Identity Onpremises Devices Apps Data Onpremises Combined Microsoft
Identity On-premises Devices Apps Data
On-premises
Combined Microsoft Stack: Maximize detection coverage throughout the attack stages The Microsoft Security Model
Combined Microsoft Stack: Maximize detection coverage throughout the attack stages The Microsoft Security Model User receives an email Opens an attachment Clicks on a URL Office 365 ATP Email protection User browses to a website User runs a program Exploitation
Combined Microsoft Stack: Maximize detection coverage throughout the attack stages The Microsoft Security Model User receives an email Opens an attachment Clicks on a URL Office 365 ATP Email protection User browses to a website User runs a program Exploitation Installation C&C channel Windows Defender ATP End Point protection
Combined Microsoft Stack: Maximize detection coverage throughout the attack stages The Microsoft Security Model User receives an email Opens an attachment Clicks on a URL Office 365 ATP Email protection User browses to a website User runs a program Brute force an account Exploitation Installation C&C channel Windows Defender ATP End Point protection Reconnaissance Lateral Movement Domain Dominance
Combined Microsoft Stack: Maximize detection coverage throughout the attack stages The Microsoft Security Model User receives an email Opens an attachment Clicks on a URL Office 365 ATP Email protection User browses to a website User runs a program Brute force an account Exploitation Installation C&C channel Windows Defender ATP End Point protection Reconnaissance Lateral Movement Azure ATP Identity protection Domain Dominance
Detect advanced attacks in your on-premises, cloud and hybrid environments Azure ATP APPS
! 1 Collect 2 • Port Mirroring or Sensor on DC • L 7 Deep Packet Inspection (DPI) • Hybrid data&sources Analyze Learn 3 • Self-learning and profiling technology • Patented IP resolution mechanism • Unlimited scale powered by Azure Detect 4 Azure ATPSENSOR AD ADFS APPS HR SIEM • Abnormal behavior and suspicious activities • Real-breach oriented research Alert & Investigate • Microsoft Intelligence • Intuitive attack timeline • Quick triaging of alerts • Investigate via the dedicated Profile Page or Windows Defender ATP
Detect advanced attacks in your on-premises, cloud and hybrid environments Azure ATP APPS
http: //aka. ms/azureatp
https: //myignite. microsoft. com/evaluations https: //aka. ms/ignite. mobileapp
- Slides: 23