5. microsoft
DESCRIPTION
Business Ready Security Ovidiu Pismac MCSE Security, CISSP, MCTS Forefront, Windows 7, Virtualization Microsoft Romania [email protected] Secure Messaging Secure Endpoint Secure Collaboration Identity and Access Management Information Protection Integrated Security Active Directory Federation Services Lightweight Directory Services Certificate Services Domain Services Windows Identity Foundation Windows Cardspace Windows Cardspace Network Access Protection Management ConsolesTRANSCRIPT
Ovidiu PismacMCSE Security, CISSP, MCTS Forefront, Windows 7, Virtualization Microsoft [email protected]
Business Ready Security
Business Ready Security Solutions
Integrated Security
Information Protection
Identity and Access Management
Secure Messaging Secure EndpointSecure Collaboration
Business Ready Security Roadmap
Subject to change
Active DirectoryFederation Services
Lightweight Directory ServicesCertificate ServicesDomain Services
Windows Cardspace
Network Access Protection
Management Consoles
Windows Identity FoundationWindows Cardspace
VirusesWormsSpam
Office Communications Server
Users
Internet
SMTP Server
ISA (TMG)Server
SharePoint
Exchange Server
EdgeE-mail
Collaboration
Forefront Comprehensive Security
VirusesWormsInapp. Content
Management
Microsoft Operations Manager
Forefront Management Pack (MP)
Forefront Client Security / Endpoint Protection
Forefront Protection Manager
Forefront 2010 - Protection Drilldown
AntivirusAntispyware
Host Firewall
Host audit & log analysis
Device Control
NAP Integration
Software Restriction
Vulnerability Assessment & Remediation
Exchange 2007 &E 14 Protection
New AntimalwareCapabilities
Advanced Antispam
Sharepoint 2007 and SPS 14 Protection
Content Filtering
Firewall
Web (URL) Filtering
HTTP/FTP/SMTP AV
Network Intrusion Prevention
VPN server - Remote Access
NAP Integration
Enterprise Security Assessment
Coordinated Defense Adaptive InvestigationInformation Sharing
Application layer security
HTTPS inspection
PROTECT everywhereACCESS anywhere
SIMPLIFY security,MANAGE compliance
Protect client and server operating systems from emerging threats and information loss, while enabling more secure access from virtually anywhere
INTEGRATE andEXTEND security
Secure Endpoint
• Advance Malware Protection
• Secure Always On Access
• Unified Management Console
• Enterprise-Wide Visibility
• Integrate with OS Security
• Leverage Existing Infrastructure
Windows Use of Filter Manager – included in Windows OS form Windows 2000 Professional with SP4 - Stable performance; scan viruses & spyware in real-time
Advanced system cleaning: Customized remediation (recreating registry entries, restoring settings)
WSUS Automated deployment of security agents and signatures using existing WSUS infrastructure
Being an administrative controlled policy, machines that have removed client agents accidentally or intentionally can automatically receive the agent through WSUS sync
Active Directory
Single policy configures anti-virus, anti-spyware and state assessment
FCS console is integrated with Active Directory for easy policy deployment
Policy can also be deployed via Group Policy Mgmt console or using 3rd party software distribution systems
OperationsManager (Embedded)
Real-time alerts and reportingEvent Flood Protection shields reporting infrastructure during outbreak from infected clients
State Assessment
Identify vulnerabilities and improperly configured machines; measure risk profile based on security best practicesWindows Firewall check: Visibility into ports that have been opened and applications allowed to access network. Use Group Policy to take corrective action
“Is my environment compliant with security
best practices?”
“Has my level of vulnerability exposure changed over time?”
“What portion of my environment is at high
risk?”
PROTECT everywhereACCESS anywhere
SIMPLIFY security,MANAGE compliance
Enable more secure business communication from virtually anywhere and on virtually any device, while preventing unauthorized use of confidential information
INTEGRATE andEXTEND security
Secure Messaging
• Best-in-class anti-malware on premise / in the cloud
• Protect sensitive information in email
• Secure, seamless access
• Built-in Information Protection
• Extend secure E-mail with partners
• Enterprise-wide visibility and reporting
• Unified management
PROTECT everywhereACCESS anywhere
SIMPLIFY security,MANAGE compliance
Enable more secure business collaboration from virtually anywhere and across devices, while preventing unauthorized use of confidential information
INTEGRATE andEXTEND security
Secure Collaboration
• Secure, seamless access
• Protect sensitive information in email
• Best-in-class anti-malware
• Enterprise-wide visibility
• Easier partner management
• Deep OCS, Exchange, SharePoint and Office integration
• Standards-based, interoperability
Advanced Protection – the strength of single vendor / multiple engines
Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from
Each scan job in a Forefront Server Security product can run up to five engines simultaneously
Internal Messaging and Collaboration Servers
A B C ED
No single point of failureIntegrated managementCost reductionSingle point of support
SharePoint
ISA Server
SMTP Server
Internet
Viruses
Application Servers advanced protection Microsoft antivirus approach
Exchange Exchange
One vendorMulti-engine
WormsSpam
A B
C
A
ED
B C
Automatic Engine Updates
Single Engine Multiple Engines
38 times faster response
Eliminates single point of failure
An AV-Test of consumer antivirus products revealed:On average, Forefront engine sets provided a response in 3.1 hours or less.Single-engine vendors provided responses in 5 days, 4 days, and 6 days respectively.
Comprehensive Protection for Exchange and Sharepoint and OCS Environments
“Forefront Server Security can support up to five scanning engines at the same time. Thus, it offers a more secure environment, compared with products that support using only a single engine.”– Akihiro Shiotani, Deputy Director of the Infrastructure Group, Astellas Pharma Information Systems Department
Content Filtering EngineProactively blocks a specific range of potentially dangerous file types whether or not a signature exists.
Filters specific files by size, name, type, or combinations
of these For e-mail attachments, can also filter
based on direction <in>*.exe, <out>*.doc, *.avi
Blockig based on file size *.mp3 >5MB Wildcards supported, e.g.,
“*resume*.doc” Inspects the real file type, not just
extension Can also spot and delete files within ZIP Suggested files to block:
EXE, COM, PIF, SCR, VBS, SHS, CHM and BAT (match files blocked by Outlook)
Actions
Skip detectLogs the event but does not block
DeleteRemoves the document and replaces with the customized deletion text
BlockDeletes the e-mail or blocks the upload to the document library
Virus Protection for Document LibrariesReal-time scanning of documents uploaded and downloaded from document libraryManual and scheduled scanning of document library
Content Policy EnforcementFile filtering to block documents from being posted based on name match, file type or file extensionContent filtering by keywords within documents for inappropriate words and phrases
SQL Document Library
SharePoint Server
Document
Users
Document
Forefront Security for SharePoint
Forefront for Instant Messaging – Office Communications Server
Find and remove viruses from the IM conversations and file transferInfected file blockingContinuous scanning IM traffic for removing malicious softwareContent filtering and support for encrypted traffic
Microsoft Office Communicator
Office Communications Server
Firewall
Microsoft Live Messenger
• Protect Critical Data Wherever It Goes
• Protect Data Wherever it Resides
• Secure endpoints to reduce risk
PROTECT everywhereACCESS anywhere
SIMPLIFY security,MANAGE compliance
• Extend confidential communication to partners
• Built into the Windows platform and applications
Information ProtectionDiscover, protect, and manage confidential data throughout your business with a comprehensive solution integrated with the computing platform and applications
INTEGRATE andEXTEND security
• Simplify deployment and ongoing management
• Enable compliance with information policy
Protect Sensitive Information in E-mail
“I believe that Active Directory RMS will be a watershed technology like e-mail or the Web browser. It will be a fundamental technology that everyone uses, and it will not be thought of as a separateapplication. It will be like Active Directory—it is just there and everyone uses it.”—Jason Foster, Senior Manager of Technology at Continental Airlines
• Automatically protect sensitive e-mail with Active Directory RMS
• Filter message body and subject based on content criteria
• Policy based restricted usage of email attachments
Protecteverywhere
access anywhere
Outlook Web Access
PROTECT everywhereACCESS anywhere
SIMPLIFY security,MANAGE compliance
Enable more secure, identity-based access to applications on-premises and in the cloud from virtually any location or device
INTEGRATE andEXTEND security
Identity and Access Management
• Provide more secure, always-on access
• Enable access from virtually any device
• Extend powerful self-service capabilities to users
• Automate and simplify management tasks
• Control access across organizations
• Provide standards-based interoperability
Scale across physical, virtual and cloud environments
Protect Everywhere, Access Anywhere
Information
Application
Network
Host
IDENTITY CENTRIC
PROTECT everywhereACCESS anywhere
SIMPLIFY security,MANAGE compliance
Protect information and infrastructure across your business through a comprehensive solution that is easier to manage and control
INTEGRATE andEXTEND security
Integrated Security
• Comprehensive, Defense-in-depth protection
• Data Leakage Prevention
• Unified Security Management
• Enterprise-wide visibility and reporting
• Maximize infrastructure efficiency
• Interoperate with partner solutions
Results of testing of 29 anti-virus engines against more than 870,000 malware files
discovered during the last six months
Test of consumer anti-virus products using a malware sample covering approximately the last three years.
Received AVComparatives Advanced Certification
In recent tests, Microsoft rated among the leaders in anti-virus protection
Kaspersky 97.4%Symantec 96.1%Microsoft 96.1%Trend Micro 95.4%AVG 95.1%Sophos 95.0%NOD32 93.6%Panda 93.3%Norman 90.8%McAfee 86.4%eTrust 73.7%
Test based on more than 1 million malware samples
Kaspersky 98.30%
Symantec 97.70%
McAfee 94.90%
Microsoft 93.90%
VBA32 87.70%
AVK (G Data) 99.91%
Trend Micro 98.72%
Sophos 98.10%
Microsoft 97.79%
Kaspersky 97.17%
F-Secure 96.78%
Norton (Symantec) 95.70%
McAfee 95.58%
eTrust / VET (CA) 72.07%
Forefront efficiently uses system resources, scans quickly, and detects malware effectively
Product Name/ Capability
Symantec Corporate AntiVirus
10.2
Forefront Client Security
Memory Footprint1
ServerClient
58.6 Mbs66.3 Mbs
56.5 Mbs57.9 Mbs
Avg Usage, CPU & Memory2
% Server Avg% Client Avg
30.5%29.4%
2.0%11.1%
Boot time increase3
62% avgincrease
4.5% avgincrease
Scanning time (quick)
Network 1 (Avg)4
Network 2 (Avg)429.9 min12.0 min
13.6 min5.3 min
Scanning time (full)
Network 1 (Avg)4
Network 2 (Avg)4156.8 min92.8 min
34.6 min18.3 min
60%+ less CPU
usage
14x faster
at boot time
2x faster in
quick scans
5x faster in full scans
Sources: West Coast Labs, AVTest.org• Performance benchmarking study with West Coast Labs.
Product Name/ Capability
Symantec End Point Security
Forefront Client Security
Memory Footprint1
Client – uninfected Client -infected
536 Mbs593 Mbs
522 Mbs495 Mbs
Avg Usage, CPU & Memory2
% Client – uninfected % Client - infected
82.37%88.56%
79%81.6%
Scanning timeUninfected client
Infected client147.69min167.09min
81.82 min95.33 min
Application Startuptime
Starting Wordwith no AV – 1.725 2.425 sec 2.233 sec
Starting IEwith no AV – 2.275 3.6 sec 2.6 sec
7% less CPU
2x faster
Certifications and awards for Forefront technology:VB 100% October 2009VB 100% August 2009 on Windows Vista SP2VB 100% April 2009 on Windows XPVB 100% December 2008 on Windows Vista x64VB 100% October 2008 on Windows Server 2008VB 100% February 2008 on Windows Server 2003ICSA Labs certification – Forefront was the first product certifed for Exchange 2007West Coast Labs’ Checkmark certification
Industry thought leadership“Behavioral Classification” paper delivered at 2006 European Institute for Computer Antivirus Research (EICAR) conference
On-demand detection
WildList Viruses Worms & bots
Polymorphic viruses
Trojans
McAfee 100% 100% 100% 90.62%
Microsoft 100% 100% 100% 92.75%
Symantec 100% 100% 100% 92.13%
Trusted Technology - Microsoft products earn CC certification
The following platform & application products have earned Common
Criteria certification (EAL4+) – highest certification for commercial software:
Windows Server 2008Windows 2008 Hyper-VWindows Certificate ServicesRights Management ServiceWindows VistaWindows 7 FIPS 140-2Windows XP Embedded SP 2Exchange Server 2007 SP2ISA Server 2006Windows Mobile 6.1
Microsoft Malware Protection Centerhttp://www.microsoft.com/security/portal
Microsoft IT SecurityForefront at scale deployment
First and Best Customer
Forefront Endpoint Protection: 93K+ Forefront Protection for Exchange & RMS: 130K+ mailboxesForefront Identity ManagerISA Sever 2006: Edge SecurityCovering Microsoft.com, Live Meeting, Hotmail
Enterprise Infrastructure
5 data centers9,700 production servers108,000 servers (MSN)98 countries550 buildings260,000+ SMS managed computers585,000 devices141,549 end users
High-Scale Processes
2,400,000 internal e-mails with 18,000,000 inbound (97% filter rate)36,000,000 IMs per month136,000+ e-mail server accounts137,000,000+ remote connections per month
Multiple Vendors > $750/user*
*Known industry approximations**Mid-level Microsoft EA Level “C” up-front pricing based on July 2009 published list pricing
While meeting your broad infrastructure needs
Core CAL Suite Exchange Enterprise CAL SharePoint Enterprise
CAL Office Communications
Server Standard & Enterprise CAL
Forefront Security Suite Rights Management
Services CAL
Microsoft Value $225/user**
1. One simple CAL
2. 50% discount
3. Reduced TCO
Simplify Your Security Purchase
Business Ready Security Solutions
Why invest now?
Take advantage of 30% promotion by Dec. 31, 2009
Deploy Forefront protection products to improve endpoint, messaging and collaboration security today
Automatically get access to next generation technologies available in the Forefront Protection Suite
New Cloudmark engine for improved antispam (Q4 CY09)New Microsoft Threat Management Gateway Web Protection Service – Forefront antivirus in TMG server (Q4 CY09)New centralized management, reporting and investigation console with Forefront Protection Manager
Security Guidance and ResourcesMicrosoft Security Home Page: www.microsoft.com/securityMicrosoft Security Portal: www.microsoft.com/security/portalMicrosoft Trustworthy Computing: www.microsoft.com/security/twcMicrosoft Security Intelligence Report: www.microsoft.com/sirInfrastructure Optimization: www.microsoft.com/ioMicrosoft Security Assessment Tool: www.microsoft.com/security/msat
General Information:Microsoft Live Safety Center: safety.live.comMicrosoft Security Response Center: www.microsoft.com/security/msrcSecurity Development Lifecycle: http://msdn2.microsoft.com/en-us/library/ms998404.aspxGet the Facts on Windows and Linux: www.microsoft.com/windowsserver/compare
Anti-Malware:Understanding malware http://download.microsoft.com/download/a/b/e/abefdf1c-96bd-
40d6-a138-e320b6b25bd3/understandingantimalwaretechnologies.pdfMicrosoft Forefront: www.microsoft.com/forefrontMicrosoft OneCare: www.windowsonecare.comMicrosoft Defender: www.microsoft.com/athome/security/spyware/softwareSpyware Criteria: www.microsoft.com/athome/security/spyware/software/isv
Guidance Centers:Security Guidance Centers: www.microsoft.com/security/guidanceSecurity Guidance for IT Professionals: www.microsoft.com/technet/securityThe Microsoft Security Developer Center: msdn.microsoft.com/security
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.