Forefront Client and Server Security next Generation Codename Stirling

1. Forefront Client and Server Security next Generation Codename �Stirling� Dominik Zemp TSP Security Microsoft Switzerland dominik.zemp@microsoft.com

2. Agenda Forefront Codename �Stirling� Overview Security Assessment Sharing Infrastructure and Architecture Deployment and Scalability Monitoring �Stirling� Protection Technologies Forefront Client Security Forefront Server Security Live Demo New Roadmap

3. Integrated Identity & Security

5. Forefront Codename �Stirling� Technical Overview

8. Silo'ed, Best of Breed Solutions Are Not Enough

9. The Answer: Security Assessment Sharing

10. SAS Technology ComponentsSecure Communication Channel Layered Protection across the organization Protection technologies that work together Protection technologies that share security information Protection technologies that take action together

11. Infrastructure Integration

12. How it Works in Depth (1/2)Policy and Tasks Down

13. How it Works in Depth (2/2)Telemetry Up

14. Deployment and Scalability

15. �Stirling� Protection Technologies

16. Forefront Client Security Next Version Codename �Stirling�

17. Antivirus � AntispywareBuilding on FCS v1 Integrated anti-virus/anti-spyware agent delivering real-time protection Uses Windows Filter Manager Maintains stable operation Scans viruses and spyware in real-time Dynamic Translation Unique to Microsoft agent Maximizes scanning speed: Decryption and code emulation of malware with speed of native code execution Other protection features: Tunneling signatures for detecting & removing rooktits Advanced system cleaning: Customized remediation (recreating registry entries, restoring settings) Event Flood Protection: Shields reporting infrastructure during outbreak from infected clients Heuristics for classifying programs based on behavior

18. Antivirus � Antispyware New Behavior based Blocking Dynamic Signature Service Client and back end infrastructure Used when FCS detects an �interesting� and unknown program Enables customer to receive real time signatures via SpyNet This will narrow the FCS protection gap � of unknown threats without waiting for signature updates. for suspicious new binaries, without having to wait for regularly-scheduled signature updates.

19. Vulnerability Assessment & RemediationProactively reduce the surface area

20. Host Firewall Management Firewall Management: Centralized management of the Windows Firewall Windows XP/2003, Windows Vista/2008 and Windows 7 Support Inbound and Outbound Filtering Configure Firewall Exceptions for Ports, Applications, Services Configure Network Location Profiles for Roaming Users Centralized Visibility: Firewall State in the Enterprise Sensors for Security Incident Detection Activity Monitoring Statistics

21. Forefront Server Security Next Version Codename �Stirling�

22. FSE DNSBL Feature

23. Advanced AntispamFSE Content Filter Fingerprinting Fingerprinting algorithms applied to every incoming message Relevant parts of the message are fingerprinted

24. Forefront Codename �Stirling� Monitoring

25. Know Your Security StateFrom The Top Down One stop shop to know if �you are secure� Measure Secure risk across all assets Risk = Security State X Asset Value Across protection technologies Clients, Servers, Network Granular visibility deep into each layer Drill down into every report and control 60+ customizable controls

26. Forefront Codename �Stirling� Dominik Zemp TSP Security Microsoft Switzerland demo

27. Roadmap

28. Forefront & Security Blogs Forefront Team Blog http://blogs.technet.com/forefront Microsoft Forefront Server Security Blog http://blogs.technet.com/fss Forefront Server Security Support Blog http://blogs.technet.com/fssnerds/ Forefront Client Security Team Blog http://blogs.technet.com/clientsecurity Forefront Client Security Support Blog http://blogs.technet.com/fcsnerds Microsoft Malware Protection Center Blog http://blogs.technet.com/mmpc The Microsoft Security Response Center (MSRC) http://blogs.technet.com/msrc/ Security Research & Defense http://blogs.technet.com/srd/

29. Q & A

30. Your MSDN resourcescheck out these websites, blogs & more! PresentationsTechDays: www.techdays.chMSDN Events: http://www.microsoft.com/switzerland/msdn/de/presentationfinder.mspxMSDN Webcasts: http://www.microsoft.com/switzerland/msdn/de/finder/default.mspx MSDN EventsMSDN Events: http://www.microsoft.com/switzerland/msdn/de/events/default.mspxSave the date: Tech�Ed 2009 Europe, 9-13 November 2009, Berlin MSDN Flash (our by weekly newsletter)Subscribe: http://www.microsoft.com/switzerland/msdn/de/flash.mspx MSDN Team BlogRSS: http://blogs.msdn.com/swiss_dpe_team/Default.aspx Developer User Groups & CommunitiesMobile Devices: http://www.pocketpc.ch/Microsoft Solutions User Group Switzerland: www.msugs.ch.NET Managed User Group of Switzerland: www.dotmugs.chFoxPro User Group Switzerland: www.fugs.ch 

31. Your TechNet resourcescheck out these websites, blogs & more! PresentationsTechDays: www.techdays.ch TechNet EventsTechNet Events: http://technet.microsoft.com/de-ch/bb291010.aspx Save the date: Tech�Ed 2009 Europe, 9-13 November 2009, Berlin TechNet Flash (our by weekly newsletter)Subscribe: http://technet.microsoft.com/de-ch/bb898852.aspx Schweizer IT Professional und TechNet BlogRSS: http://blogs.technet.com/chitpro-de/ IT Professional User Groups & CommunitiesSwissITPro User Group: www.swissitpro.ch NT Anwendergruppe Schweiz: www.nt-ag.ch PASS (Professional Association for SQL Server): www.sqlpass.ch  

32. Save the date for tech�days next year! 7. � 8. April 2010Congress Center Basel