2 mssc endpoint protection overview
DESCRIPTION
MSSC Endpoint Protection OverviewTRANSCRIPT
Microsoft System Center 2012 Endpoint Protection Overview
Microsoft System Center 2012 Endpoint Protection OverviewMGT3102/9/2015 8:22 AM 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
1Session Objectives And TakeawaysSession Objectives: The evolution of malwareOverview of System Center 2012 Endpoint ProtectionDemos on EP client installation and management+securityOverview of the Endpoint Protection client
2/9/2015 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.2TechReady 14The Evolution Of MalwareIn 1991, 1000 known threats, in 2001 there were 60,000Today there are millions, and its growing every daySophistication and production rates continue to evolveAnybody can do itfull malware suites available onlineYour stuff is worth money, and they want it!
Nefarious PersonasNational InterestPersonal GainPersonal FameCuriosityScript-KiddyHobbyistHackerExpertSpecialist
Vandal
ThiefSpyTrespasser
Tools created by experts now used by less skilled attackers and criminals
Fastest growing segmentAuthorUnified InfrastructureReduce the cost of maintaining secure endpoints with unified management and security infrastructure Simplified AdministrationSingle administrator experience for simplified endpoint protection and management
Enhanced ProtectionProtect against known and unknown threats with endpoint inspection at behavior, application, and network levels
System Center 2012 Endpoint ProtectionNext generation of Forefront Endpoint Protection 2010
5Mgmt + Security In Configuration Manager 2012SWDOSD6Unified InfrastructureReduce the cost of maintaining secure endpoints with unified management and security infrastructure System Center 2012 Endpoint Protection
Easy to setup and operate the management infrastructureEasy client install and migrationAutomated deployment of updates using ConfigMgr infrastructureSimplified deployment of antimalware policies7Infrastructure Changes from FEP 2010
EP CLIENT on ConfigMgr ServerFEPSERVICEFEPDWFEPDBCMDB
CONFIGURATION MANAGER SITE SERVERMANAGEMENTPOINTCM CLIENTDISTRIBUTIONPOINTEP CLIENTEXCELTEMPLATEREPORTSFEPEXTENSIONS
EP DEPLOYMENTEP OPERATIONSEP POLICYSERVERCLIENTCONFIGURATION MANAGER 2007FOREFRONT ENDPOINT PROTECTION 2010 EP SITEROLECONFIGURATION MANAGER 2012ENDPOINT PROTECTION 2012 Pre-Packaged EP CLIENTFEP DEPLOYMENTFEP OPERATIONSFEP POLICYDefinition Catalogs8Simplified Deployment of AM PoliciesCentralized management for AM and Firewall Policy
AM and FW policy delivered as ConfigMgr policy no package/program dependency
Out of box templates
Import, Export, Merge
Prioritization of policies by collection
Simplified UI for customizing policy
9Signature Update DistributionEasier distribution processAutomatic deployment rules within ConfigMgr software updates
Minimizes WAN impact Uses distribution points and reduced definition size
Ensures always up-to-date security regardless of the client locationMultiple update sources (ConfigMgr, WSUS, Microsoft Update, Windows File Share)
MICROSOFT UPDATEON THE ROADFallback to online update
Corporate NetworkUpdates distributed through ConfigMgr, WSUS or Windows File Share
Delta update size: 50-2048 KBUpdate Frequency: 3 times/day10Signature updateConfigure PolicyEP client installSilent removal of third-party productsEP enabled in the console- EP installation starts on the device EP agent installer deployed with ConfigMgr Client Simplified Client SetupEase of client setup and deploymentNo separate deployment needed for endpoint protection clientEndpoint Protection agent installer deployed with Configuration Manager client setupEndpoint Protection client and definitions easily integrated with OSD
Flexible administrative controlAdministrator can force or suppress any required rebootsConfigurable option for automatic removal of existing AV client
Easy migration from existing solutions and automatic removal of existing clientsSymantecMcAfeeTrendMicroForefront Client Security or Forefront Endpoint ProtectionClient Installation Flow11System Center 2012 Endpoint ProtectionSingle interface for client management and security Improved alerting, client to admin within 5 minutes, and reporting, with real-time and user-centric data viewsSimplified AdministrationSingle administrator experience for simplified endpoint protection and management
12Single Interface For Management And SecuritySingle interface for client management and securityDashboard integrated with ConfigMgr consoleSimplified cross-feature integration
Quick identification and remediation of client security issuesDashboard focused on actionable events
Flexibility to separate security admin roleRole-based administrationAccess to only relevant security information
13Monitoring Client SecurityQuick alerts and event notification in the consoleUses high speed data channel to notify events in real timeHigh speed data channel prioritizes EP messages in state system, and no client wait to send messages upIntegrated monitoring for client health and antimalware statusEmail subscription for alerts
14Rich Reporting And AnalysisRich reporting on client securitySQL Reporting Services-based reports on many categoriesUser-centric reports enable identification of commonly impacted usersCustomizable reports simplified through database integration
15System Center 2012Endpoint Protection SP1Automatically deploy definition update 3 times per dayCategory based scan from client to WSUSDelta syncs between SUP and WSUSReal-time administrative actions:Run Definition UpdatesRun Quick ScanRun Full ScanAllow threatsExclude paths and/or filesRestore files quarantined by threatClient side merge of antimalware policies
Whats new in SP1Real-time Administrative Actions
Administrator
Dial toneActive TCP Session with the MPClient Checking for urgent tasks12In administrative console selects Run Full Scan on a collectionCall is placedClient via this TCP connection is told there are urgent tasks to runClient then connects to the MP to get policyClient runs the Full Scan Task4ClientTask = Run Full ScanA task is createdMP is told that new urgent task has been requested3Site Server and MPAll this happens within secondsWhats new in SP1System Center 2012 Endpoint ProtectionComprehensive protection stack building on Windows Security Proactive protection against known and unknown threatsReduced complexity while protecting clientsEnhanced ProtectionProtect against known and unknown threats with endpoint inspection at behavior, application, and network levels 18Comprehensive Protection Stack Building on Windows Platform securityProactive Techniques (Against Unknown Threats)
APPLICATIONFILE SYSTEMNETWORKReactive Techniques (Against Known Threats)Behavior MonitoringVulnerability Shielding (Network Inspection System)Windows Firewall Centralized ManagementDYNAMIC CLOUD UPDATESMicrosoft Malware Protection CenterDynamic Signature ServiceSystem Center Endpoint ProtectionWindows 7Data Execution PreventionAddress Space Layout RandomizationWindows Resource ProtectionUser Account ControlAntimalwareDynamic Translation and Emulation Internet Explorer 8 SmartScreenMicrosoft BitLockerMicrosoft AppLocker19Dynamic Translation With HeuristicsReal Time Protection Driver InterceptsIndustry-leading proactive detectionEmulation based detection helps provide better protectionSafe translation in a virtual environment for analysis
Enables faster scanning and response to threatsHeuristics enable one signature to detect thousands of variants
Potential Malware Execution attempt on the systemVIRTUALIZED RESOURCES
Safe Translation Using DTMalware DetectedMalicious File Blocked20Behavior Monitoring And Dynamic SignaturesLive system monitoring identifies new threatsTracks behavior of unknown processes and known bad processesMultiple sensors to detect OS anomaly
Updates for new threats delivered through the cloud in real timeReal time signature delivery with Microsoft Active Protection ServiceImmediate protection against new threats without waiting for scheduled updates
RESEARCHERSREPUTATIONREAL-TIME SIGNATURE DELIVERYBEHAVIOR CLASSIFIERS
Microsoft Active Protection ServiceProperties/BehaviorReal-time signature
SamplerequestSamplesubmit123421Protect Clients With Reduced ComplexitySimple interfaceMinimal, high-level user interactions
Administrative ControlUser configurability optionsCentral policy enforcement
Maintains high productivityCPU throttling during scansFaster scans through advanced caching
22
Best Usability 2011 AV TestHeterogeneous Antimalware ClientsMac OS XLinuxWhats new in SP124SummaryKey ScenariosForefront Endpoint Protection 2010System Center 2012 Endpoint Protection Unified infrastructureSystem Center Configuration Manager 2007System Center 2012 Configuration ManagerServer setupSeparate installUnified setupClient deploymentConfigMgr distribution processIntegratedSignature updatesMultiple sources (WSUS, File Share, Microsoft Update)Multiple sources with automatic deployment rules from ConfigMgr consoleProactive protectionFirewall managementRole based administrationNewAlerts and monitoringReal time alertsReportsAdditional user centric reportsUnifyProtectSimplify
25Online ResourcesLaunching a Windows Defender Offline Scan with Configuration Manager 2012 OSDOperating System Deployment and Endpoint Protection Client InstallationSoftware Update Content Cleanup in System Center 2012 Configuration ManagerBuilding Custom Endpoint Protection Reports in System Center 2012 Configuration ManagerManaging Software Updates in Configuration Manager 2012How-to-Videos Product DocumentationSecurity and Compliance Manager Configuration PacksResources
Connect. Share. Discuss.http://northamerica.msteched.com
Learning
Microsoft Certification & Training Resourceswww.microsoft.com/learning
TechNet
Resources for IT Professionalshttp://microsoft.com/technet
Resources for Developershttp://microsoft.com/msdn 27