Attack services are cheap Highest average price Exploit kits: Zero-days: Ransomware: Loads (compromised device): Spearphishing services: Compromised accounts: Breaching services on a per job basis: Denial of Service: Attack services are cheap Zero-days: Price: $5,000 to $350,000 Exploit kits: Price: $1,400 per month Ransomware: Price: $66 upfront or 30% of the profit (affiliate model) Loads (compromised device): Price: PC - $0.13 to $0.89 Mobile - $0.82 to $2.78 Spearphishing services: Price: $100 to $1,000 per successful account take over Compromised accounts: Breaching services on a per job basis: Price range: $250 or much more Denial of Service: Price: $766.67 per month https://aka.ms/CyberHygiene Agenda What is Azure Security compass? Extensive Visualizations aka.ms/AzureSecuri tyArchitecture aka.ms/AzureSecuri tyCompass aka.ms/AzureSecuri tyCompass-Videos Visibility Across Your Estate with Secure Score NEW (Private Preview) – Percentage based reporting for easier tracking/benchmarking NEW (Private Preview) – Recommendation Grouping for Clarity (attack vectors/security controls) Top 10 Best Practices Best Practices 1 - 5 1 2 3 4 5 Operationalize Secure Score for cleaning up risk Passwordless or MFA for admins Enterprise segmentation & Zero Trust preparation Enable Threat Protection for Azure Resources Follow guidance to secure your DevOps Best Practices 6 - 10 6 7 8 9 10 Assign and Publish Roles/ Responsibilities Choose Firewall Strategy Implement Web Application Firewalls Choose DDoS Mitigation for Critical Apps Consider Retiring Legacy/Classic Technology Calls To Action Follow Best Practices Learn More aka.ms/AzureSecurityCompass-Videos aka.ms/AzureSecurityCompass aka.ms/AzureSecurityArchitecture Share Provide Feedback https://aka.ms/SecurityCommunity https://aka.ms/MicrosoftSecurityPreviewProgram 1 Operationalize Secure Score SUGGESTED PROCESS OWNERS OPERATIONALIZE AZURE SECURE SCORE Monitor Secure Score Improve Score Area Compute and Apps Resources • Vulnerability Management (or Governance/Risk/Compliance team) Responsible Technical Team App Services ▪ Application Development/Security Team(s) Containers ▪ Application Development and/or Infrastructure/IT Operations VMs/Scale sets/compute ▪ IT/Infrastructure Operations NOTE: Each DevOps team may be responsible for their application resources Gamify the activity if possible to increase engagement. https://docs.microsoft.com/ en-us/azure/security-center/ security-center-secure-score Important: The score you see depends on which subscriptions you have permission to Data & Storage Resources SQL/Redis/Data Lake Analytics/Data Lake Store ▪ Database Team Storage Accounts ▪ Storage/Infrastructure Team Identity and Access Resources Subscriptions ▪ Identity Team(s) Key Vault ▪ Information/Data Security Team Networking Resources ▪ Networking Team ▪ Network Security Team IoT Security ▪ IoT Operations Team 2 CRITICAL BEST PRACTICES https://channel9.msdn.com/events/Ignite/Microsoft-Ignite-Orlando-2017/BRK3016 http://aka.ms/HelloForBusiness https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authenticationphone-sign-in https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates Note: Text Message based MFA is now relatively inexpensive for attackers to bypass, so focus on passwordless & stronger MFA http://aka.ms/secureworkstation 3 Enterprise segmentation & Zero Trust preparation Public IP Monitor for Attacks 4 Monitor for Potential Attacks ▪ VMs on Azure (Windows, ▪ ▪ ▪ ▪ Linux, and Installed Applications) VMs on 3rd party clouds and IaaS Azure Container and Azure Kubernetes Services (AKS) Azure SQL Database and Azure SQL Data Warehouse Azure Storage Accounts ▪ Azure Cosmos DB ▪ SQL Server running on IaaS ▪ ▪ ▪ ▪ VMs IoT Devices On-premises servers (via Windows Admin Center (WAC)) Azure App Service And more… As Required, Export to or integrate with your SIEM / analytics 5 FOLLOW DEVOPS SECURITY GUIDANCE https://azsk.azurewebsites.net/ https://www.owasp.org/index.php/OWASP_AppSec_Pipelin e#tab=Main Securing DevOps: Integrate security into the process Reduce risk natively in Continuous Integration / Continuous Delivery (CI/CD) with real-time developer guidance, build checks, and more Regular risk reduction and governance activities like Threat modelling, Training, etc. Monitoring and Response processes to ensure cl