1 / 30

Creating Connected Security Apps: Microsoft Developer Guide

Learn to build apps integrating, automating & managing security operations. Explore APIs & services, develop frameworks, & lead by example with demos. Start now!

yongc
Download Presentation

Creating Connected Security Apps: Microsoft Developer Guide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Build apps that integrate, automate, and manage security operations Sarah Fender, Microsoft @sarahfender Preeti Krishna, Microsoft @PreetiKr007 Darren Robinson, Microsoft MVP @darrenjrobinson BRK3085

  2. Agenda Why develop security apps? …Opportunity How to rationalize the security APIs and services? …Define a framework What to use when? …Guidance with demos Can you lead by example? …Hackathon winning app demo Get started now…

  3. The digital estate Smart cities Sensors Energy systems Vehicles Partners Cloud Citizens Marketplaces Equipment Customers Mobile devices On-premises Supply chains Manufacturers

  4. Fraud prevention Data & application security Infrastructure security Hybrid cloud security Anomaly detection Endpoint protection Security management Threat management Data loss prevention Cloud Access Security Broker Identity & access management Data center security $124B Worldwide security spending in 2019 Information rights management Compliance tools Threat detection IoT security Email security Gartner Forecast: Information Security, Worldwide, 2016-2022, 2Q18 Update

  5. IT Pros MSP System Integrators ISV Enterprises LOB your opportunity solve integration and deployment challenges extend capabilities to meet customer or industry specific needs address security skills and staffing shortages Automationworkflows Analytics dashboard & tools Device & native apps Background processes Web apps Bots

  6. Microsoft empowers security developers Enabling you to create connected security products and services to defend against increased threats • Unlock Value for Microsoft Cloud Customers • Accelerate and Simplify Application Development • Leverage the Speed and Scale of the Microsoft Cloud

  7. Framework for security developers APIs </> • Develop integrated apps to streamline security management, improve protection, and speed response. Connected Security Solutions Services • Build experiences and workflows on top of Microsoft security analytics and automation solutions. Communities • Share code samples, detection rules and models, playbooks, tools, and more on GitHub.

  8. Featured Scenarios:Security Management & Investigation Threat Detection Information Protection

  9. Security Management & Investigation ISV, MSP, Enterprise, IT Pro, LOB, SI Microsoft Defender ATP APIMicrosoft Cloud App Security APIAzure Active Directory Identity Protection APIAzure Security Center API Microsoft Graph Security APIAzure Sentinel

  10. Demo:Sample Security Management App

  11. Threat Detection ISV, MSP, Enterprise, IT Pro Microsoft Defender ATP Azure Sentinel Microsoft Graph Security API

  12. Demo:Threat Detection in Azure Sentinel

  13. Information Protection ISV, MSP, Enterprise Microsoft Defender ATP Office Management Activity API Microsoft Graph Security API Microsoft Information Protection

  14. Information Protection Demo

  15. Winning Security Hackathon App

  16. Introduction to MS U.S.E.R (User Security Evaluation Reporter) • Single Pane View and Assessment of User’s Security Posture • Current Active Risks & Individual User Review  • Great, Needs Improvement, Urgent Attention Required • What is the Security Posture of Users in your environment? • Are they MFA enabled? What the primary method? • Has their Active Directory password been Pwned? • Have they been attempting Azure Password Reset? • What type and from where are their last logins? • What devices are registered to them? 

  17. Microsoft Graph Integration • APIs • Current Secure Score • /security/secureScores • Current Risk Events • Users Registered Devices •     /identityRiskEvents • Azure Password Reset Events •    /auditLogs/directoryAudits • User Details •    /users • Users Registered Devices •    /registeredDevices • Sign-In Activity •    /auditLogs/signIns

  18. MS USER Demo

  19. Tips and Tricks • Font Awesome • Fantastic icon library • Githubdarrenjrobinson/Microsoft-User-Security-Evaluation-Reporter • Blog darrenjrobinson.com/hackathons • CORS • Browser Developer Tools (F12) • Enabled Application Insights • API call duration • Microsoft Graph JSON Batching • Great to send a bunch of queries in one call and response • Graph oAuth Token automation using • Azure Functions • PSMSGraph (PS Module) • Azure Key Vault

  20. Getting started

  21. Security Developer Community Link to GitHub Demo GitHub? Recognition Program

  22. Recap: Rationalize APIs and Services

  23. THANK YOU

  24. APIs & SDKs </> Leverage Microsoft Graph to streamline integration across multiple security solutions. And, use direct APIs to connect to specific services. Microsoft Graph Security API: unified alerts, threat indicators, actions, and secure score Azure Active Directory Identity Protection: users, groups, risky users, and risky sign-ins Microsoft Information Protection: data classification, labeling, and protection Microsoft Defender ATP: events and logs in Azure Sentinel Microsoft Cloud App Security: user activities, alerts, policy reports across cloud services Azure Security Center: alerts, compliances, tasks, settings, solutions Office 365 Management APIs: user, admin, system, and policy actions and events across M365 services Azure Log Analytics: events and logs in Azure Sentinel

  25. Services Build experiences and workflows on top of services like Azure Sentinel, Microsoft Flow, Azure Logic Apps, and PowerBI to deliver additional value to your customers. Security Event and Information Management: For dashboards, custom detections, workflows, threat intelligence. It provides one-click integration with Microsoft solutions, connectors and support for standard and custom log formats; alerts are fused into prioritized cases, developer can build dashboards, alert rules, ML models, and hunting queries using data available on Azure Sentinel. Security Analytics: Azure Notebooks, Azure DataBricks / Spark – Azure Notebooks, Azure DataBricks / Spark Orchestration and Automation: Enable automated workflows in Microsoft Flow, Azure LogicApps, and PowerApps. Use existing connectors for Microsoft security services, choose from a catalog of more than 200 connectors, or build and publish your own connector. Reporting: PowerBI…

  26. Communities Open-source communities on GitHub enable customers and partners to easily share code samples, detection rules, machine learning models, playbooks, tools, and more. Microsoft Security GitHub… Microsoft Graph Security GitHub to share code samples, queries, workflows, notebooks, dashboards and templates. Azure Sentinel GitHub to share queries, ML algorithm templates, workflows, hunting notebooks and dashboards. Microsoft Information Protection GitHub to share samples. Microsoft Defender ATP community to share queries and notebooks. New community recognition program…

  27. Integration Options

  28. Fraud prevention Data & application security Infrastructure security Hybrid cloud security Anomaly detection Endpoint protection Security management Threat management Data loss prevention your opportunity Cloud Access Security Broker Identity & access management Data center security Information rights management solve integration and deployment challenges extend capabilities to meet customer or industry specific needs address security skills and staffing shortages Compliance tools Threat detection IoT security Email security

More Related