350 likes | 596 Views
Microsoft Security Solutions Forefront Suite & Edge Protection Enterprise Roadmap Strategy Day. Dan Sommerman Security SSP– SLG Sept. 20, 2007. Agenda. Trustworthy Computing Security Portfolio/Microsoft Security Solutions Product Drilldown Forefront for Exchange
E N D
Microsoft Security Solutions Forefront Suite & Edge Protection Enterprise Roadmap Strategy Day Dan Sommerman Security SSP– SLG Sept. 20, 2007
Agenda • Trustworthy Computing • Security Portfolio/Microsoft Security Solutions • Product Drilldown • Forefront for Exchange • Forefront for SharePoint • Forefront Client Security • Exchange Hosted Services • Edge Protection with ISA server and Intelligent Application Gateway • Next Steps & Resources
Secure against attacks Protects confidentiality, integrity and availability of data and systems Manageable Protects from unwanted communication Controls for informational privacy Products, online services adhere to fair information principles Dependable, Available Predictable, consistent, responsive service Maintainable Resilient, works despite changes Recoverable, easily restored Proven, ready Commitment to customer-centric Interoperability Recognized industry leader, world-class partner Be transparent in our business practices Stand behind our products SDL for customers
Trustworthy Computing: Industry Leadership • Building bridges to public sector • Security Cooperation Program • Public service announcements • IT Security training programs • Virus Information Alliance • Global Infrastructure Alliance for Internet Safety • Anti-Virus Rewards Program • Anti-Phishing Working Group • Anti-Spam Technology Alliance • Local, State, Federal and International Law Enforcement • Trustworthy Computing University Curriculum • Trustworthy Academic Advisory Board
Client Edge Server Services Content Whale Intelligent Application Gateway SystemsManagement Guidance Identity Management
What is Microsoft Forefront? Microsoft Forefront is a comprehensive line of business security products providing greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Edge Client and Server OS Server Applications
Microsoft Forefront Security for Exchange, Sharepoint and Office Communications Server General information • Forefront provides eight antivirus engines • Users can select five at a time from this list: • Microsoft antivirus • Ahn Labs • Authentium • CA InoculateIT/Vet • Norman Data Defense • Kaspersky Labs • Sophos • Virus Busters
The Multiple Engine Advantage Recent AV-Test.org resultsForefront engine sets and other vendors • Rapid response to new threats • Diversity of anti-virus engines and heuristics • Fail-safe protection through redundancy
Secure Messaging MicrosoftForefront™Security for Exchange Server includes multiple scan engines from industry-leading security firms, integrated in a single solution to help businesses protect their Exchange messaging environments from viruses, worms, and spam. • Ships with & manages multiple antivirus engines • Multi-layered protection in Exchange 2007* • File Filtering and premium anti-spam protection Comprehensive Protection • Deep integration with Exchange Server • Scanning innovations & performance controls • Maintains uptime and optimizes performance Optimized Performance • Easily manage configuration and operation • Automated signature updates • Reporting, Notifications and Alerts Simplified Management * For protecting Exchange 2003/2000 environments, purchasing Forefront Security for Exchange Server includes downgrade rights to Antigen for Exchange, Antigen for SMTP Gateways and Antigen Spam Manager
A B C D Performance Management Bias • Max Certainty: uses all engines (100%) • Favor Certainty: uses 75% of available engines* • Neutral: uses approximately 50% of available engines* • Favor Performance: uses 25% of available engines* • Max Performance: uses one engine for every scan*
EXE Memory Allocation Scanning Process Scanning Innovations • In-memory scanning • Multi-threaded scanning EXE 432kb Return to Pool Available Memory Pool
Hub Transport Edge Transport Unified Messaging I N T E R N E T Client Access Exchange 2007 Enterprise Topology Enterprise network OtherSMTPServers PBX or VoIP • Routing • Hygiene • Routing • Policy Applications: OWA Voice Messaging Protocols: ActiveSync, POP, IMAP, RPC / HTTP … Mailbox Fax Programmability: Web services, Web parts Mailbox Public Folders
Premium Antispam Protection • Forefront Security for Exchange Server licenses and activates the premium anti-spam features for Exchange 2007 • Deployed on Exchange Edge or Hub server role • Edge server can be deployed in front of Exchange 2003 mailboxes • Built upon base anti-spam in Exchange 2007, premium antispam protection adds: • Microsoft IP reputation filter service and automated updates • Automated updates for Microsoft Smartscreen spam heuristics, phishing Web sites and Intelligent Message Filter (IMF) • Targeted spam signature data and automatic updates to identify latest spam campaigns
Secure Collaboration Microsoft Forefront Security for SharePoint integrates multiple scan engines from industry-leading vendors and provides content controls to help businesses protect their Microsoft Office SharePoint 2007 and Windows SharePoint Services 3.0* collaboration environment by eliminating documents containing malicious code, confidential information, and inappropriate content. • Ships with & manages multiple antivirus engines • File & Content Keyword Filtering • Support for Open XML & IRM-protected docs Comprehensive Protection • Deep integration with SharePoint Server • Scanning innovations and performance controls • Maintains uptime and optimizes performance Optimized Performance • Easily manage configuration and operation • Automated signature updates • Reporting, Notifications and Alerts Simplified Management * For protecting SharePoint 2003 and Windows SharePoint Services 2.0 environments, purchasing Forefront Security for SharePoint includes downgrade rights to Antigen for SharePoint
Forefront Security for SharePoint Virus Protection for Document Libraries • Real-time scanning of documents uploadedand downloaded from document library • Manual and scheduled scanning of document library SQL Document Library Document SharePoint Server Document Content Policy Enforcement • File filtering to block documents frombeing posted based on name match, file type or file extension • Content filtering by keywords withindocuments for inappropriate words and phrases Users
Body Content File name, type Content Policy Enforcement Filters body content for inappropriate keywords or phrases Filters documents based on name match, wild card, file type or file extension • Ability to quarantine based on type of messages through use of customizable filters
Internet Internet AntigenEngineAdaptor Automated Signature Updating www.microsoft.com Engine Partner Updates
Microsoft Operations Manager IntegrationForefront Management Pack for MOM 2005 • Over 100 Events, Performance Counters, and Services Monitored • Monitors the state of Forefront • Collects statistical data on scanning, detection, and removal of messages and attachments • Polls 5 Forefront Services - Provides timed events to poll systems for critical process health • Key Tasks: • Triggers scan engine updates • Centralizes storage and deployment of license files • Imports, exports and deploys setting changes • Initiates and/or schedules manual scan jobs • Starts/Stops control of Forefront services
FOR INDIVIDUAL USERS FOR ENTERPRISE Windows Live OneCare Safety Scanner Microsoft Forefront Client Security Windows Defender Windows Live OneCare MSRT Remove most prevalent viruses Remove all known viruses Real-time antivirus Remove all known spyware Real-time antispyware Central reporting and alerting Customization IT Infrastructure Integration
Unified malware protection for organizational desktops, laptops and server operating systems that is easier to manage and control One solution for spyware and virus protection Built on protection technology used by millions worldwide Virus Bulletin 100% Award, West Coast Labs certification Complements other Microsoft security products One console for simplified security administration Define one policy to manage client protection agent settings Deploy signatures and software faster Integrates with your existing infrastructure One dashboard for visibility into threats and vulnerabilities View insightful reports Stay informed with state assessment scans and security alerts
Unified agent for virus and spyware protection • Common engine used by Windows Defender, OneCare, Forefront Sever Security • Local UI based on Windows Defender • On-access protection via kernel mode mini-filter • Built on Windows Filter Manager platform • Malware prevented from executing entirely – anti-virus and anti-spyware • User mode scanning • System Configuration, IE Add-ons & Configuration • IE and Office downloads • Services & drivers • App execution & registration • Scheduled and on-demand scans • Quick scan - In memory processes, targeted directories, common malware extensibility points • Full scan – Quick scan + local drives
Research & response organization delivers malware signatures for: • Forefront Client Security, Forefront Server Security, Windows Live OneCare, Windows Defender, Malicious Software Removal Tool (MSRT) • Currently protecting millions of systems • Research team uses multiple data sources to identify threats • Released products: Windows Defender, OneCare, MSRT, etc. • Other sources: PSS, Hotmail, web crawling, customer submissions • Partnerships with industry • Top priority is responding to active threats in the wild • Automation in analysis: Automatic malware submission storage and retrieval, resolving of duplicate submissions, prioritization of sample analysis to reduce analysis time. • Building out global 24x7 organization (US, Europe, Asia Pacific) • Industry certifications (OneCare currently, expect same for FCS) • ICSA Labs, West Coast Labs
One console for simplified security administration • One policy to manage client protection agent settings, e.g.: • Choice of 3 integrated policy profile deployment methods: • Microsoft Forefront Client Security Console (uses AD/GP) • ADM file (uses AD/GP) • Export to a file then use existing software distribution system Scan schedule Real time protection on/off Signature update frequency Anti-spyware signature overrides Security state assessment settings Anti-spyware unknown action Alert level Event and logging settings SpyNet reporting on/off Level of end-user UI shown
Alerts managed using MOM 2005 operator console Alert configuration is policy specific Alerts notify admin of high-value incidents, including: Alerting Configuration Malware detected Malware failed to remove Malware outbreak Malware protection disabled Alert levels control type & volume of alerts generated Critical Issues Only, Low Value Assets Rich Data, High Value Assets 1 2 3 4 5 Outbreak Malware removal failed Signature update failed Malware detected and removed Signature update failed (per min)
“Is my environment compliant with security best practices?” “Has my level of vulnerability exposure changed over time?” “What portion of my environment is at high risk?”
Queued e-mail is delivered in a flow-controlled fashion when server is available SpamPrevention Internet Corporate Network DirectoryServices Real time attack prevention (TRAP) IP-based authentication Reputation database Real-time Attack Prevention (RTAP) protects against the largest attacks Virus filter delivers zero-day protection using multiple, complementary anti-virus engines Flexible policy filter to enforce corporatee-mail-use policies High-accuracyspam filtering E-mail queuing ensures mail is never lost SPAM Connections from all senders are analyzed, connections from illegitimate senders are blocked No Yes If server is unavailable,e-mail is queued up for five days E-mail enters the global data center network Is e-mail server available? Look up e-mail filtering settings for domain Virus Scanning Policy Enforcement Spam Protection Clean e-mail is handed off to corporatee-mail servers Anti-virus Engine 1 Anti-virus Engine 2 Anti-virus Engine 3 Custom Policy Rules Attachment and message attribute management Custom Spam Filter management (CSFM)Fingerprint Engine Rules Based Scoring Content and Policy Quarantine Spam Quarantine
Secure Application Publishing Branch Office Gateway Web Access Protection Streamline your network Deploying edge security gateways in branch offices and leveraging cache capabilities Safeguard your IT environment Protecting your environment from internal users accessing unwanted or harmful content on the Internet Secure your Microsoft application infrastructure Publish Exchange, SharePoint and Web application servers for secure remote access An integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing your users fast and secure remote access to applications and data.
Safeguard Information Control Access Protect Assets Secure, browser-based access to corporate applications and data from more locations and more devices Helps ensure the integrity and safety of network and application infrastructure by blocking malicious traffic and attacks Comprehensive policy enforcement helps drive compliance with legal and business guidelines for using sensitive data Intelligent Application Gateway The IAG provides SSL-based application access and protection with endpoint security management, enabling granular access control and deep content inspection from a broad range of devices and locations to line-of-business, intranet, and client/server resources.
Control Application Access Features Protect Safeguard Native AD integration w/strong and two-factor authentication SQL Server File upload / download control; .EXE identification Active Directory Session termination & inactivity timeouts File Shares Comprehensive monitoring and logging Single sign-on to multiple and custom directories ISA Server Endpoint policy-defined micro-portal IIS Mobile Devices Data Resources Intelligent Application Gateway™ Port 443 Custom Applications Laptops Intranet Kiosks External Firewall Web application firewall w/app-specific content, command, and URL filtering Portal defined by user identity SharePoint Server Exchange Server ‘Restricted zones’ definitions for URLs Policy-driven intranet access with ACL-level controls Endpoint compliance check and clean-up Positive and negative-logic filtering rules
Industry Analyst Perspective Gartner Magic Quadrant for E-Mail Security Boundary 2006 * * Magic Quadrant for E-Mail Security Boundary, 2006. Peter Firstbrook, Arabella Hallawell Publication Date: 25 September 2006/ID Number: G00142431
* Enterprise CAL also includes the Core CAL components, Windows Rights Management Services, Management Operations Manager Client OML, Office Communications Server 2007 Standard and Enterprise CAL, Office SharePoint Server Enterprise CAL 2007, and the Exchange Enterprise CAL 2007. ** Exchange Enterprise CAL also includes the Exchange CAL, Unified Messaging and Compliance
Next Steps • Read whitepapers, download evaluation copies and find technical data on Microsoft Forefront solutions: http://microsoft.com/forefront/default.mspx • Contact local team or myself to schedule demos and ask questions: Dan Sommerman Security Solutions Professional 212-288-5073 dasommer@microsoft.com
Thank You! © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.