webcast: wie sie mit tech data, microsoft und spycloud ... · webcast: wie sie mit tech data,...
TRANSCRIPT
Webcast: Wie Sie mit Tech Data, Microsoft und Spycloud Account Takeover vermeiden Alexander Waldhaus, European Technical Software Architect, Tech Data
Bernd Bilek, Leiter BDM & Presales – Security & Mobility, Tech Data
Tech Data empfiehlt Original Microsoft® Software
Webcast: Wie Sie mit Tech Data, Microsoft und Spycloud Account Takeover vermeiden Donnerstag, 17. Mai 2018
Tech Data empfiehlt Original Microsoft® Software
3
This call will be recorded – link will be provided afterwards You will be put on mute by default. Please unmute yourself if you want to speak. (*6 to unmute and mute)
4
Agenda
Begrüßung und Einleitung
Microsoft 365: Einführung und Security Approach
SpyCloud: Breaches und Account Takeover
SpyCloud: Lösungsansatz
Q&A
5
Buzzword: Digital Transformation
6
Digital Transformation – MSFT Point Of View
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Local Logins /MSA
New PCs bought adhoc
PCs refreshed when dead
Employees using personal mobile devices
IT purchasing decisions
made “on the spot”
What does today look like for your customers?
“Good
enough”
platforms
No
technology
strategy
Legacy
back office
Fragmented
end-point
solutions
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Fragmentation leads to real business risk
1 Harvard Business Review, January-February Issue 2016, ‘Collaborative Overload’ 2 Strategic Analytics, Global Mobile Workforce Forecast, 2015-2020, November 2015 3 Small Business Trends, CYBER SECURITY STATISTICS – Numbers Small Businesses Need to Know, Jan. 3, 2017
37% of the global workforce is mobile2
43% of cyber-attacks target small business3
43%
50% more time in collaborative activities1
50%
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
What does today look like for you?
Greater effort to maintain
customer base
Race to the bottom pricing impacts
deal profitability
Difficulty differentiating
brand
Cross-platform device management
requirements
Increased security exposure
Custom solutions required for
interoperability
Need to source best of breed
solutions
Increased implementation
and management
complexity Multiple technology vendors servicing
single client
Increasingly complex customer demands
Multiple tech products
Tougher competitive environment
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Office 365
Business Premium
Office Applications Word, Excel, PowerPoint, Outlook, OneNote, Publisher, and Access
Online Services Exchange, OneDrive (1TB), Skype for Business, SharePoint, Teams
Business Apps Bookings, Outlook Customer Manager
Enhanced Security
Cross-platform
Consistent Security configuration across Windows 10, Android and iOS devices
Rights Management, Sensitivity labeling and intelligent Data Loss Prevention tips
Enforced device and documents encryption
Network protection from malware exploits
Remote wipe of business data from lost or stolen devices
Device Management & Simplified
Admin
Mobile Device Management for Windows 10, Android and iOS with Microsoft Intune
Always up-to-date Office, Windows and Windows Defender anti virus
Streamlined deployment of PCs with Windows AutoPilot
Single admin console to setup and manage users and devices
Auto-installation of Office apps
+ +
Includes upgrade benefits from Windows 7 Professional or Windows 8.1 Pro to Windows 10 Pro at no additional cost
Microsoft 365 Business
11
• Deployment for unlimited user
• 3 options: in-place Upgrade, Wipe&Load, Provisioning
• Advanced software deployment with Intune
Microsoft 365 Pillars
Advanced Deployment
Advanced Security
• Azure Data Protection
• Advanced Threat Analtyics
• E5: Cloud App Security, Azure Information Protection P2, eDiscovery, Customer Keys
GDPR Capabilities
• Azure Information Protection
• Legal Compliance & Archiving for Mails
• Azure Active Directory Premium 1 / 2 (2 with E5)
VoIP Solution • Cloud PBX, PSTN Conferencing, PSTN Calling (Only E5)
Features (new in blue) Office 365
BP
Microsoft 365
Business
Microsoft 365
E3
Microsoft 365
E5
Estimated retail price per user per month $USD (with annual commitment) $12.50 $20 $32 $57
Maximum number of users 300 300 unlimited unlimited
Office Apps Install Office on up to 5 PCs/Macs + 5 tablets + 5 smartphones per user (Word, Excel, PowerPoint, OneNote,
Access), Office Online Business Business ProPlus ProPlus
Email & Calendar Outlook, Exchange Online 50GB 50GB unlimited unlimited
Chat-based
Workspace, Meetings Microsoft Teams, Skype For Business
File Storage OneDrive for Business 1 TB 1 TB unlimited unlimited
Social, Video, Sites Yammer, SharePoint Online, Planner
Stream
Business Apps Scheduling Apps – Booking, StaffHub
Business Apps – Outlook Customer Manager, MileIQ1 Business center2, Listings2, Connections2, Invoicing2
Threat Protection Microsoft Advanced Threat Analytics, Device Guard, Credential Guard, App Locker, Enterprise Data Protection,
Office 365 Advanced Threat Protection
Windows Defender Advanced Threat Protection
Office 365 Threat Intelligence
Identity & Access
Management
Azure Active Directory - SSPR Cloud Identities, MFA, SSO >10 Apps
Azure Active Directory - Conditional Access, SSPR Hybrid Identities, Cloud App Discovery, AAD Connect Health
Credential Guard and Direct Access
Azure Active Directory Plan 2
Device & App
Management
Microsoft Intune, Windows AutoPilot
Microsoft Desktop Optimization Package, VDA
Information
Protection
Unlimited Exchange Archiving3, Office 365 Data Loss Prevention*, Azure Information Protection Plan 1
Azure Information Protection Plan 2, Microsoft Cloud App Security, O365 Cloud App Security
On-Prem CAL Rights ECAL Suite (Exchange, SharePoint, Skype, Windows, SCCM, Win. Rights Management)
Compliance Litigation Hold, eDiscovery, Compliance Manager, Data Subject Requests
Advanced eDiscovery, Customer Lockbox, Advanced Data Governance
Analytics Power BI Pro, MyAnalytics
Voice PSTN Conferencing, Cloud PBX
[1] Available in US, UK, Canada; [2] Currently in public preview in US, UK, Canada; [3] Unlimited when auto-expanding turned on *Data Loss Prevention Features will be available summer 2018
Detailed comparison of plans
Features (new in blue) O365 Business
Premium
Microsoft 365
Business
ERP (user/month) $12.50 $20
Get More Done
Collaboration Tools Email, Groups, Teams, Yammer
Online Meetings & HD Conferencing IM, Meetings, Audio & Video Conferencing
Online Document Storage OneDrive for Business
Content Creation Client Office apps on PC, Mac, Android & iOS
Build Your Business
Customer Management Lightweight CRM, Bookings, Listings, Connections
Business and Expense Management Invoicing, MileIQ, Business Center
Safe Guard Your Business
Simplified Device Setup Windows Auto-pilot, Automatic Office Install
Device Management Intune MDM for Windows, MacOS, iOS & Android
Windows Management and Advanced Device Security Enabling management of Win 10 Pro, BitLocker encryption, Upgrade rights to Windows 10 Pro for 7/8.1 Pro licenses
Data Security and Policies Selective data wipe, Azure Information Protection P1+, Intune app protection
Email and Document Security Data Loss Prevention*+, Office 365 ATP+, Exchange Online Archiving, Litigation Hold, eDiscovery
*Data Loss Prevention Features will be available Summer 2018 +Office client support for ATP, DLP, and Information Protection features will be available summer 2018
Comparison of Microsoft 365 Business and Office 365 Business Premium
14
• Identify, Classify and Label Office files to define ongoing rolebased usage
Azure Information Protetion
• Assign specific rights to your files before sharing them to stay in control
Azure Rights Management
• Ransomware / Malware Protection for your inbox based on a powerful mail proxy
Office 365 ATP
• complete MDM + Windows Device Management, known for its ease of use and vast amount of use cases
Microsoft Intune
•Exploit Guard Controlles Folder Access (CFA)
•Exploit Guard Attack Surface Reduction (ASR)
•Exploit Guard Network Protection Major feature expansion for Windows Defender
Microsoft Exploit Guard
Product Updates (Official Go Live 30rd of April, full AIP client integration in Summer 2018)
Microsoft 365 Business Update
15
• Mixed Device Infrastructure, different OS version deployed (e.g. Win 7, Win 8 / 8.1)
• Devices are to new to be refreshed
OS Upgrade Scenarios
• Old devices in use
• New devices should be deployed with an feature rich OS (Windows 10 Business / Windows 10 Enterprise)
Device Refreshments
Mixed IT infrastructure
Issue: Hard to maintain, expensive, ineffective
Upgrade / Consolidation Approach
Business Outcomes:
-
Infrastructure will be easy to
manage
-
every user will can be
educated to the same IT User level
-
cost effective in the long
run
16
MSP Approach
Value, Growth and Stickiness
Own IP
Strong Toolkit
Transformed Mindset
Managed Service Transformation Mind-Set The modern IT reseller is facing big challenges and changes.
Innovation cycles get tighter, new technology is available on a daily basis and the creation of unique selling points is more important, than ever before. Creating unique selling points will be the key to offer an outstanding business to end customer businesses.
Managed Device
- Deploy devices remotely
- create a device as a service offering,
combined with M365
- Remote servicing (software deployment, update management,
etc)
Managed Security
- Help customers to build and maintain security
policies
- Support reseller on reporting and analyzing
- Support on GDPR*
*M365 Only helps IT to support their company to
comply with GDPR
Managed Emailing
- Provide safe email eco-system
- Include archiving for compliancy (retention
time)
- Secure the inbox
Possible IP: Own Services based on:
17
Add your services to Microsoft 365 Business
Pro
fita
bili
ty
This page highlights typical services that partners add on to their sales of Microsoft 365 Business.
Review and select the services that are applicable to your offerings and customers.
Microsoft 365 Business Suggested Revenue $20 user/month
One-time project services Typical
Revenue
Typical
Margins
Premium Cloud Roadmap
Development &
Deployment
$35 - $70/ user 35-40%
Advanced IT Security Audits $20 - $30/ user
Basic Initial Setup &
Migration
$35 - $50/ user
Total price for offering all of the
above project services
$90-$150/user
Recurring managed services Typical
Revenue
Typical
Margins
Premium Key business process automation using flow & power apps
Desktop as a service (hosted desktop, virtual workspace, application management)
BI-driven automated dashboards (incidents logged, threats prevented)
Simplified control panels
$25 - $50
user/month
40-50%
Device as a service (hardware support) $75
user/month
Advanced Cyber-attack threat monitoring & prevention (virus, malware, ransomware, phishing, spam)
Endpoint security monitoring and remediation (laptops, PC’s, tablets, mobile phones)
Security protocol compliance monitoring, management, and remediation
Security admin based on remote portal score, and remote portal support
Automated archiving, compliance monitoring and remediation
Corrupt device quarantining and download prevention
BYOD control
Encryption monitoring and remediation
$15 - $25
user/month
Backup and DRaaS $10
user/month
Basic Help desk and remote user support (chat, phone, Skype)
Remote device monitoring and management
Identity & access (AD) monitoring, management and remediation
E-learning (online, self paced)
$10 - $15
user/month;
Total price for offering all of the above managed services $125-$175
user/month
Note: revenue and margins levels are typical for European and North American Partners interviewed, and may vary depending on local market conditions.
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Microsoft 365 Business is ideal for SMBs under 300 users
Customer targeting guidance for small to midsize businesses
Customers who value
• Best in class Productivity & Collaboration Tools
• Being on latest, up to date software
• Protection from cyber threats like phishing, spam, unseen Malware
• Easy device setup & management
• Protection of company data across personal & company owned devices
• Convenience of a single subscription that provides productivity + business apps + security
Customers who need
• Productivity & Collaboration across devices (Win, Mac, iOS, Android)
• Compliance features (Eg. SMBs in regulated industries like Healthcare, Insurance etc)
• Data Protection of sensitive information (Eg. Customer Credit Card Numbers etc)
• Need to control & manage access to Business information
• Preservation and backup
• Device Management
Customers who have
Compelling events
• Windows Server replacement
• Small Business Server replacement
• Windows 7 EOS
• Hardware/ Software refresh
• Offices in Multiple locations
• Experienced Data breach or Cyber attacks(Ransomware)
• To comply with regulation
• To comply with litigation requirements
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Protect personal data - GDPR
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Mit dem Ziel, personenbezogene Daten (Informationen) aller zu schützen, müssen Unternehmen (und Regierungen) gleichermaßen wertvolle Zeit und Ressourcen in Ihre Bemühungen investieren: Sie müssen definieren, wie: personenbezogene Daten erlangt, vorgehalten und verarbeitet werden physische und digitale Sicherheitsmaßnahmen ergriffen und unterhalten werden Pflege von notwendigen Dokumentationen im Bezug auf Einwilligung, berechtigtes Interesse, etc. Koordination von sicherer Zerstärung der Daten Risikomanagement Meldung wenn Daten “abhanden” gekommen sind (“Breach”)
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Mit dem Ziel, personenbezogene Daten (Informationen) aller zu schützen, müssen Unternehmen (und Regierungen) gleichermaßen wertvolle Zeit und Ressourcen in Ihre Bemühungen investieren: Sie müssen definieren, wie: personenbezogene Daten erlangt, vorgehalten und verarbeitet werden
physische und digitale Sicherheitsmaßnahmen ergriffen und
unterhalten werden Pflege von von notwendigen Dokumentationen um Bezug auf Einwilligung, berechtigtes Interesse, etc Koordination von sicherer Zerstärung der Daten Risikomanagement Meldung wenn Daten “abhanden” gekommen sind (“Breach”)
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Zu 80% besteht GDPR (DSGVO) aus den Formalvorgaben zu beschreiben, wie und warum Daten erlang werden und was wir mit ihn tun, solange wir sie haben. Jedoch sollten alle Security Ausgaben gegen Geschäftsziele und durch notwendigen Schutz gerechtfertigt sein, nichtg aufgrund von juristischer Normen. Es gibt keine Cyber Versicherung die for Verlust von Reputation, oder Pönalen durch Datenlecks schützt. Jeder Security Hersteller der “GDPR Compliance” anbietet, erzählt nicht die komplette Story. GDPR (DSGVO) ist zu80% juristische und prozessuale Arbeit durch den Endkunden, zu 20% “Security” durch den Reseller.
23
Microsoft Azure Information Protection
24
FINANCE
CONFIDENTIAL
SENSITIVITY LABELS PERSIST WITH THE DOCUMENT
Document labeling – what is it? Metadata written into document files
Travels with the document as it moves
In clear text so that other systems such as a DLP engine
can read it
Used for the purpose of apply a protection action or data
governance action – determined by policy
Can be customized per the organization’s needs
Information Protection / Rights Management
25
Labels are persistent and readable by other systems e.g. DLP engine
Label is metadata written to data
Sensitive data is automatically detected
CLASSIFICATION & LABELING EXAMPLE – SENSITIVE DATA Discover personal data and apply persistent labels
Information Protection / Rights Management
26
a DETECT SENSITIVE INFORMATION
CLOUD & SaaS APPS
MCAS
AIP scanner
Wie funktioniert das?
27
Retention
Retain content in sites, mailboxes, and public folders
indefinitely or for a specific duration
In-place
Data remains in its original location in Office 365 and
users can continue to work with their documents or
mail, but a copy of the content as it existed when you
initiated the policy is preserved
Delete data
A retention policy can both retain and then delete data,
or simply delete old data without retaining it
AUTOMATICALLY RETAIN AND DELETE DOCUMENTS IN OFFICE 365 WITH DATA GOVERNANCE
Information Protection / Rights Management
28
Microsoft Azure Rights Management
User browses
to a website
User runs a
program
Office 365 ATP Email protection
User receives
an email
Opens an
attachment
Clicks on a URL
+
Windows Defender ATP End Point protection
Brute force
an account
Reconnaissance
Lateral
Movement
Domain
Dominance
Azure ATP Identity protection
!
!
!
Exploitation Installation
Command and
Control channel
C:\
Maximale Erkennungsabdeckung während der Angriffsphasen
30
31
Microsoft Advanced Threat Protection (for exchange)
Microsoft ATP
Cloud Hosted On Premise Hybrid
Protect hosted mailboxes Protection of all hosted mailboxes with filtering, anti spoof, safe links and zero day exploit detection
ATP Filtering without HW requirements Exchange 2013 and legacy support Smtp mail solution support
Protect messaging Environment (on prem & cloud hosted) Mail routing Between on prem & hybrid Inbound filtering
Business impact for the endcustomer • Enterprise grade email security • Dramatic decrease in malware infections, hijacked accounts and phished user
credentials • Quick setup, easy to manage interface • No impact on user performance
Deliver the added value in services to the end customer • SafeLinks proactively protects users again malicious hyperlinks in messages • Safe attachments protect users against unknown malware (zero day
exploits) • Spoof detection helps to detect unrightfully usage of organization domains • Quarantine Services send suspicious mails directly into a safe quarantine
folder, for further review by authorized users
Added value from Tech Data
• Technical support on M365 and Azure Services • Excellent sales support • Sales + technical training and workshops to support go to market for resellers • Online marketplace and pay as you go model in CSP, billing and analyzing
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Compliance Manager
Manage your compliance in one place
View your compliance posture against
evolving regulations in real-time
Take recommended actions to improve
your data protection capabilities
Conduct pre-audits to prepare for
external audits
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Replace passwords with an easy to
use, strong credential
Enable Multi Factor Authentication
to restrict access to content
Data Loss Prevention Policies
Information Protection & Manual
Classification with AIP Plan 1
Mobile Device Management with Intune
Message Encryption
Exchange Online Protection
Advanced Threat Protection:
Safe Links, Safe Attachments
Windows Defender Exploit Guard
Identity and
access management
Information
protection
New security value | Safeguard your business Protecting personal data at the identity, document, and network levels
Threat
protection
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Identity as the control plane
On-premises
Windows Server Active Directory
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Identity as the control plane
On-premises
Windows Server Active Directory
VPN
BYO
SaaS Azure
Cloud
Public cloud
Customers
Partners
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Identity as the control plane
On-premises
Windows Server Active Directory
VPN
BYO
Microsoft Azure Active Directory
Azure
Cloud
Public cloud
Customers
Partners
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Customers
Azure AD as the control plane
On-premises
Partners
Azure
Cloud
Public cloud
Microsoft Azure Active Directory
BYO
Windows Server Active Directory
SpyCloud Account Takeover / Breach Protection
Bernd Bilek Leiter Business Development & Presales - Security Solution Practice & Mobility
39
Definition
Breach = Datenpanne / Datenleck
Als Datenpanne oder Datenleck bezeichnet man einen Vorfall, bei dem
Unberechtigte Zugriff auf eine Datensammlung erhalten.
Breach – ein Buzz-Wort – doch wie ist die genaue Definition
40
https://www.security-insider.de/26-milliarden-gestohlene-datensaetze-in-2017-a-707310/
Anstieg bei ATO’s
41
https://www.it-business.de/nach-sicherheitspanne-bei-twitter-passwortaenderung-empfohlen-a-712470/?cmp=nl-43&uuid=536A0FAC-D35D-465D-9417C6DC355BC14C
Anstieg bei ATO’s
42
Weshalb der Anstieg bei ATO’s? (Account Take Over)
Weil es einfach ist! • Erstellen einer Combo-Liste geht aufgrund der Vielzahl
an öffentlichen und privaten Breaches schnell • Open Source Software steht technisch weniger
bedarften Akteuren schnell zur Verfügung • Kriminelle ohne technische Kenntnisse kaufen die
Accounts online sehr billig
Weil es wirkungsvoll ist!
• Verizion 2017 DBIR zeigt das als #1 Bedrohung um finanziellen Gewinn zu machen.
• Combo-Listen haben eine Erfolgsquote von 2%. Daraus ergeben sich hunderttausende von gültigen Accounts täglich*
Weshalb der Anstieg bei ATO’s
43
Anatomie eines Account Takeover Attacks
44
Das Problem
Das Problem
• Weiß Ihre Organisationen ob Firmen-Credentials von den Angriffen
betroffen sind?
• Können Sie feststellen ob und wo im Darknet sich die Informationen
befinden?
45
Die Methoden
Die Methoden
• Phishing
• Vishing
• Pharming
• Whaling
• Resumes Online
• Social Security No.
• Dumpster Diving
• Mailbox Theft
• Pretexting
• Shoulder Surfing
• Social Networks
• File- & P2P Sharing
• Bogus job offers
• Hacking
• Lost / Stolen Property
• 3rd Party persons
• Changing of address
• Copy Informations
• RFID Readers
• Credit Reports
• Faking Alliance
• Faking Emergency
• Fake HealthCare
• Fake Lotteries
46
Erfolgsanalyse über Account Diebstahle
Credentials: Gestohlen 2017
1,095
1,031
980
847
841
Hacking: Use of stolen creds
Malware: Export data
Malware: C2
Social: Phishing
Malware: Spyware/keylogger
Incident Count
Source: Palo Alto’s 2017 Report “Credential-Based Attacks”
47
Die Lösung
Die Lösung
Breach Discovery & Alarmierung
SpyCloud benutzt eigene Technologien und
Techniken um gestohlene, digitale Werte im
Web zu finden und zu erkennen. SpyCloud
hilft Kunden sich vor weiteren Schäden zu
schützen und diese abzuschwächen.
48
SpyCloud forensischer Fokus
• Verdeckte Quellen - In einem „closed network“ interagieren wir über verdeckte Kanäle mit dem Angreifern. Der Angreifer denkt, dass wir zu Seinesgleichen gehören. Über diese verdeckten Kanäle erlangen wir Zugriff zu deren gestohlenen Informationen. Eine Information aus dieser Quelle ist häufig kritisch und zeitsensibel.
• Private Quellen – Wir erlangen Zugang zu den gestohlenen Informationen, indem wir mit den Gegnern in geschlossenen, nicht öffentlichen Foren interagieren. In geheimen Untergrund Foren handeln oder verkaufen die Diebe ihre Informationen. Eine Information aus diesen Quellen ist immer eilig und kritisch.
Spycloud forensischer Fokus
49
SpyCloud Lösung
Spycloud Lösung
50
Erkennen & Benachrichtigen
wenig/ keine Security Mitarbeiter
Bedarf an einer einfachen Lösung
Self Service Aktivierung
Eignet sich für Firmen jeder Größe
Schützt des Kunden, Kunden
Integration in bestehende Infrastrukturen
Nutzen Sie SFTP oder APIs für unsere Kunden, um ihre Kunden zu schützen
Jährliche Subscription
Erkennen & in SOC integrieren
Mit eigenen Security Mitarbeitern
Verwendet vorhandene SOC Tools
Jährliche Subscription
Zugriff auf APIs
Nahtlose Integration von operationalisieren Daten
SpyCloud Use Cases
MSP Modell
MSP ist für diesen Prozess zentral
SpyCloud verschickt die Alarme an den MSP
MSP hilft Endkunden wieder herzustellen / zu sanieren
Jährliche Subscription
Bezahlung je geschützter Mailadresse per Monat
SpyCloud Use Cases
51
Use Case – SpyCloud & AD ATO Integration
Passwort zurücksetzen
Der Spycloud
Active Directory
Monitor lädt
„abgewanderte“
Anmeldeinforma
tionen runter –
immer im Bezug
auf die
Endkunden-
domäne.
Die Anmelde-
informationen
(Mailadresse/
Password)
werden gegen
das AD geprüft,
ob ein Nutzer
auch aktiv ist
Sofern die
Nutzer aktiv
sind, wird
geprüft ob die
Kombination zu
einem
erfolgreichem
Anmeldevor-
gang im AD
führt
Sollte das Passwort
übereinstimmen,
wird das „reset
Password flag“
gesetzt. Somit wird
ein weitere
Missbrauch
verhindert.
Optional: Eine E-Mail
wird im Namen des
Administrators an den
Benutzer gesendet –
die Situation wird
dargestellt und
zugleich die
Information gefiefert,
wo das Password das
erste mal „gsehen“
wurde.
52
SpyCloud Unterscheidungsmerkmale Bestehende Lösungen konzentrieren sich auf große Unternehmen, sind komplex, verwirren mit
überlappenden Funktionen, sind sehr teuer und liefern keine eindeutige und sachdienliche Anleitung
• Vorhandene Lösungen verlassen sich überwiegend auf Scanner Ergebnisse. Die von SpyCloud gesammelten Daten können von Scannern nicht gefunden werden
• Vorhandene Lösungen erstellen einen Report und verkaufen diesen an viele Kunden. SpyCloud Ergebnisse sind IMMER kundenspezifisch!
• Vorhandene Lösungen sind sehr teuer. SpyCloud Subscription ist für jede Unternehmensgröße erschwinglich. • Vorhandene Lösungen bieten Credential Updates für bekannte, öffentliche Breaches. SpyCloud hat diese Daten ebenfalls – PLUS zusätzliche, eindeutige und kundenspezifische Daten, welche SpyCloud zusammenfasst und auswertet.
SpyCloud Unterscheidungsmerkmale
53
Initialer Breachreport
54
SpyCloud Dashboard Überblick
Mobil +49 175 7270 345 Tel. +49 89 4700 1434 E-mail: [email protected]
Vielen Dank für ihre Zeit und ihr Interesse…
Bernd Bilek Leiter Business Development & Presales - Security Solution Practice & Mobility