Download - System Center Endpoint Protection 2012 R2
Management Consulting | IAM and Data Protection | Governance Risk and Compliance
© 2014 Edgile, Inc. – All Rights Reserved
System Center Endpoint Protection 2012 R2
Norman W. Mayes CISSP, MCSE: Private Cloud, ITIL-F
February 2014
Table of Contents
System Center Endpoint Protection 2012 R2
Key Features and Benefits
Competitive Protection
1
2
2
© 2014 Edgile, Inc. – All Rights Reserved 3
Simplified Administration
Single administrator experience for simplified endpoint protection and
management
System Center Endpoint Protection
Key Features and Benefits
Real time Endpoint Protection operations from console
Simplified, 3X delivery of definitions through software updates
Malware-driven operations from the console
Client-side merge of antimalware policies
New and improved Endpoint Protection client
Comprehensive Protection Stack
© 2014 Edgile, Inc. – All Rights Reserved 4
Building on Windows Platform Security
System Center Endpoint Protection
Comprehensive Protection Stack
Management
Antimalware
Platform
System Center Configuration Manager and Endpoint Protection
System Center 2012 Endpoint Protection
Windows
SoftwareUpdates +
SCUP
EndpointProtection
Management
SettingsManagement
OperatingSystem
Deployment
SoftwareDistribution MDM
InternetExplorer AppLocker BitLocker
DataExecutionPrevention
Address SpaceLayout
Randomization
User AccessControl
WindowsResourceProtection
Secure BootThrough UEFI
Early LaunchAntimalware
(ELAM)
MeasuredBoot
Antimalware BehaviorMonitoring
DynamicTranslation
VulnerabilityShielding
WindowsDefender
Offline
Cloud CleanRestore
ELAM andMeasured
Boot
Available only in Windows 8.x
© 2014 Edgile, Inc. – All Rights Reserved 5
Endpoint protection operations to clients in<1 minute
Available Endpointprotection operations:
– Run definition updates– Run quick scan– Run full scan– Allow threats– Exclude paths and/or files– Restore files quarantined by
threat
System Center Endpoint Protection
Real-Time Operations
© 2014 Edgile, Inc. – All Rights Reserved 6
Admin can easily view and take follow up actions on specific malware by type, and remediation status
System Center Endpoint Protection
Malware Driven Operations
© 2014 Edgile, Inc. – All Rights Reserved 7
System Center Endpoint Protection
Client-Side Merge
Endpoint Protection Policies Create granular policies
for specific scenarios and have those merged onthe clients
Removes overheadof redundant policies
Policies still honors relative priority, and merge when possible (exclusions, for example)
© 2014 Edgile, Inc. – All Rights Reserved
Architectural Changes to Support Updates 3X per Day Category-based scans from clients Delta synchs between Software Update Point (SUP) and WSUS
Architectural Changes to Simplify SUP Setup Source top-level SUP from internal WSUS server Simplified, fault tolerant software update point setup (add multiple
SUPs as needed, up to 8 per Primary Site no NLB or active SUP requirements)
– Multiple SUP model is built for fault tolerance– Best performance comes from using a shared SUSDB for your software update
points– Clients are optimized to NOT switch SUPs, and only do so after 4 failures (@ 30
minute intervals)– Full cross-forest support of SUPs including untrusted forests– Clients optimized to fallback to SUPs within their own forest first– Use Group Policy preferences if setting a WSUS server for client deployments
System Center Endpoint Protection
Software Update Integration
8
© 2014 Edgile, Inc. – All Rights Reserved 9
Primary Site
Hierarchy (Forest1) Hierarchy (Forest2)
ClientClient
Client.Forest1 Client.Forest2
4X
System Center Endpoint Protection
Software Update Overview
Software Update Point 1
Software Update Point 2
Software Update Point 3
Software Update Point 4
© 2014 Edgile, Inc. – All Rights Reserved 10
Enhanced Protection
Protect against known and unknown threats
with endpoint inspection at behavior, application,
and network levels
Common antimalware platform across Microsoft AM clients
Proactive protection against known and unknown threats
Reduced complexity while protecting clients
Integration with UEFI Trusted Boot, early-launch antimalware
System Center Endpoint Protection
Enhanced Protection
Competitive protection: Endpoint Protection vs. Trend Micro
Heterogeneous antimalware clients
© 2014 Edgile, Inc. – All Rights Reserved 11
System Center Endpoint Protection
Common Antimalware PlatformPlatform Overview Common platform for all of Microsoft’s antimalware clients Security Essentials alone has +100 million users (#1 in North
America) +660 million executions of Malicious Software Removal Tool per
month All of these clients service Microsoft’s protection services
research and response
Diagnosticand Recovery
Toolkit
MaliciousSoftware
Removal Tool
WindowsDefender
Windows 8
MicrosoftSecurity
Essentials
WindowsDefender
Offline
WindowsIntune
System Center2012 Endpoint
Protection
ForefrontEndpoint
Protection 2010
Windows AzureEndpointProtection
© 2014 Edgile, Inc. – All Rights Reserved 12
Simple Interface Minimal, high-level user
interactions
Administrative Control User configurability options Central policy enforcement UI Lockdown and disable
Maintains High Productivity CPU throttling during scans Faster scans through
advanced caching Minimal network and client
System Center Endpoint Protection
Reduced Complexity
© 2014 Edgile, Inc. – All Rights Reserved 13
Features Anti-virus and anti-malware support Machines connect directly to internet service for security
content Client UI for user visibility and control SCOM monitoring pack for Linux with management control
Platforms Native support for Windows 8.1 and Windows Server 2012
R2 Apple Mac (10.6-10.7) Linux Server: RedHat Enterprise 6, SuSE Linux 11
System Center Endpoint Protection
Heterogeneous Antimalware Clients
Table of Contents
System Center Endpoint Protection 2012 R2
Key Features and Benefits
Competitive Protection
1
2
14
© 2014 Edgile, Inc. – All Rights Reserved 15
Endpoint Protection Microsoft's malware lab benefits from a
vast installation of the consumer version of the SCEP engine and its online system check utilities, which provide a large distribution of malware samples
System Center Configuration Manager supports a dedicated endpoint protection role configuration. SCEP also allows on-demand signature updates from the cloud for suspicious files and previously unknown malware
Organizations licensed under Microsoft's Enterprise CAL or Core CAL program receive SCEP at no additional cost. Approximately one-third of enterprise customers are actively considering Microsoft, during their next renewal periods
Microsoft offers advanced system file cleaning, which replaces infected system files with clean versions from a trusted Microsoft cloud
System Center Endpoint Protection
Competitive Protection
Check PointSoftware Technologies
Microsoft
BeyondTrustThreatTrack
Security
F-Secure
Bitdefender
Eset
LANDesk
LumensionSecurity
ArkoonNetworkSecurity
Panda Security
IBMWebroot
NICHE PLAYERS VISIONARIES
CHALLENGERS LEADERS
Completeness of Vision
Ab
ility
to E
xecu
te
As of January 2014
Sophos
Kaspersky Lab
McAfee
Symantec
TrendMicro
© 2014 Edgile, Inc. – All Rights Reserved 16
Endpoint Protection Challenges Microsoft System Center Configuration Manager is
a prerequisite to SCEP Microsoft's client anti-malware protection
approach:– Industry test scores are not has high as some
competitors – Focused on reducing the impact of prevalent malware in
the Windows installed base with the lowest false-positive rates inthe industry
SCEP does not have some advanced features other endpoint security solutions include
– Microsoft leverages other Windows security features: Windows Firewall, BitLocker, AppLocker and Group Policy Objects
System Center Endpoint Protection
Competitive Protection
© 2014 Edgile, Inc. – All Rights Reserved 17
Trend Micro’s Challenges Historically, Trend Micro has been very conservative with new EPP
capabilities, such as encryption and application control The core endpoint offerings – OfficeScan and Deep Security – are
two separate products from separate teams with separate consoles. Deep Security has not been integrated into TMCM for deployment and policy management, but it has been integrated from a security reporting perspective
Some capabilities (like encryption) that have been integrated into TMCM still require their native consoles to be deployed, but from that point forward, they can be managed within TMCM
Trend Micro's installed base and market share in North America and EMEAare not as strong as in Asia/Pacific
There is no out-of-the-box security state assessment beyond the EPP agent status, and no significant integration with operations tools, such as vulnerability assessments
System Center Endpoint Protection
Competitive Protection
© 2014 Edgile, Inc. – All Rights Reserved 18
Cost Avoidance PotentialSystem Center 2012 R2 server management licensing maximizes value while simplifying purchasing. All server management licenses (SMLs) include the same components and the ability to manage any workload. System Center 2012 R2 SMLs are available in two editions differentiated by virtualization rights only: Datacenter: Maximizes cloud
capacity with unlimited virtualization for high density private clouds
Standard: For lightly or non-virtualized private cloud workloads.
System Center Endpoint Protection
Competitive ProtectionEdition Components Included
Microsoft System Center 2012 R2 Datacenter
Operations Manager
Configuration Manager
Data Protection Manager
Service Manager
Virtual Machine Manager
Endpoint Protection
Orchestrator
App Controller
Microsoft System Center 2012 R2 Standard
© 2014 Edgile, Inc. – All Rights Reserved 19
Cost Avoidance Potential Server Management Licenses are required
for managed devices that run server Operating System Environments (OSEs). Licenses are processor-based, with each license covering up to two physical processors.
The number of Server MLs required for each managed server is determined by the number of physical processor in the server for Datacenter Edition and either number of physical processors in the server or number of OSEs being managed for Standard Edition (whichever is greater).
Example 4 Servers with 4 Cores
Each to Support System Center Roles
4 Servers * 4 Cores / 2 = 6 Server ML Licenses
System Center Endpoint Protection
Competitive Protection
Datacenter Standard
# of physical processors per license
2 2
# of Managed Operating System Environments (OSEs) per license
Unlimited 2
Includes all System Center server management components
Yes Yes
Right to run management server software and supporting SQL Server Runtime (SQL Server Standard Edition)
Yes Yes
Manage any type of supported workload
Yes Yes
Open No Level (NL) License and Software Assurance (L&SA) 2-year price
$3,607 $1,323
Server ML Edition Comparison:
© 2014 Edgile, Inc. – All Rights Reserved 20
Cost Avoidance PotentialClient Management Licenses (MLs) are required for managed devices that run non-server OSEs. There are three System Center 2012 R2 Client ML offerings:
Configuration Manager Client ML
Endpoint Protection Subscription
Client Management Suite Client ML
Core CAL and Enterprise CAL Suites will continue to be the most cost effective way to purchase client management products.
System Center Endpoint Protection
Competitive Protection
Configuration
Manager Client ML
Endpoint Protection Subscription
Client Managemen
t Suite Client
ML
Components Included
Configuration Manager
Virtual Machine Manager
Endpoint Protection
Service Manager
Operations Manager
Data Protection Manager
Orchestrator
Included in Core CAL Suite
Yes Yes No
Included in Enterprise CAL Suite
Yes Yes Yes
Open NL L&SA 2-year price
$62 $22 $121
© 2014 Edgile, Inc. – All Rights Reserved 21
Wrap Up | Questions and Answers
Norman W. [email protected]