Issuu on Google+

Business Ready Security

Ovidiu Pismac MCSE Security, CISSP, MCTS Forefront, Windows 7, Virtualization Microsoft Romania ovidiup@microsoft.com


Business Ready Security Solutions Integrated Security

Secure Messaging

Secure Collaboration

Information Protection

Identity and Access Management

Secure Endpoint


Business Ready Security Roadmap Management Consoles

Active Directory Federation Services Lightweight Directory Services Certificate Services Domain Services Windows Cardspace Network Access Protection

Windows Identity Foundation Windows Cardspace

Subject to change


Forefront Comprehensive Security Office Communications Server

SharePoint

Forefront Client Security / Endpoint Protection

ISA (TMG) Server

Collaboration SMTP Server

Exchange Server

Internet

Users

Edge E-mail

Viruses Worms Spam

Viruses Worms Inapp. Content

Microsoft Operations Manager

Forefront Protection Manager

Forefront Management Pack (MP)

Management


Forefront 2010 - Protection Drilldown Enterprise Security Assessment Information Sharing

Coordinated Defense

Adaptive Investigation

Antivirus Antispyware

Exchange 2007 & E 14 Protection

Firewall

Host Firewall

New Antimalware Capabilities

Web (URL) Filtering

Host audit & log analysis

Advanced Antispam

HTTP/FTP/SMTP AV Network Intrusion Prevention

Device Control

HTTPS inspection

NAP Integration Software Restriction

Sharepoint 2007 and SPS 14 Protection

Vulnerability Assessment & Remediation

Content Filtering

Application layer security VPN server - Remote Access NAP Integration


Secure Endpoint Protect client and server operating systems from emerging threats and information loss, while enabling more secure access from virtually anywhere

PROTECT everywhere ACCESS anywhere

• Advance Malware Protection

• Secure Always On Access

INTEGRATE and EXTEND security

• Integrate with OS Security

• Leverage Existing Infrastructure

SIMPLIFY security, MANAGE compliance

• Unified Management Console

• Enterprise-Wide Visibility


Windows

Use of Filter Manager – included in Windows OS form Windows 2000 Professional with SP4 - Stable performance; scan viruses & spyware in real-time Advanced system cleaning: Customized remediation (recreating registry entries, restoring settings)

WSUS

Automated deployment of security agents and signatures using existing WSUS infrastructure Being an administrative controlled policy, machines that have removed client agents accidentally or intentionally can automatically receive the agent through WSUS sync

Active Directory

Single policy configures anti-virus, anti-spyware and state assessment FCS console is integrated with Active Directory for easy policy deployment Policy can also be deployed via Group Policy Mgmt console or using 3rd party software distribution systems

Operations Manager (Embedded)

Real-time alerts and reporting

State Assessment

Identify vulnerabilities and improperly configured machines; measure risk profile based on security best practices

Event Flood Protection shields reporting infrastructure during outbreak from infected clients

Windows Firewall check: Visibility into ports that have been opened and applications allowed to access network. Use Group Policy to take corrective action


“Is my environment compliant with security best practices?”

“Has my level of vulnerability exposure changed over time?”

“What portion of my environment is at high risk?”


Secure Messaging Enable more secure business communication from virtually anywhere and on virtually any device, while preventing unauthorized use of confidential information

PROTECT everywhere ACCESS anywhere

• Best-in-class antimalware on premise / in the cloud

• Protect sensitive information in email

• Secure, seamless access

INTEGRATE and EXTEND security

• Built-in Information Protection

• Extend secure E-mail with partners

SIMPLIFY security, MANAGE compliance

• Enterprise-wide visibility and reporting

• Unified management


Secure Collaboration Enable more secure business collaboration from virtually anywhere and across devices, while preventing unauthorized use of confidential information

PROTECT everywhere ACCESS anywhere

• Secure, seamless access

• Protect sensitive information in email

• Best-in-class antimalware

INTEGRATE and EXTEND security

• Deep OCS, Exchange, SharePoint and Office integration

• Standards-based, interoperability

SIMPLIFY security, MANAGE compliance

• Enterprise-wide visibility

• Easier partner management


Advanced Protection – the strength of single vendor / multiple engines Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from

Each scan job in a Forefront Server Security product can run up to five engines simultaneously

Internal Messaging and Collaboration Servers

A

B

C

D

E


Application Servers advanced protection Microsoft antivirus approach Internet No single point of failure Integrated management Cost reduction Single point of support

Viruses Worms Spam ISA Server

A

SMTP Server

B

C

E

D

Exchange

Exchange A

B

C

SharePoint

One vendor Multi-engine


Comprehensive Protection for Exchange and Sharepoint and OCS Environments

Single Engine

Multiple Engines 38 times faster response An AV-Test of consumer antivirus products revealed: OnAutomatic average, Forefront sets Engineengine Updates provided a response in 3.1 hours or less. Single-engine vendors provided responses in 5 days, 4 days, and 6 days Eliminates single point of failure respectively.

“Forefront Server Security can support up to five scanning engines at the same time. Thus, it offers a more secure environment, compared with products that support using only a single engine.” – Akihiro Shiotani, Deputy Director of the Infrastructure Group, Astellas Pharma Information Systems Department


Content Filtering Engine Proactively blocks a specific range of potentially dangerous file types whether or not a signature exists.

Filters specific files by size, name, type, or combinations of these 

For e-mail attachments, can also filter based on direction <in>*.exe, <out>*.doc, *.avi

Blockig based on file size *.mp3 >5MB

Wildcards supported, e.g., “*resume*.doc”

Inspects the real file type, not just extension

Can also spot and delete files within ZIP

Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM and BAT (match files blocked by Outlook)

Actions 

Skip detect Logs the event but does not block

Delete Removes the document and replaces with the customized deletion text

Block Deletes the e-mail or blocks the upload to the document library


Forefront Security for SharePoint Virus Protection for Document Libraries Real-time scanning of documents uploaded and downloaded from document library Manual and scheduled scanning of document library Content Policy Enforcement File filtering to block documents from being posted based on name match, file type or file extension Content filtering by keywords within documents for inappropriate words and phrases

SQL Document Library Document SharePoint Server

Document Users


Forefront for Instant Messaging â&#x20AC;&#x201C; Office Communications Server Find and remove viruses from the IM conversations and file transfer Infected file blocking Continuous scanning IM traffic for removing malicious software Content filtering and support for Office Communications encrypted traffic

Firewall

Server

Microsoft Office Communicator

Microsoft Live Messenger


Information Protection Discover, protect, and manage confidential data throughout your business with a comprehensive solution integrated with the computing platform and applications

PROTECT everywhere ACCESS anywhere

INTEGRATE and EXTEND security

• Protect Critical Data

• Extend confidential

Wherever It Goes

communication to partners

• Protect Data Wherever it Resides

• Secure endpoints to reduce risk

• Built into the Windows platform and applications

SIMPLIFY security, MANAGE compliance

• Simplify deployment and ongoing management

• Enable compliance with information policy


Protect Sensitive Information in E-mail

Protect everywhere access anywhere

• Automatically protect sensitive e-mail with Active Directory RMS

Outlook Web Access

• Filter message body and subject based on content criteria

• Policy based restricted usage of email attachments

“I believe that Active Directory RMS will be a watershed technology like e-mail or the Web browser. It will be a fundamental technology that everyone uses, and it will not be thought of as a separate application. It will be like Active Directory—it is just there and everyone uses it.” —Jason Foster, Senior Manager of Technology at Continental Airlines


Identity and Access Management Enable more secure, identity-based access to applications on-premises and in the cloud from virtually any location or device

PROTECT everywhere ACCESS anywhere

• Provide more secure, always-on access

• Enable access from virtually any device

INTEGRATE and EXTEND security

• Control access across organizations

• Provide standardsbased interoperability

SIMPLIFY security, MANAGE compliance

• Extend powerful selfservice capabilities to users

• Automate and simplify management tasks


Protect Everywhere, Access Anywhere

Network Host Application Information

IDENTITY CENTRIC

Scale across physical, virtual and cloud environments


Integrated Security Protect information and infrastructure across your business through a comprehensive solution that is easier to manage and control

PROTECT everywhere ACCESS anywhere

• Comprehensive, Defense-in-depth protection

• Data Leakage Prevention

INTEGRATE and EXTEND security

• Maximize infrastructure efficiency

• Interoperate with partner solutions

SIMPLIFY security, MANAGE compliance

• Unified Security Management

• Enterprise-wide visibility and reporting


In recent tests, Microsoft rated among the leaders in anti-virus protection

Kaspersky 98.30% Symantec 97.70% McAfee 94.90% Microsoft 93.90% VBA32 87.70% Received AVComparatives Advanced Certification

Test of consumer anti-virus products using a malware sample covering approximately the last three years.

Kaspersky Symantec Microsoft Trend Micro AVG Sophos NOD32 Panda Norman McAfee eTrust

97.4% 96.1% 96.1% 95.4% 95.1% 95.0% 93.6% 93.3% 90.8% 86.4% 73.7%

Results of testing of 29 anti-virus engines against more than 870,000 malware files discovered during the last six months

AVK (G Data) Trend Micro Sophos Microsoft Kaspersky F-Secure Norton (Symantec) McAfee eTrust / VET (CA)

99.91% 98.72% 98.10% 97.79% 97.17% 96.78% 95.70% 95.58% 72.07%

Test based on more than 1 million malware samples


Forefront efficiently uses system resources, scans quickly, and detects malware effectively

Product Name/ Capability Memory Footprint1 Server Client Avg Usage, CPU & Memory2 % Server Avg % Client Avg Boot time increase3 Scanning time (quick) Network 1 (Avg)4 Network 2 (Avg)4 Scanning time (full) Network 1 (Avg)4 Network 2 (Avg)4

Symantec Corporate AntiVirus 10.2

Forefront Client Security

Product Name/ Capability

56.5 Mbs 57.9 Mbs

Memory Footprint1 Client – uninfected Client -infected

58.6 Mbs 66.3 Mbs

30.5% 29.4% 62% avg increase

29.9 min 12.0 min

4.5% avg increase

13.6 min 5.3 min

14x faster at boot time 2x faster in quick scans 5x faster in full scans

156.8 min 92.8 min

Sources: West Coast Labs, AVTest.org •

2.0% 11.1%

60%+ less CPU usage

Performance benchmarking study with West Coast Labs.

34.6 min 18.3 min

Avg Usage, CPU & Memory2 % Client – uninfected % Client - infected Scanning time Uninfected client Infected client

Symantec End Point Security

Forefront Client Security

536 Mbs 593 Mbs

522 Mbs 495 Mbs 7% less CPU

82.37% 88.56%

79% 81.6% 2x faster

147.69min 167.09min

81.82 min 95.33 min

Starting Word with no AV – 1.725

2.425 sec

2.233 sec

Starting IE with no AV – 2.275

3.6 sec

2.6 sec

Application Startup time


Certifications and awards for Forefront technology: VB 100% October 2009 VB 100% August 2009 on Windows Vista SP2 VB 100% April 2009 on Windows XP VB 100% December 2008 on Windows Vista x64 VB 100% October 2008 on Windows Server 2008 VB 100% February 2008 on Windows Server 2003 ICSA Labs certification – Forefront was the first product certifed for Exchange 2007 West Coast Labs’ Checkmark certification

Industry thought leadership

“Behavioral Classification” paper delivered at 2006 European Institute for Computer Antivirus Research (EICAR) conference


On-demand detection

WildList Viruses

Worms & bots

Polymorphic viruses

Trojans

McAfee

100%

100%

100%

90.62%

Microsoft

100%

100%

100%

92.75%

Symantec

100%

100%

100%

92.13%


Trusted Technology - Microsoft products earn CC certification The following platform & application products have earned Common Criteria certification (EAL4+) â&#x20AC;&#x201C; highest certification for commercial software: Windows Server 2008 Windows 2008 Hyper-V Windows Certificate Services Rights Management Service Windows Vista Windows 7 FIPS 140-2 Windows XP Embedded SP 2 Exchange Server 2007 SP2 ISA Server 2006 Windows Mobile 6.1


Microsoft Malware Protection Center

http://www.microsoft.com/security/portal


Microsoft IT Security

Forefront at scale deployment First and Best Customer Forefront Endpoint Protection: 93K+ Forefront Protection for Exchange & RMS: 130K+ mailboxes Forefront Identity Manager ISA Sever 2006: Edge Security Covering Microsoft.com, Live Meeting, Hotmail

Enterprise Infrastructure 5 data centers 9,700 production servers 108,000 servers (MSN) 98 countries 550 buildings 260,000+ SMS managed computers 585,000 devices 141,549 end users

High-Scale Processes 2,400,000 internal e-mails with 18,000,000 inbound (97% filter rate) 36,000,000 IMs per month 136,000+ e-mail server accounts 137,000,000+ remote connections per month


Simplify Your Security Purchase While meeting your broad infrastructure needs Business Ready Security Solutions

Multiple Vendors > $750/user*

Microsoft Value $225/user**

 Core CAL Suite  Exchange Enterprise CAL  SharePoint Enterprise CAL  Office Communications Server Standard & Enterprise CAL  Forefront Security Suite  Rights Management Services CAL

*Known industry approximations **Mid-level Microsoft EA Level “C” up-front pricing based on July 2009 published list pricing

1. One simple CAL 2. 50% discount 3. Reduced TCO


Why invest now? Take advantage of 30% promotion by Dec. 31, 2009 Deploy Forefront protection products to improve endpoint, messaging and collaboration security today Automatically get access to next generation technologies available in the Forefront Protection Suite New Cloudmark engine for improved antispam (Q4 CY09) New Microsoft Threat Management Gateway Web Protection Service â&#x20AC;&#x201C; Forefront antivirus in TMG server (Q4 CY09) New centralized management, reporting and investigation console with Forefront Protection Manager


Security Guidance and Resources

Microsoft Security Home Page: www.microsoft.com/security Microsoft Security Portal: www.microsoft.com/security/portal Microsoft Trustworthy Computing: www.microsoft.com/security/twc Microsoft Security Intelligence Report: www.microsoft.com/sir Infrastructure Optimization: www.microsoft.com/io Microsoft Security Assessment Tool: www.microsoft.com/security/msat General Information: Microsoft Live Safety Center: safety.live.com Microsoft Security Response Center: www.microsoft.com/security/msrc Security Development Lifecycle: http://msdn2.microsoft.com/en-us/library/ms998404.aspx Get the Facts on Windows and Linux: www.microsoft.com/windowsserver/compare Anti-Malware: Understanding malware http://download.microsoft.com/download/a/b/e/abefdf1c-96bd40d6-a138-e320b6b25bd3/understandingantimalwaretechnologies.pdf Microsoft Forefront: www.microsoft.com/forefront Microsoft OneCare: www.windowsonecare.com Microsoft Defender: www.microsoft.com/athome/security/spyware/software Spyware Criteria: www.microsoft.com/athome/security/spyware/software/isv Guidance Centers: Security Guidance Centers: www.microsoft.com/security/guidance Security Guidance for IT Professionals: www.microsoft.com/technet/security The Microsoft Security Developer Center: msdn.microsoft.com/security


Š 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


5. Microsoft