1 / 25

virtual techdays

INDIA │ 18-20 august 2010. virtual techdays. Threat Management Gateway 2010 – A Deep Dive. Anirudh Singh Rautela │ TSP – Security, Microsoft Corporation. INDIA │ 18-20 august 2010. virtual techdays. The Web Security Challenge New Features Drill down Safe Web Experience

uriel
Download Presentation

virtual techdays

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INDIA │ 18-20 august2010 virtual techdays Threat Management Gateway 2010 – A Deep Dive Anirudh Singh Rautela│ TSP – Security, Microsoft Corporation

  2. INDIA │ 18-20 august2010 virtual techdays • The Web Security Challenge • New Features Drill down • Safe Web Experience • Malware Protection • URL Filtering • Network Inspection System • Summary • 6 layers & Threat Protection • Value Proposition • The last mile! • Deployment Scenarios S E S S I O N A G E N D A

  3. The Web Security Challenge INDIA │ 18-20 august2010 virtual techdays Malware Phishing Internet Attacks Compromised Sites Other Emerging Threats Drive-by Script • Employees using the Web cannot differentiate between safe and unsafe sites • Businesses currently must purchase several non-integrated products and attempt to integrate them to protect the endpoint from the Web

  4. The New Features • VoIP traversal (SIP) • Enhanced NAT • ISP Link Redundancy • HTTP Anti-virus/spyware • URL Filtering • HTTPS forward inspection • Exchange Edge/FSE integration • Anti-Virus • Anti-spam • Network Inspection System (NIS) INDIA │ 18-20 august2010 virtual techdays • Firewall • Secure Web Access • E-mail Protection • Intrusion Prevention • NAP integration with VPN role • SSTP support • Array Management • Scenario UI & Wizards • Change tracking • Enhanced reporting • W2K8, native 64-bit • Update Center : • HTTP: AV+URL Filtering • Email: AV+Anti-Spam • NIS signatures • Remote Access • Deployment & Management • Subscription Services

  5. INDIA │ 18-20 august2010 virtual techdays DEMO: Peek at the new TMG UI

  6. …a safe web experience INDIA │ 18-20 august2010 virtual techdays

  7. Advanced Malware Protection at the Edge INDIA │ 18-20 august2010 virtual techdays Microsoft Backend • Integrating Microsoft AM engine • Automatic engine and signature updates • Subscription based • Content delivery methods by various content features • Detects: Malware, Scripts, etc. Internet • Source/Destination exception • Inspection options (block encrypted, nested archives, files sizes…) • Logging and reporting support TMG admin

  8. INDIA │ 18-20 august2010 virtual techdays DEMO: TMG Antimalware protection UI Tour!

  9. INDIA │ 18-20 august2010 virtual techdays Microsoft Reputation Service MRS • Success factors: • Always available • Globally scaled/ FT architecture • Multi-layered dynamic caching (On-Premise + Service) • Always fast • 4-tier architecture • Requests/ responses packaged at protocol-level • Always right • Inheritance logic for object and category hierarchy • Objects “resolved” from multiple sources • Source weighting • Objects acquired based on prevalence, telemetry Microsoft Reputation Service Management and Security Division Server and Tool Business

  10. INDIA │ 18-20 august2010 Logical Architecture virtual techdays Content Delivery Content Generation Data Import URL Data Provider URL Data Provider Partner Data URL Data Provider Raw Data Processing URL Data Provider Import Create Publish Deliver Reputation URL Data Provider URL Data Provider Differentiator URL Data Provider Microsoft Data • URLs mapped to standard category taxonomy • Sources “weighted” on import URL Data Provider Web Service Always on Always Fast Object Resolution Data – merge, correlate, Infer Telemetry

  11. INDIA │ 18-20 august2010 virtual techdays Category Support

  12. INDIA │ 18-20 august2010 virtual techdays DEMO: URL Filtering UI Tour!

  13. Using NIS for IPS INDIA │ 18-20 august2010 virtual techdays TMG • Detect and prevent known vulnerability-based attack attempts on Edge • Same day availability of the patch and NIS signature • Closes the vulnerability window which is needed for patch testing\deployment: • Patches need to be tested more thoroughly • Customer acceptance (similar to AV updates) Host /WO IPS Vulnerabilityfound Signature authoring team Host IPS Host IPS

  14. Defining IPS (Intrusion Prevention System) INDIA │ 18-20 august2010 virtual techdays NIS NIS Host-Based Intrusion Prevention Systems (HIPS) – Gartner 2007

  15. Malware exploiting MS08-067 INDIA │ 18-20 august2010 virtual techdays Worm:Win32/Conficker.A Worm:Win32/Conficker.B TrojanSpy:Win32/Gimmiv.A TrojanSpy:Win32/Arpoc.A Trojan:Win32/Wecorl.A Trojan:Win32/Clort.A Trojan:Win32/Wecorl.B Backdoor:Win32/IRCbot.BH Backdoor:Win32/Mocbot.AF Many more…

  16. INDIA │ 18-20 august2010 virtual techdays DEMO: Intrusion Prevention System UI Tour!

  17. INDIA │ 18-20 august2010 virtual techdays 6 Layers of Security: Forefront TMG Architecture • Unifies inspection technologies to: • Protect against multi-channel threats • Simplify deployment • Keeps security up to date with updates to: • Web antimalware • URL filtering • Network Inspection System Hardening Tools for Windows Server 2008 Web Antimalware URL Filtering Application Layer Proxy Network Inspection System (IPS) HTTPS Inspection

  18. Advanced Threat Protection INDIA │ 18-20 august2010 virtual techdays Threat Vector Content Files and Streaming Traffic • Viruses Worms Protocol Exploits Scripts Encrypted Web Inspection Technology HTTP and HTTPS Inspection • Microsoft Antimalware Network Inspection System Application Layer Proxy • Coverage for Streaming and Content-based traffic • Zero-day and Variant Protection • Generic and Specific Signatures • Protocol Analysis • Heuristic • Granular control of Web traffic • Extensible as new threats appear

  19. What does TMG bring to the table? INDIA │ 18-20 august2010 virtual techdays Comprehensive Integrated Simplified

  20. INDIA │ 18-20 august2010 virtual techdays …the last mile

  21. Safest tool to browse the Internet!!! INDIA │ 18-20 august2010 ...the Last Mile… virtual techdays NSS Labs Q1 2010 - http://www.nsslabs.com/browser-security http://nsslabs.com/test-reports/NSSLabs_Q12010_GTRBrowserSEM_FINAL.pdf

  22. TMG Deployment Scenarios INDIA │ 18-20 august2010 virtual techdays

  23. Forefront TMG in the Branch INDIA │ 18-20 august2010 virtual techdays Site to Site VPN • Web Proxy & Cache • Featuring • Anti-Virus • URL Filtering • HTTPS Inspection • Network Intrusion Inspection Main Office Windows Server 2008 R2: Single Host for TMG & BranchCache (Hosted Cache) TMG Branch Office

  24. TMG Feature Summary INDIA │ 18-20 august2010 virtual techdays • ISA 2006 • TMG 2010 Network firewall •  •  •  •  Application firewall Internet access protection (proxy) •  •  •  •  Basic OWA & SharePoint publishing Exchange publishing (RPC over HTTP) •  •  IPSec VPN (remote & site-to-site) •  •  •  •  Web caching, HTTP compression Windows Server 2008, 64-Bit (only) •  • New Web anti-virus, anti malware •  • New • New URL filtering •  • New Email anti-malware, anti-spam •  • New Network intrusion prevention •  • New Integration with codename “Stirling” •  • New Enhanced UI, management, reporting • 

  25. THANKS│18-20 august2010 virtual techdays anirudhr@microsoft.com

More Related