AzureBootcamp2023: The immutable laws of security by Miru & Al

Transcript

1. None

2. The immutable laws of security Michael Rüefli aka Miru Alain

   Schneiter aka Al

3. Michael Rüefli Partner | Solutions Architect scopewyse GmbH [email protected] www.miru.ch

   @drmiru drmiru About me | Tech Azure Cloud Platform & Security Security in focus, MCT (Microsoft Certified Trainer) Community worker About me | Private Father, Husband, Skydiver, Skier

4. Alain Schneiter Partner | Solutions Architect scopewyse GmbH [email protected] blog.alschneiter.com

   @alschneiter alschneiter About me | Tech Microsoft MVP Security Microsoft Certified Trainer About me | Private Community worker, Biker, Skier and World traveler

5. Agenda ▪ Who is scopewyse? ▪ 10 immutable laws of

   security ▪ Watch out the swag! ▪ Q&A
6. None

7. TEAM ▪ Alain ▪ Rachel ▪ Marc ▪ Martin ▪

   Marco ▪ David ▪ Michael

8. Our mission We support our customers with tailored services using

   modern Microsoft cloud solutions to gain traction, security and speed on their transformation journey

9. Our focus Cloud Security We follow the Zero Trust principle

   using the combined security features from Microsoft Azure and Microsoft 365 Cloud Platform Microsoft Azure is our selected platform for your critical business applications, whether they are IaaS, or PaaS or microservice based Modern Work A modern workplace, optimized for security, automated delivery and user experience at the same time

10. 10 immutable Laws of Cybersecurity Risk

11. Security success is ruining the attacker ROI Not keeping up

    is falling behind Productivity always wins Attackers don't care Ruthless Prioritization is a survival skill … first 5 laws

12. Cybersecurity is a team sport Your network isn’t as trustworthy

    as you think Isolated networks aren’t automatically secure Encryption alone isn’t a data protection solution Technology doesn't solve people and process problems … 5 more!

13. LAW 2 Not keeping up is falling behind

14. Not keeping up is falling behind What is your cybersecurity

    strategy? Did you adopt account tiering? How about patching…? Yes still required! Who is monitoring your security platform? And anything else that changes over time…!

15. A snapshot of Microsoft landscape… Scope and scale of threat

    landscape The volume of password attacks has risen to an estimated 921 attacks every second – a 74% increase in just one year. Dismantling cybercrime To date, Microsoft removed more than 10,000 domains used by cybercriminals and 600 used by nation state actors. Addressing vulnerabilities 93% of our ransomware incident response engagements revealed insufficient controls on privilege access and lateral movement Source: Microsoft Digital Defense Report 2022

16. Short DEMO «Updates Management»

17. LAW 3 Productivity always wins

18. Productivity always wins Is your security easy for your users?

    Can they report suspicious emails easily? Are you aware of your shadow-IT? Can you block data exfiltration? Users will find ways to work!

19. Short DEMO «Defender for Cloud Apps»

20. LAW 6 Cybersecurity is a team sport

21. Cybersecurity is a team sport No one can do it

    all alone Focus on what you can do (Protect) Others can also do things, share responsibility Use a professional SOC Service Work with security vendors, cloud providers & community – or …

22. Do you think you can handle this by your own?

23. Watch out for the swag! Easy: How many employees does

    scopewyse have? Guess: How much percent of attacks are based on fishing compared to malicious websites or infected removable media? Microsoft Defense Report 2022: How many passwords attacks are estimated per second?

24. QUESTIONS & MAYBE ANSWERS LULZ !

25. None