,000 per
successful account take over
0days price range varies from
$5,000 to $350,000
Ransomware:
$66 upfront
Or
30% of the profit (affiliate model)
Proxy services to evade IP
geolocation prices vary
As low as $100 per week for
100,000 proxies.
Denial of Service (DOS)
average prices
day: $102.05
week: $327.00
month: $766.67
Compromised accounts
As low as $150 for 400M.
Averages $0.97 per 1k.
https://aka.ms/CyberHygiene
![Page 23: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/23.jpg)
![Page 24: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/24.jpg)
![Page 25: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/25.jpg)
also brings risks
2. Can inadvertently reveal private/secret information
1. Can amplify human bias
3. Can miss critical context and implications(e.g. Confuse innocent “John Smith” with another “John Smith” with criminal record and same birthdate)
4. Can be fed false/malicious data Microsoft Mitigation Approach – https://aka.ms/ProtectingML
![Page 26: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/26.jpg)
Machine Learning in Microsoft Security
We use machine learning extensively to
• Reduce manual effort
• Reduce wasted effort on false positives
• Speed up detection
Examples:• Defender ATP Antivirus - rapid detection and blocking of new threats• Azure - Rule recommendations for Application whitelisting• Azure - Threat detection via Malicious User Profiling, Compromised VM behavior
![Page 27: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/27.jpg)
![Page 28: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/28.jpg)
![Page 29: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/29.jpg)
http://aka.ms/dofoil
Emotet Bad Rabbit
![Page 30: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/30.jpg)
![Page 31: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/31.jpg)
(Investigation and Response Process)
![Page 32: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/32.jpg)
![Page 33: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/33.jpg)
![Page 34: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/34.jpg)
![Page 35: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/35.jpg)
![Page 36: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/36.jpg)
![Page 37: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/37.jpg)
https://Aka.ms/IRRG
Video
Blog
Video Documentation
Video
https://blogs.technet.microsoft.com/datacentersecurity/2017/11/29/why-use-shielded-vms-for-your-privileged-
access-workstation-paw-solution/
https://gallery.technet.microsoft.com/Azure-Security-Response-in-dd18c678
![Page 38: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/38.jpg)
YouTube link
YouTube link
YouTube link
YouTube link
![Page 39: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/39.jpg)
Securing Privileged Access
Office 365 Security
Rapid Cyberattacks (Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording StrategiesOffice 365
Dynamics 365
+Monitor
Azure Sentinel – Cloud Native SIEM and SOAR (Preview)
SQL Encryption &
Data Masking
Data Loss Protection
Data Governance
eDiscovery
![Page 40: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/40.jpg)
https://www.microsoft.com/SDL
http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail
.htm?csnumber=44378
https://technet.microsoft.com/en-
us/security/dn440717.aspx
![Page 41: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/41.jpg)
Mitigating arbitrary native code
execution in Microsoft Edge
![Page 42: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/42.jpg)
![Page 43: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/43.jpg)
![Page 44: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/44.jpg)
![Page 45: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/45.jpg)
Attachment opened
Intelligence Integration + Automation
Malware infects PC
!
Microsoft Defender ATPremoves malware
Remediate infected end-points
Search companywide email and remove attachment from affected mailboxes
Phishingmail
Intelligent Security GraphShared security signals
Personal email
SCENARIO: Malware gets onto a work PC through a personal email inbox.
Microsoft Defender ATP
Office 365 ATP
Infectiondetected
Block the attachment from future attacks
![Page 46: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/46.jpg)
Malicious emails
found
User anomalies
suggest identity
compromise
Threat signal
shared with
WDATP for auto
remediation
Automatic
remediation
actions complete
Because Minutes Matter
![Page 47: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/47.jpg)
![Page 48: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/48.jpg)
MobileLaptop
Work
Home
Account
Unusual
Device
Unusual
Location
Unusual
Data Access
Unusual
Account
![Page 49: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/49.jpg)
http://aka.ms/IRRG
![Page 50: download.microsoft.comLoads (compromised device) average price ranges •PC - $0.13 to $0.89 •Mobile - from $0.82 to $2.78 Spearphishing services range from $100 to $1,000 per successful](https://reader030.vdocuments.us/reader030/viewer/2022041016/5ec7e0a646fa363fec10ff2b/html5/thumbnails/50.jpg)
Browse to
a website
Phishing
Open
attachment
Click a URL Exploitation
& InstallationCommand
& Control
User account
is compromised
Brute force account or use
stolen account credentials
Attacker attempts
lateral movement
Privileged account
compromised
Domain
compromised
Attacker accesses
sensitive data
Exfiltrate data
Azure AD Identity
ProtectionIdentity protection & conditional access
Microsoft Cloud App SecurityExtends protection & conditional
access to other cloud appsProtection across an attack kill chainOffice 365 ATPMalware detection, safe links,
and safe attachments
Microsoft Defender ATPEndpoint Detection and Response
(EDR) & End-point Protection (EPP)
Azure ATPIdentity protection
Attacker collects
reconnaissance &
configuration data