Your SlideShare is downloading. ×
0
Forefront for Office<br />On-Premises Protection Technologies<br />Curtis Parker<br />Product Manager<br />Microsoft Corpo...
Agenda<br />Introduction to Microsoft® Forefront®Protection for Microsoft® Office<br />On-premises secure messaging: Micro...
Introduction to Forefront Protectionfor Office<br />
Forefront for Office Products<br />Aligning protection with the workloads<br />
Forefront for Office Products Overview<br />Forefront server protection solutions help businesses protect their messaging ...
Forefront Protection 2010 for SharePoint®
Forefront Security for Office Communications Server
Forefront Protection Server Management Console 2010
Forefront Online Protection for Exchange
Exchange hosted encryption
Multiple scan engines at multiple layers throughout the corporate infrastructure provide maximum protection against email ...
Multiple-layer premium antispam</li></ul>Comprehensive protection<br /><ul><li>Tight integration with Exchange and SharePo...
Gartner Magic Quadrant for Secure Email Gateways<br />-- Gartner, Inc. Magic Quadrant for Secure E-Mail Gateways, Peter Fi...
Forefront Protection 2010 for Exchange Server:Industry-Leading Performance<br />West Coast Labs:<br />Spam catch rate abov...
July 2010<br />
<ul><li>Rapid response to new threats
Fail-safe protection through redundancy
Diversity of antivirus engines and heuristics</li></ul>** 0.00 denotes proactive detection<br />1 Source: AV-Test.org  (ww...
Protect Messages from Malware<br />Microsoft solution<br />“Defense in depth”<br />Competitors’ solutions<br />Multiple en...
Single-engine vendors provided responses in 5 days, 4 days,and 6 days, respectively </li></ul>Automatic engine updates<br ...
Scanning and Architecture Strategy<br />For maximum protection, deploy Forefront Protection for Exchange Server on all Exc...
Forefront Protection 2010 for Exchange Server<br />Enterprise network<br />Edge transport<br />Protection availability:<br...
Scanning Capabilities<br />Transport scan<br />Scans email messages that are inbound or outbound from an Exchange transpor...
Forefront Protection for Exchange Server AntispamFunctional Highlights <br />
Keyword Filtering<br />Searches the message body for matches to keywords in selected lists<br />Can be imported from an ex...
File Filtering<br />Filter by name, type, or size<br />*.exe,  *.doc, *>10mb<br />Filters can be combinations of size, nam...
Container Behavior (ZIP, RAR, etc.)<br />Forefront scans within ZIP and other compressed formats and deletes only the offe...
DEMO<br />Forefront Protection 2010 for Exchange Server<br />
Hybrid Messaging Protection<br />On-premises software<br />Online<br />Exchange Server<br />Internet<br />SMTP      <br />...
Hybrid Messaging Protection <br />Antispam replication<br />Up to 19 settings <br />Quarantine<br />Cloud or on premises<b...
Comparing Forefront Protection for Exchange Server and Forefront Online Protection for Exchange<br />
Comparing Forefront Protection for Exchange Server and Forefront Online Protection for Exchange<br />
Comparing Forefront Protection for Exchange Server and Forefront Online Protection for Exchange<br />
Secure Collaboration<br />Protecting your collaboration portals<br />
The Need for SharePoint Protection<br />With more users:<br /><ul><li>Security control decreases
Potential impact increases</li></ul>Risks<br />Customers<br />Affiliates<br />Partners<br />Suppliers<br />Contractors<br ...
Types of threats increase</li></ul>Intranets<br />team sites<br />Partner<br />portal<br />Repository<br />Extranet<br />
The Need for SharePoint Protection<br />Microsoft® SQL Server® back end<br />Indexing server<br />Management<br />External...
Forefront Protection for SharePoint Feature Summary<br />Protection for Microsoft Office SharePoint Server 2010,  SharePoi...
Integration with SharePoint<br />Upload scenario<br />Download scenario<br />6<br />1<br />1<br />Request<br />2<br />Shar...
Scanning Types<br />Real-time scan<br />Scan triggered through the SharePoint VSAPI<br />Scheduled scan<br />Schedule can ...
Forefront Protection for SharePoint Console<br />
Forefront Protection for SharePoint Console<br />
DEMO<br />Forefront Protection 2010 for SharePoint<br />
Management Experience<br />Improved security management<br />
Management Options for Forefront Protection Servers<br />
Simplified management<br />Visibility and control<br />Enterprise ready<br /><ul><li>Manage multiple-server Forefront Prot...
Server discovery and grouping
Product update and Forefront Protection Server Management Console agent deployment
Deploy policies to  custom-defined groups of servers
Manage cross-domain and nondomain servers from one console
Firewall-friendly communication channel
Signature redistribution for 32-bit and 64-bit engines
Online integration with Forefront Online Protection for Exchange
Visibility into incidents across Forefront Protection for Exchange Server and Forefront Protection for SharePoint
Upcoming SlideShare
Loading in...5
×

On Premises Protection Technologies

1,115

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,115
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "On Premises Protection Technologies"

  1. 1. Forefront for Office<br />On-Premises Protection Technologies<br />Curtis Parker<br />Product Manager<br />Microsoft Corporation<br />al<br />1<br />
  2. 2. Agenda<br />Introduction to Microsoft® Forefront®Protection for Microsoft® Office<br />On-premises secure messaging: Microsoft Forefront Protection for Exchange Server 2010<br />Protecting your email<br />Secure collaboration<br />Protecting your collaboration portals<br />Management experience<br />Improved security management (multiple-server support)<br />
  3. 3. Introduction to Forefront Protectionfor Office<br />
  4. 4. Forefront for Office Products<br />Aligning protection with the workloads<br />
  5. 5. Forefront for Office Products Overview<br />Forefront server protection solutions help businesses protect their messaging and collaboration servers against viruses, worms, spam, and inappropriate content<br /><ul><li>Forefront Protection 2010 for Exchange Server
  6. 6. Forefront Protection 2010 for SharePoint®
  7. 7. Forefront Security for Office Communications Server
  8. 8. Forefront Protection Server Management Console 2010
  9. 9. Forefront Online Protection for Exchange
  10. 10. Exchange hosted encryption
  11. 11. Multiple scan engines at multiple layers throughout the corporate infrastructure provide maximum protection against email and collaboration threats
  12. 12. Multiple-layer premium antispam</li></ul>Comprehensive protection<br /><ul><li>Tight integration with Exchange and SharePoint maximizes availability and performance</li></ul>Integration with Exchange and SharePoint<br />Simplified management<br /><ul><li>Easy-to-use management console provides central configuration and operation, automated scan engine signature updates, and reporting at the server and enterprise level</li></li></ul><li>On-Premises Secure Messaging: Forefront Protection for Exchange Server 2010<br />Protecting your email<br />
  13. 13. Gartner Magic Quadrant for Secure Email Gateways<br />-- Gartner, Inc. Magic Quadrant for Secure E-Mail Gateways, Peter Firstbrook, Eric Ouellet, April 27, 2010. <br />This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Microsoft.<br />The Gartner Magic Quadrant is copyrighted by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.<br />
  14. 14. Forefront Protection 2010 for Exchange Server:Industry-Leading Performance<br />West Coast Labs:<br />Spam catch rate above 99 percent<br />Premium antispamcertification<br />Virus bulletin: Continuous live spam catch rate above 99 percent:<br />99.77% (September 2009)<br />99.46% (November 2009)<br />99.32% (January 2010)<br />99.86% (March 2010)<br />99.93% (May 2010)<br />99.96% (July 2010)<br />
  15. 15. July 2010<br />
  16. 16. <ul><li>Rapid response to new threats
  17. 17. Fail-safe protection through redundancy
  18. 18. Diversity of antivirus engines and heuristics</li></ul>** 0.00 denotes proactive detection<br />1 Source: AV-Test.org (www.av-test.org)<br />The Multiple Engine Advantage<br />
  19. 19. Protect Messages from Malware<br />Microsoft solution<br />“Defense in depth”<br />Competitors’ solutions<br />Multiple engines<br />Single engine<br />38 times faster<br />An AV test of consumer antivirus products revealed:<br /><ul><li>On average, Forefront engine sets provided a response in 3.1 hours or less
  20. 20. Single-engine vendors provided responses in 5 days, 4 days,and 6 days, respectively </li></ul>Automatic engine updates<br />On premises or in the cloud<br />99 percent spam detection*<br />* With premium antispam services<br />
  21. 21. Scanning and Architecture Strategy<br />For maximum protection, deploy Forefront Protection for Exchange Server on all Exchange Server roles<br />To optimize server performance, implement a scanning strategy by using one or more of the following tips:<br />Antimalware stamp ensures a message is scanned only once<br />Enable antispamscanning on the edge transport servers and disable on hub transport and mailbox servers<br />Use different scan engines on different servers<br />Deploy both edge transport and hub transport servers<br />Forefront Protection for Exchange Server will scan and stamp inbound mail on the edge server<br />Forefront Protection for Exchange Server will scan and stamp outbound mail on the hub transport server<br />Internal mail is scanned and stamped on the hub transport server<br />
  22. 22. Forefront Protection 2010 for Exchange Server<br />Enterprise network<br />Edge transport<br />Protection availability:<br />Exchange 2010<br />Exchange 2007 SP1<br />Hub transport<br />Routing and policy<br />External mail<br />Unified messaging<br />Voice mail and voice access<br />Mailbox<br />Storage of mailbox items<br />Mobile phone<br />Client access<br />Client connectivity<br />Web services<br />Phone system (PBX or VOIP)<br />Web browser<br />Outlook (remote user)<br />Line of business applications<br />Outlook (local user)<br />
  23. 23. Scanning Capabilities<br />Transport scan<br />Scans email messages that are inbound or outbound from an Exchange transport stack and all internal mail<br />Real-time scan<br />Scans email messages and attachments that are accessed in mailboxes and public folders on your Exchange server<br />Scheduled scan<br />Similar to real-time scanning, scanning occurs in the Exchange information store. Scheduled scans are typically used to scan the entire information store<br />On-demand scan<br />Typically used to immediately scan specific mailboxes to localize a known issue<br />
  24. 24. Forefront Protection for Exchange Server AntispamFunctional Highlights <br />
  25. 25. Keyword Filtering<br />Searches the message body for matches to keywords in selected lists<br />Can be imported from an existing file<br />Can filter phrases<br />Support operators: AND, OR, NOT<br />Actions: SkipDetect, Delete, Suspend<br />
  26. 26. File Filtering<br />Filter by name, type, or size<br />*.exe, *.doc, *>10mb<br />Filters can be combinations of size, name, and type<br /><photo1.jpg>10mb, *.mp3>5mb, *>10mb<br />Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM, and BAT<br />Actions: SkipDetect, Suspend (Realtime), Delete (Scheduled/OnDemand)<br />
  27. 27. Container Behavior (ZIP, RAR, etc.)<br />Forefront scans within ZIP and other compressed formats and deletes only the offending file<br />EXE<br />DOC<br />TXT<br />DOC<br />JPG<br />BMP<br />JPG<br />BMP<br />Custom deletion text<br />Filter rules: Delete *.exeQuarantine<br />Container file before scan<br />EXE<br />Container file after scan<br />Quarantine<br />
  28. 28. DEMO<br />Forefront Protection 2010 for Exchange Server<br />
  29. 29. Hybrid Messaging Protection<br />On-premises software<br />Online<br />Exchange Server<br />Internet<br />SMTP <br />Edge Role<br />Hub Role<br />Mailbox Role<br />Antivirus and antispamprotection for Exchange Server 2010/Exchange Server 2007 server roles<br />
  30. 30. Hybrid Messaging Protection <br />Antispam replication<br />Up to 19 settings <br />Quarantine<br />Cloud or on premises<br />Content rescan<br />Antispam<br />Antivirus<br />
  31. 31. Comparing Forefront Protection for Exchange Server and Forefront Online Protection for Exchange<br />
  32. 32. Comparing Forefront Protection for Exchange Server and Forefront Online Protection for Exchange<br />
  33. 33. Comparing Forefront Protection for Exchange Server and Forefront Online Protection for Exchange<br />
  34. 34. Secure Collaboration<br />Protecting your collaboration portals<br />
  35. 35. The Need for SharePoint Protection<br />With more users:<br /><ul><li>Security control decreases
  36. 36. Potential impact increases</li></ul>Risks<br />Customers<br />Affiliates<br />Partners<br />Suppliers<br />Contractors<br />Consultants<br />Employees<br />Expanded uses:<br /><ul><li>Threat volumes increase
  37. 37. Types of threats increase</li></ul>Intranets<br />team sites<br />Partner<br />portal<br />Repository<br />Extranet<br />
  38. 38. The Need for SharePoint Protection<br />Microsoft® SQL Server® back end<br />Indexing server<br />Management<br />External SharePoint users<br />Potential malware<br />Internet<br />Potential malware<br />InternalSharePoint users<br />Unified Application Gateway<br />Web front end<br />Firewall<br />
  39. 39. Forefront Protection for SharePoint Feature Summary<br />Protection for Microsoft Office SharePoint Server 2010, SharePoint 2007, and Windows SharePoint Services<br />Multiple antimalware engines<br />Keyword and file filtering<br />Scan AD RMS protected repositories<br />Restore quarantined files<br />Container: ZIP, OpenXML, RAR, etc.<br />Native 64-bit implementation<br />Updated user interface<br />Windows PowerShell™ support<br />
  40. 40. Integration with SharePoint<br />Upload scenario<br />Download scenario<br />6<br />1<br />1<br />Request<br />2<br />SharePoint<br />web front-end servers<br />Forefront Protection for SharePoint<br />4<br />SharePoint<br />web front-end servers<br />Forefront Protection for SharePoint<br />VSAPI<br />VSAPI<br />5<br />3<br />4<br />2<br />3<br />SharePoint<br />databases<br />SharePoint<br />databases<br />
  41. 41. Scanning Types<br />Real-time scan<br />Scan triggered through the SharePoint VSAPI<br />Scheduled scan<br />Schedule can be set for off hours scanning of selected SharePoint sites<br />On- demand scan<br />Immediate scanning of individual sites<br />
  42. 42. Forefront Protection for SharePoint Console<br />
  43. 43. Forefront Protection for SharePoint Console<br />
  44. 44. DEMO<br />Forefront Protection 2010 for SharePoint<br />
  45. 45. Management Experience<br />Improved security management<br />
  46. 46. Management Options for Forefront Protection Servers<br />
  47. 47. Simplified management<br />Visibility and control<br />Enterprise ready<br /><ul><li>Manage multiple-server Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint environments
  48. 48. Server discovery and grouping
  49. 49. Product update and Forefront Protection Server Management Console agent deployment
  50. 50. Deploy policies to custom-defined groups of servers
  51. 51. Manage cross-domain and nondomain servers from one console
  52. 52. Firewall-friendly communication channel
  53. 53. Signature redistribution for 32-bit and 64-bit engines
  54. 54. Online integration with Forefront Online Protection for Exchange
  55. 55. Visibility into incidents across Forefront Protection for Exchange Server and Forefront Protection for SharePoint
  56. 56. Real-time monitoring for security events
  57. 57. User friendly dashboard view
  58. 58. Real-time and historical reports
  59. 59. Web-based interface for easier access
  60. 60. License distribution and activation
  61. 61. Centralized quarantine
  62. 62. Enterprise-ready scalability
  63. 63. Support for SQL Server scenarios
  64. 64. Business continuity for critical functionality
  65. 65. Manage Forefront Protection for Exchange Server on clusters (Exchange 2007 and Exchange 2010)</li></ul>Built on Microsoft infrastructure<br /><ul><li>Windows Server 2008 R2
  66. 66. Hyper-V
  67. 67. Windows Communication Foundation
  68. 68. Active Directory
  69. 69. SQL Server 2008
  70. 70. Internet Explorer 7.0 and Internet Explorer 8.0</li></ul>Forefront Protection Server Management Console Capabilities<br />
  71. 71. Forefront Protection Server Management Console Architecture Overview<br />Remote access<br />Continuous SQL replication<br />Communication over Windows Communication Foundation <br />Primary Forefront Protection Server Management Console<br />Backup Forefront Protection Server Management Console<br />Add Forefront Protection for Exchange Server and Forefront Protection for SharePoint servers to Forefront Protection Server Management Console and deploy Agent<br />Upload policy to Forefront Protection Server Management Console and create jobs<br />Run jobs to deploy policy<br />Retrieve quarantine and reporting data periodically<br />
  72. 72. Forefront Protection Server Management Console 2010<br /><ul><li>Utilizes Forefront Server Security Management Console codebase/features, with updated user experience and supports Forefront Protection for Exchange Server/ Forefront Protection for SharePoint
  73. 73. Offers Forefront Online Protection for Exchange hybrid capabilities
  74. 74. Available for free download</li></ul>H1 CY2011<br /><ul><li>Release of localized versions</li></ul>Not supported<br /><ul><li>No Antigen, Forefront Protection for Exchange Server/Forefront Protection for SharePoint down-level support
  75. 75. No 32-bit support
  76. 76. No Forefront Server Security Management Console single-server coexistence
  77. 77. No Forefront Security for Office Communications Server support</li></li></ul><li>Forefront Protection Server Management Console Console<br />Installation options<br />Stand-alone server<br />Primary and backup server<br />Access the Forefront Protection Server Management Console console by using Internet Explorer<br />http://<FPSMCserver>/FPSMConsole<br />HTTPS can be enabled by the administrator<br />Initial access is limited to the installation administrator<br />Other users can be granted access through the console, but they must be a local administrator, domain administrator, Exchange administrator, or enterprise administrator<br />This is a change from Forefront Server Security Management Console<br />
  78. 78. Forefront Protection Server Management Console Home Page<br />Side navigation bar provides quick access to desired functionality<br />At a Glance page provides 24-hour activity snapshot<br />Statistics broken out by Exchange and SharePoint<br />Top five viruses<br />Most active servers<br />Highlighted navigation and ‘breadcrumb bar’ for current location<br />
  79. 79. Server Management<br />Forefront Protection Server Management Console can manage domain-joined servers and non-domain-joined servers <br />E.g., edge servers, perimeter SharePoint deployments<br />Automatic discovery of Forefront Protection for Exchange Server and Forefront Protection for SharePoint servers within Active Directory<br />Displayed under New Servers<br />Must be added to Forefront Protection Server Management Console to be managed<br />Non-domain-joined servers can be manually added<br />Need to enter FQDN<br />Servers can be managed as groups<br />
  80. 80. Management Agent<br />Agent must be deployed to each Forefront Protection for Exchange Server/Forefront Protection for SharePoint server<br />Pushed out from Forefront Protection Server Management Console server<br />Requires port 445 to be opened for agent deployment<br />Local administrator credentials on target server needed<br />Agent deployment status displayed in the console<br />Once successful, the Forefront version of the managed server is displayed<br />Detailed logs available under Notification Logs<br />
  81. 81. Job Management<br />Four types of jobs:<br />Deployment job (policy and updates)<br />Signature redistribution job <br />Scheduled report job<br />Product activation job<br />Jobs can be scheduled or run on demand<br />Jobs can be scoped to target a specific set of servers<br />Configured by the administrator<br />
  82. 82. Job Management<br />Deployment (policy/update)<br />Policy deployments distribute Forefront Protection for Exchange Server/Forefront Protection for SharePoint configuration files (XML format)<br />Partial policy enabled<br />Credentials, if applicable, must be entered<br />Update deployment jobs will push out .exe and .msp files <br />Forefront Protection Server Management Console cannot deploy the initial Forefront Protection for Exchange Server or Forefront Protection for SharePoint installation <br />Signature redistribution<br />No jobs by default<br />Can customize jobs by engine and by target server(s)<br />Will download and then distribute<br />
  83. 83. Job Management<br />Scheduled report<br />Generates and emails reports: daily, weekly, or monthly<br />Sends all four available reports:<br />Incident Detection<br />Spam Detection<br />Engine and Definition<br />New Servers<br />Product activation<br />Activate evaluation Forefront Protection for Exchange Server/Forefront Protection for SharePoint servers by deploying an activation key<br />Renew expiring subscriptions by distributing new license key and expiration date<br />
  84. 84. Online Integration <br />Forefront Online Protection for Exchange Gateway can be specified in policies to be deployed to the servers<br />Links to the Forefront Online Protection for Exchange Administration Center<br />Administration Center, Message Tracing, Hosted Quarantine, and Reports<br />
  85. 85. Quarantine Management<br />Centralized management<br />Configurable retrieval period and polling interval<br />Defaults to retrieving 5 days of records and polling every 15 minutes<br />Broken out by Exchange and SharePoint<br />Enables delivery/restoration of false positives directly from console <br />Results can be filtered for faster recovery<br />
  86. 86. Reporting<br />On demand<br />Incident detection, spam detection, engine and definition version<br />Report scope based on date range and desired servers<br />Report includes distribution of detections, trending, and raw data<br />Scheduled<br />Sent via email on a daily, weekly, or monthly basis<br />
  87. 87. Additional Resources/Announcements<br />
  88. 88. Introducing Business Ready Security Demo 4.0i<br />Business Ready Security 4.0i <br />New! Forefront Protection Server Management Console RTW included<br />New! Forefront Protection Server Management Console hands-on labs<br />New! Forefront Protection for Exchange/Forefront Protection for SharePoint rollup updates<br />End-to-end demo environment<br />All identity and security solutions/technologies <br />7 GB zipped/installer package <br />Demo scripts/architecture overview documentation provided<br />Available as download: http://go.microsoft.com/fwlink/?LinkId=190269<br />Distribution list: msvmtalk@microsoft.com<br />
  89. 89. Business Ready Security Demo 4.0i<br />
  90. 90. Business Ready Security Demo 4.0i<br />
  91. 91. Links and Resources<br />
  92. 92. Questions and Answers<br />Submit text questions by using the Ask button<br />Don’t forget to fill out the survey<br />For upcoming and previously live webcasts, visit www.microsoft.com/webcast<br />Got webcast content ideas? Contact us at http://go.microsoft.com/fwlink/?LinkId=41781<br />
  93. 93. 55<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×