0% found this document useful (0 votes)
13 views1 page

MSFT Cloud Architecture Security Commonattacks

The document discusses common cyber attack techniques and how Microsoft technologies can help protect organizations. It outlines key stages of attacks like identity theft, data exfiltration, and device compromise. Microsoft offerings like Azure AD, Defender, and Cloud App Security provide capabilities like identity protection, conditional access, anomaly detection, and data loss prevention to help detect and prevent threats.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
13 views1 page

MSFT Cloud Architecture Security Commonattacks

The document discusses common cyber attack techniques and how Microsoft technologies can help protect organizations. It outlines key stages of attacks like identity theft, data exfiltration, and device compromise. Microsoft offerings like Azure AD, Defender, and Cloud App Security provide capabilities like identity protection, conditional access, anomaly detection, and data loss prevention to help detect and prevent threats.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Common Attacks and Microsoft Capabilities

that Protect Your Organization

Type of attack Begin attack Enter Traverse Exfiltrate data

An employee clicks on a link and enters Attacker uses stolen credentials to gain
Identity based their credentials access to the user’s mail and files.
Attacker moves laterally, gaining access to
cloud services and resources in the
Attacker removes data from the
environment.
environment.
Exchange Online Protection protects Azure AD Multifactor Authentication Microsoft 365 Defender: Microsoft Cloud
against spam, malware and other email (MFA) adds a layer of protection to the Identity: Azure AD conditional access rules App Security detects and alerts on anomalous
Broad-based phishing
threats. sign-in process. block access from noncompliant devices and activity for all SaaS apps in your environment,
campaigns
enforce multi factor authentication for access including activity originating from and new
Attacker masquerades Microsoft 365 Defender: Microsoft Azure AD Conditional Access rules block to cloud services. and infrequent locations, suspicious locations,
as a trusted entity, dupes Defender for Office 365 natively access based on risky sign-in, unmanaged new and untrusted devices, and risky IP
employees into opening coordinates detection, prevention, PC, and other criteria that you set. Microsoft Cloud App Security detects and addresses.
emails, texts or IMs. investigation & response across alerts on anomalous activity for all SaaS apps
endpoints, identities, email. Sign-in risk-based Conditional Access in your environment, including activity Microsoft 365 Exchange Email flow rules
represents the probability that a given originating from and new and infrequent prevents auto-forwarding of mail to external
Spear-phishing Microsoft Defender SmartScreen authentication request isn’t authorized by locations, suspicious locations, new and domain
Attacker uses information protects against phishing or Malware the identity owner. untrusted devices, and risky IP addresses.
specifically about a user websites and applications, and Microsoft Information Protection (MIP) helps
to construct a more downloading of potentially malicious files. Microsoft 365 Defender: Microsoft Microsoft Information Protection helps you discover, classify, and protect sensitive
plausible phishing attack. Defender for Identity leverages on- discover, classify & protect sensitive information wherever it lives or travels.
Weak passwords are systematically premises AD signals to identify, detect information.
identified and investigate advanced threats, M365 Data Loss Prevention (DLP) rules
compromised identities, and malicious Insider Risk: Communication compliance prevent sensitive data from leaving the
Password spray Azure AD Identity Protection discovers insider actions. helps minimize communication risks by environment.
Attacker tries a large list of leaked credential and detects password helping you detect, capture, and act on
possible passwords for a spray attacks. inappropriate messages in your organization. Endpoint data loss prevention extends
given account or set of monitoring and protection capabilities of DLP
accounts. Azure AD password protections enforces Insider Risk: Insider Risk Management helps to sensitive items that are stored on Windows
a minimum requirements for passwords, minimize internal risks by enabling you to 10 devices.
dynamically bans common passwords detect, investigate, and act on malicious and
and force resets leaked passwords. inadvertent activities in your organization. Intune mobile device management rules
Other similar attacks prevent business data from leaving approved
Credential stuffing, Azure AD Smart Lockout Insider Risk: Information barriers allow you business apps on mobile devices.
Helps to lock out bad actors that guess to restrict communication and collaboration
leaked passwords.
your password or use brute-force method between two internal groups to avoid a Insider Risk Management helps minimize
to get in. conflict of interest from occurring in your internal risks by enabling you to detect,
organization. investigate and act on malicious activities.

Insider Risk: Privileged access management Azure Purview helps you manage and govern
allows granular access control over privileged your on-premises, multi-cloud, and SaaS data
Malicious files and viruses are An employee clicks on a malicious Exchange Online admin tasks in Office 365. It with automated data discovery, sensitive data
Device based introduced into the environment link or opens a malicious file can help protect your organization from classification, and end-to-end data lineage.
breaches that use existing privileged admin
Microsoft 365 Defender: Microsoft Microsoft Defender Antivirus scans for accounts with standing access to sensitive Azure Technologies provide encryption for
Defender for Endpoint helps prevent, malware, virus, and security threats. data or access to critical configuration discs and storage, SQL Encryption, and Key
Device compromise
detect, investigate and respond to settings. vault.
Malware is installed on the advanced threats. Microsoft Defender Firewall helps secure
device. This can include the device by allowing you to create rules Securing Privileged Access Roadmap is Azure Backup is a service you can use to back
viruses, spyware, ransomware, Microsoft Defender Application Guard that determine which network traffic is guidance to mitigate lateral traversal and up and restore your data in the Microsoft
and other unwanted software for Microsoft Edge helps isolate permitted to enter. credential theft techniques for your on- cloud. This service includes capabilities to
that installs without concent. untrusted sites. You define the trusted premises and hybrid cloud environments. protect your backups from ransomware.
web sites, cloud resources, and internal Windows Defender SmartScreen checks
networks. to see if new apps lack reputation or are Azure Sentinel is a cloud-native security
known to be malicious, and responds information and event manager (SIEM).
accordingly.
Intune device compliance policies define Microsoft Azure Confidential Ledger
criteria for healthy and compliant devices. Protects data at rest, in-transit and in-use
with hardware-backed secure enclaves.
Lost or stolen device Possession is unknown Attacker gains access into the device Microsoft 365 Defender: Microsoft Defender
for Endpoint helps detect, investigate and SQL Database dynamic data masking limits
Microsoft Intune mobile device Windows Hello for Business replaces respond to advanced attacks on your sensitive data exposure by masking it to non-
management (MDM) username and password with strong two- network. privileged users.
enforces password and/or pin factor authentication tied to a device.
requirements and wipes the device after Windows 10 Credential Guard prevents SQL Threat Detection alerts on suspicious
a specific failed attempts. Intune application protection with attackers from gaining access to other database activities, potential vulnerabilities,
conditional launch controls protects data resources in the organization through Pass- and SQL injection attacks, as well as
at application level, including custom apps the-Hash or Pass-the-Ticket attacks. anomalous database access patterns.
and store apps.

Attacks are conducted using network Attacker gains access to the network Microsoft 365 Defender: Microsoft Defender
Network based traffic vulnerabilities for Identity is a cloud-based security solution
Azure Defender provides security alerts that leverages your on-premises Active
Azure DDoS Protection provides and advanced threat protection for virtual Directory signals to identify, detect, and
DDos enhanced DDoS mitigation machines, SQL databases, containers, web investigate advanced threats, compromised
features to defend against DDoS attacks. applications, your network, and more. identities, and malicious insider actions
Attacks aim to overwhelm
directed at your organization.
online services with more
Azure Web Application Firewall Network Security Groups filter network
traffic to make the service traffic to and from Azure resources in an Azure AD Privileged Identity Management
provides web protection against
inoperable. Azure virtual network. These contain enables you to manage, control, and monitor
common exploits and vulnerabilities.
security rules that allow or deny inbound access to important resources in your
Azure Defender stands up against RDP network traffic to, or outbound network organization.
Eavesdropping brute force attacks, SQL Injection. traffic from, several types of Azure
An attacker intercepts resources. For each rule, you can specify Azure Defender for IoT performs Continuous
network traffic and aims to Microsoft Azure Attestation verifies the source and destination, port, and protocol. asset discovery, vulnerability management,
obtain passwords, credit card identity and security posture of a and threat detection for IoT devices.
numbers, and other platform before you interact with it. Azure Firewall is a managed, cloud-based
confidential information. network security service that protects Azure Azure Data Encryption-at-Rest provides data
Virtual Network resources. It is a fully encryption for services across- SaaS, PaaS or
stateful firewall as a service with built-in IaaS.
high availability and unrestricted cloud
Code and SQL injection scalability. Azure Identity Protection automates the
An attacker transmits detection and remediation of identity based
malicious code instead of Azure AD Multifactor Authentication risks.
data values over a form or (MFA) adds a layer of protection to the
through an API. sign-in process. Azure Key Vault
It enhances data protection and compliance
Microsoft 365 Defender: Microsoft with the help of secure key management to
Cross site scripting Defender for Endpoint discovers protect data in the cloud.
An attacker uses third-party unmanaged devices on the network.
web resources to run scripts
in the victim’s web browser.

Extended detection and response (XDR) Top resources

Microsoft extended Microsoft 365 Defender Azure Defender Microsoft Security documentation
Azure Sentinel
detection and response Technical guidance to help security
professionals build and implement
(XDR) solutions deliver cybersecurity strategy, architecture, and
intelligent, automated, and Microsoft 365 Defender delivers XDR Delivers XDR left capabilities to protect To gain visibility across your entire
prioritized roadmaps.
docs.microsoft.com/security
integrated security across capabilities for identities, endpoints, multi-cloud and hybrid workloads, environment and include data from other
cloud apps, email and documents. Its including virtual machines, databases, security solutions such as firewalls and
domains. built-in self-healing technology fully containers, IoT, and more. existing security tools, connect Microsoft
automates remediation more than 70% of Defender to Azure Sentinel, Microsoft’s Microsoft 365 security documentation
the time. It combines: cloud-native SIEM. docs.microsoft.com/microsoft-365/security
This in turn help defenders • Azure Defender for Servers
connect seemingly disparate It combines: • Azure Defender for IoT Azure Sentinel is deeply integrated with
Evaluate and pilot Microsoft 365
• Microsoft Defender for Endpoint • Azure Defender for SQL Microsoft Defender so you can integrate
alerts and get ahead of • Microsoft Defender for Office 365 your XDR data in only a few clicks and Defender
attackers. • Microsoft Defender for Identity combine it with all your security data from aka.ms/defender365eval
• Microsoft Cloud App Security across your entire enterprise.
• Azure AD Identity Protection
Azure security documentation
aka.ms/defender365eval docs.microsoft.com/azure/security

September 2021 © 2021 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at [email protected].

You might also like