Add to collection(s) Add to saved
  1. No category
Uploaded by pj.walczak

microsoft-cybersecurity-reference-architectures

advertisement 
Microsoft Cybersecurity Reference Architectures (MCRA)
aka.ms/MCRA
Zero Trust and Related Topics
aka.ms/MCRA
Security Guidance
CEO
Securing Digital
Transformation
Business Leadership
CIO
May 2021 - https://aka.ms/MCRA
Business and Security
Integration
CISO
Technical Leadership
Architects & Technical Managers
Implementation
Cloud Adoption Framework (CAF)
Security Strategy,
Programs, and Epics
Architecture and
Policy
Microsoft Cybersecurity
Reference Architectures (MCRA)
Technical Planning
Microsoft Security
Documentation
Implementation
Azure | Microsoft 365
Product Docs
https://aka.ms/markslist
Initiative Planning/Execution
Azure Security
Benchmark
Zero Trust
Ransomware
Privileged
Access
Well Architected Framework
(For Azure Workload Owners)
@MarkSimos
Azure
Top 10
Key Industry References and Resources
https://www.opengroup.org/forum/security
Zero Trust Core Principles - https://publications.opengroup.org/security-library/w210
https://www.nist.gov/cyberframework
Zero Trust Architecture - https://www.nist.gov/publications/zero-trust-architecture
https://www.cisecurity.org/cis-benchmarks/
Managing Information\Cyber Risk
May 2021 - https://aka.ms/SecurityRoles
Security responsibilities or “jobs to be done”
Information Risk Management
Program Management Office (PMO)
Supply Chain Risk (People, Process, Technology)
Posture Management
Incident
Preparation
Incident
Response
Incident
Management
Threat
Hunting
https://aka.ms/SecurityRoles
https://aka.ms/azuresecuritytop10
https://aka.ms/benchmarkdocs
https://aka.ms/sparoadmap
Azure Sentinel – Cloud Native SIEM, SOAR, and UEBA for IT, OT, and IoT
Azure
& 3rd party
clouds
Endpoint
& Server/VM
Office 365
Email and Apps
Identity
Cloud &
On-Premises
https://aka.ms/MCRA
SaaS
Microsoft Cloud
App Security
Other Tools,
Logs, and
Data
Sources
Security Documentation
Microsoft Best Practices
Top 10
Benchmarks CAF WAF
Azure Active Directory
Azure Security Center – Cross-Platform Cloud Security Posture Management (CSPM)
Discover
Monitor
Classify
Protect
Azure AD App Proxy
Beyond User VPN
Azure Key Vault
S3
B2B
B2C
Azure Backup
Security & Other Services
GitHub Advanced Security – Secure development and software supply chain
https://aka.ms/MCRA
S3
https://aka.ms/MCRA
S3
On-Premises
IaaS
PaaS
Key cross-platform and multi-cloud guidance
Microsoft Defender for Endpoint for Linux
Azure security solutions for AWS
Azure AD identity and access
management for AWS
Multi-cloud & hybrid protection in Azure Security Center
New!
New!
New!
Azure Arc
Defend across attack chains
https://aka.ms/MCRA
Defender for
Endpoint
Defender for
Office 365
Phishing
mail
Azure AD
Identity Protection
Open
attachment
Click a URL
Microsoft Cloud
App Security
Exploitation
and Installation
Command
and Control
Defender for
Identity
Exfiltration
of data
Attacker accesses
sensitive data
Brute force account or use
stolen account credentials
User account is
compromised
Attacker collects
reconnaissance &
configuration data
Domain
compromised
Browse
a website
Azure Defender
History of violations
Attacker attempts
lateral movement
Leading
indicators
Privileged account
compromised
Insider risk
management
Data
leakage
Distracted and careless
Disgruntled or disenchanted
Subject to stressors
Insider has access
to sensitive data
Anomalous
activity detected
Potential
sabotage
Operational Technology (OT) Security Reference Architecture
https://aka.ms/MCRA
Apply zero trust principles to securing OT and industrial IoT environments
Business Analytics
Blended cybersecurity attacks are
driving convergence of IT, OT, and IoT
security architectures and capabilities
Azure Analytics
3rd party
Analytics
IIoT / OT Digital Transformation drivers
• Business Efficiency - Data to enable business agility
• Governance & Regulatory Compliance with safety and other
standards
• Emerging Security Standards like CMMC
Purdue Model
Level 3 – Site Operations
Control & monitoring for physical site
with multiple functions (e.g. plant)
Level 2 – Supervisory Control
IoT Hub, PowerBI, Azure Edge,
Digital Twins, and more
Safety/Integrity/Availability
Confidentiality/Integrity/Availability
•
•
•
•
Hardware Age: 50-100 years (mechanical + electronic overlay)
Warranty length: up to 30-50 years
Protocols: Industry Specific (often bridged to IP networks)
Security Hygiene: Isolation, threat monitoring, managing vendor
access risk, (patching rarely)
Hardware Age: 5-10 years
Warranty length 3-5 years
Protocols: Native IP, HTTP(S), Others
Security Hygiene: Multi-factor authentication (MFA), patching, threat monitoring, antimalware
Business Analytics
NETWORK
TAP/SPAN
Sensor(s) + Analytics
Plant security console
Electronics controlling or monitoring
physical systems
©Microsoft Corporation
Azure
•
•
•
•
TLS with mutual
authentication
Business Analytic Sensor(s)
Level 1 – Basic Control
S A F E T Y
Azure Sentinel
• Native plug-in for Azure Defender for IoT
• Native OT investigation & remediation playbooks
• Correlation with other data sources and
Strategic Threat intelligence (attack groups & context)
Information Technology
(IT) Environments
(optional)
Physical machinery
3rd party
Analytics
Operational Technology
(OT) Environments
Monitoring & Control for discrete
business functions (e.g. production line)
Level 0 – Process
Security Analytics
Cloud
Environments
Isolation and Segmentation
Internal
segmentation
As business
processes allow
Hard Boundary
Soft(ware) Boundary
Physically disconnect
from IT network(s)
People, Process, and Tech (network
+ identity access control, boundary
patching and security hygiene)
Cloud Connection (OPTIONAL)
Azure Defender for IoT
 Manager
 Security Console
3rd party SIEM
Transform with Zero Trust Principles
Purdue model assumed static site/enterprise model
• Datacenter Segments – Align network/identity/other
controls to business workloads and business risk
• End user access - Dynamically grant access based on explicit
validation of current user and device risk level
S Y S T E M S
Zero Trust Principles - Assume breach, verify explicitly, Use least privilege access (identity and network)
Why are we having a Zero Trust conversation?
3. Assets increasingly leave the network
• BYOD, WFH, Mobile, and SaaS
4. Attackers shift to identity attacks
• Phishing and credential theft
• Security teams often overwhelmed
Zero Trust
Microsoft Zero Trust Principles
Verify explicitly
Always validate all available data
points including
• User identity and location
• Device health
• Service or workload context
• Data classification
• Anomalies
To help secure both data and
productivity, limit user access using
• Just-in-time (JIT)
• Just-enough-access (JEA)
• Risk-based adaptive polices
• Data protection against out of
band vectors
Minimize blast radius for breaches
and prevent lateral movement by
• Segmenting access by network,
user, devices, and app awareness.
• Encrypting all sessions end to
end.
• Use analytics for threat detection,
posture visibility and improving
defenses
User
Groups/Role
Location
Microsoft
Azure AD
Privileges
Session risk
User Risk
Device
Managed or BYOD
Health & compliance
Device risk
Type and OS version
Microsoft
365 Defender
Microsoft
Defender for
Endpoint
Security &
Compliance
Policy Engine
Microsoft
Cloud App
Security
Microsoft
Endpoint
Manager
Encryption status
aka.ms/zerotrust
Microsoft
Information
Protection
Azure Sentinel
Zero Trust User Access
https://aka.ms/MCRA
Security &
Compliance
Policy Engine
Conditional Access App Control
Zero Trust Resources
aka.ms/zerotrust
aka.ms/zerotrust
aka.ms/ZTbizplan
aka.ms/ztguide
• Zero Trust: Security Through a Clearer Lens session (Recording | Slides)
• CISO Workshop Slides/Videos
• Microsoft’s IT Learnings from (ongoing) Zero Trust journey
•
Normalization of remote work
•
Rapidly evolving partnerships and competitors
•
Rapidly changing communication patterns
•
Evolving national interests and regulations
APIs
•
Automated Policy Enforcement - to address
changing processes and models in an agile manner
at minimum cost
•
Adaptive identity management - to respond to
rapidly changing roles, responsibilities and
relationships
•
Data-centric and asset-centric approaches – to
o Better focus security resources by limiting the
scope of what to protect (via trusted zones,
tokenization, or similar approaches)
o Better monitor assets and respond to threats
regardless of network location.
Zero Trust Components
Enable flexible business workflows for the digitized world
Digital Ecosystems
Data/Information
APIs
Apps & Systems
Secured Zones
Zero Trust Core Principles
Business Strategy and Organizational Culture – Shapes Zero Trust Strategy and Priorities
Organizational Value and Risk
1. Modern work enablement
2. Goal alignment
3. Risk alignment
Guardrails and Governance
4. People Guidance and Inspiration
Technology
8. Asset-centric security
Security Controls
9. Least privilege
5. Risk & Complexity Reduction
6. Alignment & Automation
10. Simple and Pervasive
7. Security for the Full Lifecycle
11. Explicit trust validation
Zero Trust
Core Principles
ORGANIZATIONAL VALUE AND RISK
1. Modern Work Enablement – Users in organizational ecosystems must be able to work on any
network in any location with the same security assurances.
1. The scope and level of protection should be specific and
appropriate to the asset at risk.
2. Goal Alignment – Security must align with and enable organization goals within the risk
tolerance and threshold.
2. Security mechanisms must be pervasive, simple, scalable,
and easy to manage.
3. Risk Alignment – Security risk must be managed and measured using a consistent risk
framework and considering organizational risk tolerance and thresholds.
3. Assume context at your peril.
GOVERNANCE
4. People Guidance and Inspiration – Organizational governance frameworks must guide people,
process, and technology decisions with clear ownership of decisions, policy and aspirational visions.
5. Risk and Complexity Reduction – Governance must reduce both complexity and threat surface
area.
6. Alignment and Automation – Policies and security success metrics must map directly to
organizational mission and risk requirements and should favor automated execution and reporting.
7. Security for the Full Lifecycle – Risk analysis and confidentiality, integrity, and availability
assurances must be sustained for the lifetime of the data, transaction, or relationship.
TECHNOLOGY AND SECURITY CONTROLS
4. Devices and applications must communicate using open,
secure protocols.
5. All devices must be capable of maintaining their security
policy on an un-trusted network.
6. All people, processes, and technology must have declared &
transparent levels of trust for any transaction to take place.
7. Mutual trust assurance levels must be determinable.
8. Authentication, authorization, and accountability must
interoperate/exchange outside of your locus/area of control.
approaches instead of network-centric strategies) to provide a tailored approach the minimizes productivity disruption.
9. Access to data should be controlled by security attributes of
the data itself.
Least Privilege – Access to systems and data must be granted only as required and removed when no
longer required.
10. Data privacy (and security of any asset of sufficiently high
value) requires a segregation of duties/privileges.
Asset-Centric Security – Security must be as close to the assets as possible (i.e., data-centric and application-centric
10. Simple and Pervasive Security – Security mechanisms must be simple, scalable, and easy to implement and
manage throughout the organizational ecosystem (whether internal or external).
11. Explicit Trust Validation – Assumptions of integrity and trust level must be explicitly validated against
organization risk threshold and tolerance.
11. By default, data must be appropriately secured when
stored, in transit, and in use.
https://aka.ms/MCRA
Align to Mission + Continuously Improve
Responsiveness - Mean Time to Acknowledge (MTTA)
Effectiveness- Mean Time to Remediate (MTTR)
Analysts
and Hunters
Provide actionable security
alerts, raw logs, or both
Partner Teams
IT Operations,
DevOps, & Insider
Threat, and more
Integrating Silos is Challenging
MAPPING CHALLENGES
https://aka.ms/MCRA
How do signals and AI help protect you?
Microsoft Threat Intelligence
Built on diverse signal sources and AI
Microsoft Trust Center
https://aka.ms/MCRA
https://aka.ms/CAF
•
•
•
Microsoft Defender for Endpoint
Automated User Provisioning
Entitlement Management
Access Reviews
Azure AD Identity Protection
•
•
Privileged Identity Management (PIM)
Terms of Use
Microsoft Defender for Identity
Azure Defender - Detections across assets and tenants
Business Critical Assets
Devices/Workstations
Account
Interface
Intermediaries
Intermediaries
Devices/Workstations
Potential Attack Surface
Account
Interface
Asset Protection also required
Security updates, DevSecOps,
data at rest / in transit, etc.
Business Critical Assets
Devices/Workstations
Account
Interface
Intermediaries
Intermediaries
Devices/Workstations
Account
Interface
Attacker’s cost
Levels of security
Business Critical Assets
Typical path of user access
Devices/Workstations
Account
Interface
Intermediaries
https://aka.ms/deploySPA
Machine Learning
(ML)
Data
Applications
& Websites
API
aka.ms/humanoperated
Related documents
Getting Started - Microsoft Azure Platform Academic 150 day Pass.ppt
Getting Started - Microsoft Azure Platform Academic 150 day Pass.ppt
Credible SC-200 practice Test questions
Credible SC-200 practice Test questions
Microsoft Dynamics AX Roadmap - The Partner Connections Event
Microsoft Dynamics AX Roadmap - The Partner Connections Event
Windows Azure Active Directory Overview
Windows Azure Active Directory Overview
What is Machine Learning
What is Machine Learning
OD483 - Getting started with Microsoft Graph Data Connect
OD483 - Getting started with Microsoft Graph Data Connect
Activity 2
Activity 2
Document
Document
Download
advertisement