1 / 31

Security Management and Protection: What's in Microsoft Forefront Client Security Version 2

Security Management and Protection: What's in Microsoft Forefront Client Security Version 2. Jayesh Mowjee Security Consultant Microsoft Session Code: SIA203. Session Objectives And Takeaways. Session Objectives: Understand the capabilities of FCSv2

Jimmy
Download Presentation

Security Management and Protection: What's in Microsoft Forefront Client Security Version 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Management and Protection: What's in Microsoft Forefront Client Security Version 2 Jayesh Mowjee Security Consultant Microsoft Session Code: SIA203

  2. Session Objectives And Takeaways • Session Objectives: • Understand the capabilities of FCSv2 • Know how FCSv2 protects endpoints against threats • Plan an FCSv2 deployment • Key Takeaways: • FCSv2 provides comprehensive endpoint protection • FCSv2 is part of Forefront codename: “Stirling”

  3. Agenda • Forefront Today • Forefront Client Security v2 • Unified Protection • Simplified Administration • Visibility and Control • Enterprise Ready • Question and Answer

  4. Business Ready SecurityHelp securely enable business by managing risk and empowering people Integrate and extend security across the enterprise Protect everywhere, access anywhere Protection Access Identity Management Highly Secure & Interoperable Platform Simplify the security experience, manage compliance from: to: Block Enable Cost Value Siloed Seamless

  5. Comprehensive line of business security products that helps you gain greater protection and secure access through deep integration and simplified management Server Applications Client & Server OS Network Edge

  6. Comprehensive protection for business desktops, laptops and server operating systems that is easier to manage and control Comprehensive Protection Unified endpoint security that integrates anti-malware, host firewall and more Coordinated protection with Forefront codename: “Stirling” Inspection, threat mitigation and remediation Simplified Administration Manage from a single role-based console Integrates with existing Microsoft infrastructure Easy discovery and deployment of protection for endpoints Visibility and Control One dashboard for visibility into threats, vulnerabilities, and configuration risks Increased visibility into endpoint security with vulnerability assessment scanning

  7. Comprehensive Protection

  8. Comprehensive ProtectionForefront Client Security v2 Vulnerability Remediation Proactive Reduce attack surface of vulnerabilities Network Access Protection • Limit exposure from vulnerable clients Host Firewall Restrict what applications can do Vulnerability Assessment Scan for vulnerabilities and configuration exposures Behavior Monitoring • Monitor suspicious processes Antivirus/ Antispyware Block, remove and clean malicious software Reactive

  9. Antivirus – AntispywareBuilding on FCS v1 In recent tests, Microsoft rated among the leaders in anti-virus protection AVTest.org (Sept 2008) AVTest.org (March 2008) AVComparatives (Feb 2008) Received AVComparatives Advanced Certification Test of consumer anti-virus products using a malware sample covering approximately the last three years. Test based on more than 1 million malware samples Test based on more than 1 million malware samples FCS Awards and Certifications

  10. Integrated anti-virus/anti-spyware agent delivering real-time protection Uses Windows Filter Manager Maintains stable operation Scans viruses and spyware in real-time Dynamic Translation Unique to Microsoft agent Maximizes scanning speed: Decryption and code emulation of malware with speed of native code execution Other protection features: Tunneling signatures for detecting and removing rootkits Advanced system cleaning: Customized remediation (recreating registry entries, restoring settings) Event Flood Protection: Shields reporting infrastructure during outbreak from infected clients Heuristics for classifying programs based on behavior Antivirus – AntispywareBuilding on FCS v1 • Better malware detection • Multiple technologies for malware protection • Greater stability of client environment • Faster malware scanning conducted in real-time

  11. The FCS agent efficiently uses system resources, scans quickly, and detects malware effectively Antivirus – AntispywareBuilding on FCS v1 60%+ less CPU usage 7% less CPU 14x faster at boot time 2x faster 2x faster in quick scans 5x faster in full scans Sources: West Coast Labs, AVTest.org, Performance benchmarking study conducted by West Coast Labs.

  12. Vulnerability ManagementProactively reduce the surface area Detect common vulnerabilities and missing security updates Discover misconfiguration exposures Configure security checks parameter New checks include: IE Security Setting, DEP, IIS Setting, and more… • Compare system configuration against security best practices • Assign score based on associated risk • Surface issues found across the enterprise in real time • Automatically remediate based on policy • Integrate with NAP for compliance enforcement • Remotely remediate from the management console NEW

  13. Available in Forefront Client Security v2 Vulnerability Assessment Checks

  14. Network Access Protection • Up-to-date Protection: ensures that all clients have the latest definitions & host protection policy • Compliance Enforcement: enables administrators to enforce their corporate security policy and protect the network from non-compliant and vulnerable clients • Outbreak Containment: protects the network from clients with active malware infections • Network Eviction: enables administrators to protect the network from suspicious and potentially compromised clients

  15. Host Firewall Firewall Management: centralized management of the Windows Firewall • Windows XP/2003, Windows Vista/2008, and Windows 7 • Support Inbound and Outbound Filtering • Configure Firewall Exceptions for Ports, Applications, and Services • Configure Network Location Profiles for Roaming Users Centralized Visibility: Firewall State in the Enterprise • Sensors for Security Incident Detection • Activity Monitoring • Statistics

  16. Simplified Administration

  17. Forefront Code Name "Stirling" Anintegrated security suite that deliverscomprehensive protection across endpoint, application servers, and the edge that is easier to manage and control Code Name “Stirling” Central Management Server Unified Management In-Depth Investigation Enterprise-Wide Visibility Security Assessment Sharing (SAS) Client &Server OS Network Edge Server Applications Third-Party Partner Solutions Other Microsoft Solutions Active Directory NAP

  18. Simplified Administration With StirlingProtect your business with greater efficiency FCSv2 is managed through “Stirling” • One console for simplified, role-based security management • Define one security policy for your assets across protection technologies • Deploy signatures, policies and software quickly • Integrates with your existing infrastructure: SQL, WSUS, AD, NAP, SCCM, SCOM (new & existing)

  19. Integration With Your Infrastructure Required Infrastructure POLICY POLICY Microsoft Update REPORTS (OR ALTERNATE SYSTEM) EVENTS GROUPS Network Access Protection (NAP) (OR ALTERNATE SYSTEMS) SIGNATURE, UPDATES CORE INFRASTRUCTURE Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, Forefront Threat Management Gateway INTEGRATION INFRASTRUCTURE

  20. Deployment and Scalability 250 – 2,500 Assets An asset is a computer with one of the Stirling protection technologies (FCS, FSE, FSSP and/or TMG) 1 1 1 2 1 1 1 1 1 4 Up to 25,000 Assets Stirling Server Roles Stirling Core Stirling Console Stirling Core SCOM (RMS) SQL Reporting Server WSUS Stirling Console Stirling SQL DB Stirling SQL DB SCOM SQL DB SQL Reporting DB SCOM Root Management Server(RMS) SCOM SQL DB Scaling Up… Stirling Console Stirling Core SQL Reporting Server SQL Reporting Server Stirling SQL DB SQL Reporting DB SQL Reporting DB Per 20,000 Assets Per 25,000 Assets Software/Signature Deploymente.g. WSUS or SCCM SCOM RMS WSUS + SCOM SQL DB (TYPICALLY ALREADY DEPLOYED BEFORE STIRLING)

  21. Visibility & Control

  22. Critical Visibility and ControlKnow where action is required • Know your security state • View insightful reports • Investigate and remediate security risks

  23. Critical Visibility and ControlTake action to remediate issues • FCSv2 Tasks: • Update signatures • AM quick/full Scan • Vulnerability scan • Install missing updates • Vulnerability remediation • Network eviction • Reboot computer • Integrated With Dynamic Response

  24. Enterprise Ready

  25. Microsoft Confidential Enhanced Enterprise CapabilitiesForefront Client Security • Scale to the largest enterprises • Role-based Administration • Virtualized Deployments • Clustering and High Availability Deployments • Support for both domain and non-domain joined assets • Protection for Windows Server Roles • Native NAP Integration

  26. Platform Support • Client Agents • Windows XP, Windows Vista, Windows 7 • Windows 2003, Windows 2008 • Virtual machines (MSFT virtual machine technology only) • Non-domain joined machines • Windows Embedded, WEPOS • Server Infrastructure • Windows Server 2003, Windows 2008 (x64 only) • SQL Server 2008 Standard or Enterprise • Will support installation of server infrastructure on virtual machines (MSFT virtual machine technology only) • Will support clustered environments for high availability

  27. Summary Forefront Client Security v2 provides unified protection for endpoints (desktops, laptops and servers) that is easier to manage and control • Built on FCS v1 strong foundations • Offers greater protection • Integrated with “Stirling” • Centralized management • Comprehensive, insightful reports • Enterprise Ready

  28. question & answer

  29. Resources • www.microsoft.com/teched Sessions On-Demand & Community • www.microsoft.com/learning • Microsoft Certification & Training Resources • http://microsoft.com/technet • Resources for IT Professionals • http://microsoft.com/msdn Resources for Developers

  30. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related