Business Ready Security
Ovidiu Pismac MCSE Security, CISSP, MCTS Forefront, Windows 7, Virtualization Microsoft Romania ovidiup@microsoft.com
Business Ready Security Solutions Integrated Security
Secure Messaging
Secure Collaboration
Information Protection
Identity and Access Management
Secure Endpoint
Business Ready Security Roadmap Management Consoles
Active Directory Federation Services Lightweight Directory Services Certificate Services Domain Services Windows Cardspace Network Access Protection
Windows Identity Foundation Windows Cardspace
Subject to change
Forefront Comprehensive Security Office Communications Server
SharePoint
Forefront Client Security / Endpoint Protection
ISA (TMG) Server
Collaboration SMTP Server
Exchange Server
Internet
Users
Edge E-mail
Viruses Worms Spam
Viruses Worms Inapp. Content
Microsoft Operations Manager
Forefront Protection Manager
Forefront Management Pack (MP)
Management
Forefront 2010 - Protection Drilldown Enterprise Security Assessment Information Sharing
Coordinated Defense
Adaptive Investigation
Antivirus Antispyware
Exchange 2007 & E 14 Protection
Firewall
Host Firewall
New Antimalware Capabilities
Web (URL) Filtering
Host audit & log analysis
Advanced Antispam
HTTP/FTP/SMTP AV Network Intrusion Prevention
Device Control
HTTPS inspection
NAP Integration Software Restriction
Sharepoint 2007 and SPS 14 Protection
Vulnerability Assessment & Remediation
Content Filtering
Application layer security VPN server - Remote Access NAP Integration
Secure Endpoint Protect client and server operating systems from emerging threats and information loss, while enabling more secure access from virtually anywhere
PROTECT everywhere ACCESS anywhere
• Advance Malware Protection
• Secure Always On Access
INTEGRATE and EXTEND security
• Integrate with OS Security
• Leverage Existing Infrastructure
SIMPLIFY security, MANAGE compliance
• Unified Management Console
• Enterprise-Wide Visibility
Windows
Use of Filter Manager – included in Windows OS form Windows 2000 Professional with SP4 - Stable performance; scan viruses & spyware in real-time Advanced system cleaning: Customized remediation (recreating registry entries, restoring settings)
WSUS
Automated deployment of security agents and signatures using existing WSUS infrastructure Being an administrative controlled policy, machines that have removed client agents accidentally or intentionally can automatically receive the agent through WSUS sync
Active Directory
Single policy configures anti-virus, anti-spyware and state assessment FCS console is integrated with Active Directory for easy policy deployment Policy can also be deployed via Group Policy Mgmt console or using 3rd party software distribution systems
Operations Manager (Embedded)
Real-time alerts and reporting
State Assessment
Identify vulnerabilities and improperly configured machines; measure risk profile based on security best practices
Event Flood Protection shields reporting infrastructure during outbreak from infected clients
Windows Firewall check: Visibility into ports that have been opened and applications allowed to access network. Use Group Policy to take corrective action
“Is my environment compliant with security best practices?”
“Has my level of vulnerability exposure changed over time?”
“What portion of my environment is at high risk?”
Secure Messaging Enable more secure business communication from virtually anywhere and on virtually any device, while preventing unauthorized use of confidential information
PROTECT everywhere ACCESS anywhere
• Best-in-class antimalware on premise / in the cloud
• Protect sensitive information in email
• Secure, seamless access
INTEGRATE and EXTEND security
• Built-in Information Protection
• Extend secure E-mail with partners
SIMPLIFY security, MANAGE compliance
• Enterprise-wide visibility and reporting
• Unified management
Secure Collaboration Enable more secure business collaboration from virtually anywhere and across devices, while preventing unauthorized use of confidential information
PROTECT everywhere ACCESS anywhere
• Secure, seamless access
• Protect sensitive information in email
• Best-in-class antimalware
INTEGRATE and EXTEND security
• Deep OCS, Exchange, SharePoint and Office integration
• Standards-based, interoperability
SIMPLIFY security, MANAGE compliance
• Enterprise-wide visibility
• Easier partner management
Advanced Protection – the strength of single vendor / multiple engines Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from
Each scan job in a Forefront Server Security product can run up to five engines simultaneously
Internal Messaging and Collaboration Servers
A
B
C
D
E
Application Servers advanced protection Microsoft antivirus approach Internet No single point of failure Integrated management Cost reduction Single point of support
Viruses Worms Spam ISA Server
A
SMTP Server
B
C
E
D
Exchange
Exchange A
B
C
SharePoint
One vendor Multi-engine
Comprehensive Protection for Exchange and Sharepoint and OCS Environments
Single Engine
Multiple Engines 38 times faster response An AV-Test of consumer antivirus products revealed: OnAutomatic average, Forefront sets Engineengine Updates provided a response in 3.1 hours or less. Single-engine vendors provided responses in 5 days, 4 days, and 6 days Eliminates single point of failure respectively.
“Forefront Server Security can support up to five scanning engines at the same time. Thus, it offers a more secure environment, compared with products that support using only a single engine.” – Akihiro Shiotani, Deputy Director of the Infrastructure Group, Astellas Pharma Information Systems Department
Content Filtering Engine Proactively blocks a specific range of potentially dangerous file types whether or not a signature exists.
Filters specific files by size, name, type, or combinations of these
For e-mail attachments, can also filter based on direction <in>*.exe, <out>*.doc, *.avi
Blockig based on file size *.mp3 >5MB
Wildcards supported, e.g., “*resume*.doc”
Inspects the real file type, not just extension
Can also spot and delete files within ZIP
Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM and BAT (match files blocked by Outlook)
Actions
Skip detect Logs the event but does not block
Delete Removes the document and replaces with the customized deletion text
Block Deletes the e-mail or blocks the upload to the document library
Forefront Security for SharePoint Virus Protection for Document Libraries Real-time scanning of documents uploaded and downloaded from document library Manual and scheduled scanning of document library Content Policy Enforcement File filtering to block documents from being posted based on name match, file type or file extension Content filtering by keywords within documents for inappropriate words and phrases
SQL Document Library Document SharePoint Server
Document Users
Forefront for Instant Messaging â&#x20AC;&#x201C; Office Communications Server Find and remove viruses from the IM conversations and file transfer Infected file blocking Continuous scanning IM traffic for removing malicious software Content filtering and support for Office Communications encrypted traffic
Firewall
Server
Microsoft Office Communicator
Microsoft Live Messenger
Information Protection Discover, protect, and manage confidential data throughout your business with a comprehensive solution integrated with the computing platform and applications
PROTECT everywhere ACCESS anywhere
INTEGRATE and EXTEND security
• Protect Critical Data
• Extend confidential
Wherever It Goes
communication to partners
• Protect Data Wherever it Resides
• Secure endpoints to reduce risk
• Built into the Windows platform and applications
SIMPLIFY security, MANAGE compliance
• Simplify deployment and ongoing management
• Enable compliance with information policy
Protect Sensitive Information in E-mail
Protect everywhere access anywhere
• Automatically protect sensitive e-mail with Active Directory RMS
Outlook Web Access
• Filter message body and subject based on content criteria
• Policy based restricted usage of email attachments
“I believe that Active Directory RMS will be a watershed technology like e-mail or the Web browser. It will be a fundamental technology that everyone uses, and it will not be thought of as a separate application. It will be like Active Directory—it is just there and everyone uses it.” —Jason Foster, Senior Manager of Technology at Continental Airlines
Identity and Access Management Enable more secure, identity-based access to applications on-premises and in the cloud from virtually any location or device
PROTECT everywhere ACCESS anywhere
• Provide more secure, always-on access
• Enable access from virtually any device
INTEGRATE and EXTEND security
• Control access across organizations
• Provide standardsbased interoperability
SIMPLIFY security, MANAGE compliance
• Extend powerful selfservice capabilities to users
• Automate and simplify management tasks
Protect Everywhere, Access Anywhere
Network Host Application Information
IDENTITY CENTRIC
Scale across physical, virtual and cloud environments
Integrated Security Protect information and infrastructure across your business through a comprehensive solution that is easier to manage and control
PROTECT everywhere ACCESS anywhere
• Comprehensive, Defense-in-depth protection
• Data Leakage Prevention
INTEGRATE and EXTEND security
• Maximize infrastructure efficiency
• Interoperate with partner solutions
SIMPLIFY security, MANAGE compliance
• Unified Security Management
• Enterprise-wide visibility and reporting
In recent tests, Microsoft rated among the leaders in anti-virus protection
Kaspersky 98.30% Symantec 97.70% McAfee 94.90% Microsoft 93.90% VBA32 87.70% Received AVComparatives Advanced Certification
Test of consumer anti-virus products using a malware sample covering approximately the last three years.
Kaspersky Symantec Microsoft Trend Micro AVG Sophos NOD32 Panda Norman McAfee eTrust
97.4% 96.1% 96.1% 95.4% 95.1% 95.0% 93.6% 93.3% 90.8% 86.4% 73.7%
Results of testing of 29 anti-virus engines against more than 870,000 malware files discovered during the last six months
AVK (G Data) Trend Micro Sophos Microsoft Kaspersky F-Secure Norton (Symantec) McAfee eTrust / VET (CA)
99.91% 98.72% 98.10% 97.79% 97.17% 96.78% 95.70% 95.58% 72.07%
Test based on more than 1 million malware samples
Forefront efficiently uses system resources, scans quickly, and detects malware effectively
Product Name/ Capability Memory Footprint1 Server Client Avg Usage, CPU & Memory2 % Server Avg % Client Avg Boot time increase3 Scanning time (quick) Network 1 (Avg)4 Network 2 (Avg)4 Scanning time (full) Network 1 (Avg)4 Network 2 (Avg)4
Symantec Corporate AntiVirus 10.2
Forefront Client Security
Product Name/ Capability
56.5 Mbs 57.9 Mbs
Memory Footprint1 Client – uninfected Client -infected
58.6 Mbs 66.3 Mbs
30.5% 29.4% 62% avg increase
29.9 min 12.0 min
4.5% avg increase
13.6 min 5.3 min
14x faster at boot time 2x faster in quick scans 5x faster in full scans
156.8 min 92.8 min
Sources: West Coast Labs, AVTest.org •
2.0% 11.1%
60%+ less CPU usage
Performance benchmarking study with West Coast Labs.
34.6 min 18.3 min
Avg Usage, CPU & Memory2 % Client – uninfected % Client - infected Scanning time Uninfected client Infected client
Symantec End Point Security
Forefront Client Security
536 Mbs 593 Mbs
522 Mbs 495 Mbs 7% less CPU
82.37% 88.56%
79% 81.6% 2x faster
147.69min 167.09min
81.82 min 95.33 min
Starting Word with no AV – 1.725
2.425 sec
2.233 sec
Starting IE with no AV – 2.275
3.6 sec
2.6 sec
Application Startup time
Certifications and awards for Forefront technology: VB 100% October 2009 VB 100% August 2009 on Windows Vista SP2 VB 100% April 2009 on Windows XP VB 100% December 2008 on Windows Vista x64 VB 100% October 2008 on Windows Server 2008 VB 100% February 2008 on Windows Server 2003 ICSA Labs certification – Forefront was the first product certifed for Exchange 2007 West Coast Labs’ Checkmark certification
Industry thought leadership
“Behavioral Classification” paper delivered at 2006 European Institute for Computer Antivirus Research (EICAR) conference
On-demand detection
WildList Viruses
Worms & bots
Polymorphic viruses
Trojans
McAfee
100%
100%
100%
90.62%
Microsoft
100%
100%
100%
92.75%
Symantec
100%
100%
100%
92.13%
Trusted Technology - Microsoft products earn CC certification The following platform & application products have earned Common Criteria certification (EAL4+) â&#x20AC;&#x201C; highest certification for commercial software: Windows Server 2008 Windows 2008 Hyper-V Windows Certificate Services Rights Management Service Windows Vista Windows 7 FIPS 140-2 Windows XP Embedded SP 2 Exchange Server 2007 SP2 ISA Server 2006 Windows Mobile 6.1
Microsoft Malware Protection Center
http://www.microsoft.com/security/portal
Microsoft IT Security
Forefront at scale deployment First and Best Customer Forefront Endpoint Protection: 93K+ Forefront Protection for Exchange & RMS: 130K+ mailboxes Forefront Identity Manager ISA Sever 2006: Edge Security Covering Microsoft.com, Live Meeting, Hotmail
Enterprise Infrastructure 5 data centers 9,700 production servers 108,000 servers (MSN) 98 countries 550 buildings 260,000+ SMS managed computers 585,000 devices 141,549 end users
High-Scale Processes 2,400,000 internal e-mails with 18,000,000 inbound (97% filter rate) 36,000,000 IMs per month 136,000+ e-mail server accounts 137,000,000+ remote connections per month
Simplify Your Security Purchase While meeting your broad infrastructure needs Business Ready Security Solutions
Multiple Vendors > $750/user*
Microsoft Value $225/user**
Core CAL Suite Exchange Enterprise CAL SharePoint Enterprise CAL Office Communications Server Standard & Enterprise CAL Forefront Security Suite Rights Management Services CAL
*Known industry approximations **Mid-level Microsoft EA Level “C” up-front pricing based on July 2009 published list pricing
1. One simple CAL 2. 50% discount 3. Reduced TCO
Why invest now? Take advantage of 30% promotion by Dec. 31, 2009 Deploy Forefront protection products to improve endpoint, messaging and collaboration security today Automatically get access to next generation technologies available in the Forefront Protection Suite New Cloudmark engine for improved antispam (Q4 CY09) New Microsoft Threat Management Gateway Web Protection Service â&#x20AC;&#x201C; Forefront antivirus in TMG server (Q4 CY09) New centralized management, reporting and investigation console with Forefront Protection Manager
Security Guidance and Resources
Microsoft Security Home Page: www.microsoft.com/security Microsoft Security Portal: www.microsoft.com/security/portal Microsoft Trustworthy Computing: www.microsoft.com/security/twc Microsoft Security Intelligence Report: www.microsoft.com/sir Infrastructure Optimization: www.microsoft.com/io Microsoft Security Assessment Tool: www.microsoft.com/security/msat General Information: Microsoft Live Safety Center: safety.live.com Microsoft Security Response Center: www.microsoft.com/security/msrc Security Development Lifecycle: http://msdn2.microsoft.com/en-us/library/ms998404.aspx Get the Facts on Windows and Linux: www.microsoft.com/windowsserver/compare Anti-Malware: Understanding malware http://download.microsoft.com/download/a/b/e/abefdf1c-96bd40d6-a138-e320b6b25bd3/understandingantimalwaretechnologies.pdf Microsoft Forefront: www.microsoft.com/forefront Microsoft OneCare: www.windowsonecare.com Microsoft Defender: www.microsoft.com/athome/security/spyware/software Spyware Criteria: www.microsoft.com/athome/security/spyware/software/isv Guidance Centers: Security Guidance Centers: www.microsoft.com/security/guidance Security Guidance for IT Professionals: www.microsoft.com/technet/security The Microsoft Security Developer Center: msdn.microsoft.com/security
Š 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.