Your SlideShare is downloading. ×
  • Like
Windows 7 Guvenligi Forefront Endpoint Protection2010
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Windows 7 Guvenligi Forefront Endpoint Protection2010



Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • Business Needs To stay competitive, businesses are employing a growing number of remote and mobile employees. These various worker scenarios make it more difficult to meet security requirements. As such, businesses are struggling to: Keep users and systems secure as well as productive. Protect systems from complex threats and vulnerabilities on endpoints, application servers, and the network edge. Reduce the risks of sensitive information loss. Optimize efficiency and reduce management costs to lower the total cost of ownership (TCO) of security infrastructure.   However, many IT challenges stand in the way: Ever-evolving, financially motivated threats can cause business disruption and financial loss. The threat landscape is very dynamic in nature, with more and more applications going in the cloud- security systems need to be a step ahead of potential threats. The wide range of users and devices can make it difficult to apply consistent policy and protection for remote access. Most of the threats are a result of improper configuration or poor client update process. In the traditional model, desktop management and client security are managed in 2 different silos. Desktop administrators lack easy access to security tools that will help them get visibility into the security state of the clients. On the other side, security admins are overburdened with doing day to day security operations, which takes them away from focusing on developing end to end compliance policies and researching on the next generation of threats. Uncoordinated protection between fragmented, poorly integrated security products can lead to slower response times. There is limited visibility because of poor communication/alignment between functional silos. Duplicate infrastructures can raise complexity and TCO. With discrete infrastructures for management and security, companies need to purchase and maintain separate hardware and software, create and manage two sets of policies, and take two sets of actions when security incidents occur
  • Desktop management and security have traditionally existed as two separate disciplines, yet both play central roles in keeping users safe and productive. Management ensures proper system configuration, deploys patches against vulnerabilities, and delivers necessary security updates. Security provides critical threat detection, incident response, and remediation of system infection. Forefront Endpoint Protection 2010 introduces the ability to align these two work streams into a single infrastructure. Built on Microsoft System Center Configuration Manager 2007 R2 and R3, Forefront Endpoint Protection 2010 gives IT: - Consolidated tools, processes, and infrastructure to create new efficiencies and lower desktop ownership costs. -A unified view of configuration and security information that makes it easier to identify and Remediate vulnerabilities. With this strategy, Microsoft enables operationalization of client security- Endpoint protection can be managed by the desktop administration team, enabling them to quickly remediate any client security issues and carry out day to day security operations efficiently, using the same tools that they use for desktop management. This frees up the information security resources to tackle new and emerging threats and focus on developing end to end security policies for the enterprise. This combination of technologies also makes it easier for IT to consolidate and report on the risk status of their environment to management. In the case of a security event, IT administrators can identify at-risk machines and take action to patch systems, block outbreaks, and initiate clean-up efforts using a single infrastructure. Today, organizations have separate security and management infrastructures. That means that two sets of servers need to be purchased and maintained, two sets of policies need to be created and managed, and two sets of actions need to be taken when a security incident occurs. With the convergence of security and management, organizations have: One server infrastructure to maintain. A single mechanism to deploy software and updates to clients. Central policy implementation for security and management. A single solution that desktop administrators need to train on. A single license to purchase (ECAL) that contains everything organizations need to manage and secure endpoints – no need to buy single purpose software. These efficiencies not only lower hardware, maintenance, and training costs, they also allow IT administrators to do their job better and more quickly, meaning that organizations can also benefit from a reduction in help desk calls.
  • Forefront Endpoint Protection is the next generation of Forefront Client Security. It builds on the protection technologies included in the previous versions and provides a completely new management experience. Since FEP is built on Configuration Manager, it offers easy installation of FEP server and easier deployment of clients using the existing infrastructure. FEP is also able to support enterprise wide scalability up to 100s of thousands of clients across various Windows operating systems. FEP provides highly accurate detection of known and unknown threats using many new and improved technologies in its antimalware engine as well as through host firewall management. While providing comprehensive protection, FEP keeps employees productive with low performance impact scanning an productivity oriented default policies. And finally, with FEP Administrators have a central location for creating and applying all endpoint-related policies. With a shared view of endpoint protection and configuration, administrators can more easily identify and remediate vulnerable computers. In the following sections, we will look at these benefits in more details.
  • Forefront Endpoint Protection uses Configuration Manager 2007 to centralize deployment of security software and policies to multiple endpoints. There is no need for an additional FEP management server, You can deploy FEP Server on an existing Configuration Manager standalone (single) site or to a hierarchical site environment. Once FEP server is installed, admins get an integrated console for FEP management within the System Center console. The Forefront Endpoint Protection server installation process automatically installs the required components to the correct servers based upon the Configuration Manager deployment. Many operational components like distribution packages and desired configuration baselines are automatically created for the administrators during this installation.
  • Software deployment in a large network is generally a tedious process that requires a great deal of administrators’ time and resources. Installing the software on individual client computers reduces productivity and increases the need for remote and centralized deployment. Using different infrastructures for security management and deployment makes the task more complex With FEP, Client deployment is simplified. Admins use the same software distribution process from Configuration Manager that they are familiar with. Configuration Manager distribution is used to centrally manage and monitor the deployment of FEP to client computers in your existing infrastructure. With this method, you can control which Configuration Manager collections the client is deployed to and it supports deployment to even non-domain joined machines. Even migrating from an existing antimalware product is easy- The Forefront Endpoint Protection client deployment package checks for and uninstalls the existing antimalware client and then installs the FEP agent. This makes the migration process simple as well as more secure. Currently latest versions of Symantec, McaAee and TrendMicro can be detected and removed while installing FEP client. FEP Client can also seamlessly migrate from an existing FCS client- during this migration from FCS, FEP installation also removes the MOM (Operations Manager) agent that was a prerequisite for FCS. (list of supported versions of competitive uninstall:
  • Forefront Endpoint Protection 2010 provides multiple options to receive signature and engine updates. Organizations can use their existing Windows Server Update Services (WSUS) infrastructure to get FEP updates. Administrators can also configure a client to connect to Microsoft Update or use a file share to download the latest definition updates. These sources can be prioritized from the policy management console. So the client will check for the signature updates with the sources based on the priority defined in the policy- For e.g when the client is connected to the corporate network it can receive updates from the WSUS infrastructure. If the client is in a remote location not connected to the enterprise then the client can still continue to get updates through the internet using Microsoft Updates. Microsoft uses package chaining feature to reduce the size of signature updates. This feature reduces the total bandwidth a WSUS server has to use to download updates from MU to stay up to date. This reduces the total cost of ownership for definition updates for WSUS. Generally, the size ranges of the delta updates are from 50-2048 KB and the entire delta files are from 1-15 MB, depending on several factors. These factors include the duration since the last rebase and include the number of changes since the last rebase.
  • Forefront Endpoint Protection provides industry leading antimalware protection based on Microsoft technologies. Microsoft’s antimalware engine has been consistently rated very highly in the industry, especially for its proactive protection as well as for lower false positives. AV Comparatives OnDemand: Microsoft was awarded its second consecutive Advanced rating in the AV-Comparatives August 2010 OnDemandDetection Test .  This test, also conducted and published twice a year by AV-Comparatives, measures the percentage of threats detected in a test-set of 900,000 malware samples. Unlike the above “proactive” test, this is a wider sample set that does not include only “new” or “unknown” threats.   The report shows strong results for the Microsoft solution, with both a high detection rate and low false positives.  Microsoft has steadily improved its detection results over the last two years.  Our false positive rate continues to remain one of the best when compared to top players in the industry, and demonstrates our consistent focus on quality. AVComparatives Proactive: Microsoft was awarded its third consecutive Advanced+ (the highest rating) in the AV-Comparatives May 2010 Proactive Detection Test .  This test, conducted and published twice a year by AV-Comparatives, demonstrates the “zero-hour” detection capability of antimalware products.  This is an extremely important capability given that  the threat landscape changes so quickly and the amount of malware released into the wild every day continues to grow.    Proactive detection is one of Microsoft’s strengths – not only because we can stop new threats immediately, but because we can do so with a very low occurrence of “false positives”, or legitimate mail that gets incorrectly categorized as malware.  While it is possible to achieve a high detection rate by identifying everything with suspicious behavior as malware, this approach can result in a higher number of false positives which can cause large disruptions to consumers and businesses.  VB100: In the August 2010 report , Microsoft Security Essentials earned Microsoft its 12 th VB100 award.  The VB100 test requires tested products to detect 100% of Wild List threats with zero false positives.    The VB report also includes a Reactive and Proactive (RAP) test pass that examines the effectiveness of tested products against more timely threats.  Microsoft continues to score well in the RAP test – outranking both Symantec and McAfee in this report.  This concurs with the AV-Comparatives proactive detection data above, showing that Microsoft is able to rapidly block new and emerging threats.   Here’s a list of select competitors from the RAP test for comparison:
  • FEP builds on the security features already available on Windows 7 to provide a comprehensive protection from evolving threats. The consistent high scores from third party testing are a result of multiple methods of protection and controls available in Forefront Endpoint Protection. We categorize protections in to 2 based on the threats: Reactive techniques or protection against known threats And the second category of proactive techniques or protections against unknown threats. FEP covers both of these categories across multiple layers of the system. The enhanced protection starts with the core antimalware engine- there are many enhancements introduced in this engine that enable efficient scanning of the system without impacting productivity. It includes Advanced rootkit scanning and remediation against sophisticated threats. Other technologies that provide proactive protection include Behavior Monitor and Dynamic Translation or heuristics detection. With behavior monitoring, clients can get signature updates through the cloud with the dynamic signature service and get near real time protection updates against fast evolving threats. FEP also introduces a new feature called Network Vulnerability Shielding- this protects the clients against intrusions and exploits by inspecting network layer traffic. With FEP, admins will be also able to manage desktop firewall settings from the management console. In the following sections we will discuss more details on these features.
  • Dynamic Translation technology in FEP uses heuristics based protection. Based on emulated behavior- it translates code that accesses real resources into code that accesses virtualized resources- keeping the real resources in the system safe from any malicious content. DT runs the translated program on the real CPU – very fast. Dynamic Translation helps us deal with malware volume – many are the same threat, just obfuscated differently. With polymorphic malware, what the code does may be the only common aspect of two samples- so the emulation of the code helps us detect as well as prevent the malware from impacting the system.
  • Live system behavior monitoring identifies new threats and tracks behavior of unknown processes and known good processes gone bad. Suspicious detections trigger a request to the Dynamic Signature Service and clients will receive an updated signature through the cloud if it is a recently identified malware, without waiting for the regular signature update process. Behavior Monitoring is able to identify new threats and Provides Live OS anomaly detection using multiple inspection techniques: Primary sensors Process / File / Registry operations Network Activity – Spam and BotNets Kernel Modification – “Komoku Inc” Integration for Anti-rootkit (AR) protection Web Downloads Behavior Monitoring “detections” driven by the engine and trigger a request to the Dynamic Signature Service New detections can be added with monthly Engine updates Dynamic Signature service is a cloud based technology that delivers protection to new threats that are not in the signature set on the endpoint in near real time. This service leverages many tools at the backend to provide the latest protections including the Microsoft research team , file reputation data as well as behavior classifiers. Administrators have to opt-in to this service ( feature name in the product- Microsoft SpyNet) to get dynamic updates.
  • Forefront Endpoint Protection 2010 provides protection against network level exploits and intrusions by inspecting inbound and outbound network traffic. Based on the Microsoft’s Network Inspection System (NIS) Technology, it detects and blocks network exploits like Conficker. NIS is already used in other Microsoft solutions like Forefront Threat Management Gateway to prevent network based exploits. NIS minimizes the window of vulnerability on the client. Hackers start exploiting the vulnerabilities as soon as they are discovered. Even if a patch is available for that vulnerability, organizations rarely can apply a system patch immediately- it takes some time to test the patch and deploy it on all systems. This is a big windows of opportunity for hackers to target these vulnerable systems. NIS resolves this problem- When a NIS signature is available for the vulnerability, it can be applied to the FEP agent immediately. So even if the patch is not deployed to the system, it is still protected by FEP which is now inspecting network traffic based on the latest vulnerability signature. It will block any traffic that is trying to exploit that vulnerability. Once the system is patched, FEP is intelligent enough to understand the patch level and NIS signature will be disabled. It balances protection with performance by only enabling signatures for the unpatched vulnerabilities.
  • Now that we have seen some of the protections included in FEP, lets discuss the end user experience on the FEP client. Let’s face it- the last thing a user wants is to be slowed down by an antimalware engine. The main design principle for FEP was to maintain productivity while providing a high class protection. FEP delivers on that capability. FEP uses the same core antimalware engine used in Microsoft Security Essentials. MSE is a consumer antimalware offering available free for home use. MSE is widely being used in the world with more than 40 million users in less than a year. Major feedback on MSE was that “it just does its job or I don’t even know its there” We have taken that learning and applied to FEP client experience as well. The user interactions are kept minimal and are configurable through the central policy. Even if the user has to take any actions, the GUI is simple to use. It enables higher productivity by allowing administrators to limit CPU usage during scans. The system scans are also faster using advanced caching techniques. Thus allowing users to do their job safely without worrying about slowdowns or disruptions.
  • Since FEP is built on Configuration Manager 2007 R2 or R3 it allows you to use your existing client-management infrastructure. It enables you to deploy and manage endpoint protection through a single interface of System Center Configuration Manager. This enables managing and securing endpoints without the need for additional servers to support FEP. Administrators have a central location for creating and applying all endpoint-related policies. With a shared view of endpoint protection and configuration, administrators can more easily identify and remediate vulnerable computers
  • Lets take a look at policy management options for FEP. Forefront Endpoint Protection policy settings define the various configuration options of the Forefront Endpoint Protection client that you can manage. For example, administrators can manage the scan schedule, the location and frequency of definition updates, and scan exclusions. Forefront Endpoint Protection policy settings that you specify are contained in a Forefront Endpoint Protection policy object. Policies do not affect Forefront Endpoint Protection clients until you assign them to a Configuration Manager collection. The policy management is simplified by providing pre-defined templates for the admins. For e.g. the high security policy template will enable maximum security settings for antimalware and firewall in the policy. Admins can just use these pre defined templates to create their policy. These best practices are also offered for servers- there are 16 pre-defined policy templates available in FEP for servers based on their roles. There are two ways to author a FEP policy FEP  SCCM (FEP extension to SCCM UI adds a policy editor)- Recommended GP  GPEDIT + ADMX 4 ways to deploy FEP (via SCCM) GP Install (parameter to MSI package, useful to ensure no gap in coverage) Script (use in-agent command line tool, useful for NDJ and other “unmanaged” scenarios or custom mgmt solutions) Preconfigured templates (these are available in FEP UI as well as in standalone form for use with FEP GP tool) Performance, Security, or by Server Role template (FEP UI lets you choose a “baseline” when you create a new policy. 15 server roles in RC (AD, DNS, Exchange, etc.) Utilities FEP GP tool (this gets templated settings into GP, or exports GP settings into a portable format) ADMX (this allows GPEDIT to display and edit FEP settings)
  • Any security solutions needs a good alerting and reporting feature- administrators have to be notified on critical operational issues immediately. Desktop administrators also need to get the historical visibility of client health and security issues, these reports can be shared with the security admins to help them understand the end to end enterprise compliance. FEP provides alerts for critical security issues on the client. Forefront Endpoint Protection 2010 can notify the administrator via email when it detects security incidents. The alert types that FEP provides include: Malware Outbreak: Forefront Endpoint Protection 2010 can send an alert when it detects a malware outbreak. An outbreak occurs when the number of malware detections reaches a certain threshold. Malware Detection: When FEP detects malware on a client machine, it sends an alert to the client machines that are members of its collection. You can configure the settings to generate alerts and select the recipients of the alerts, FEP also provides out of the box reports using the same Configuration Manager Reporting infrastructure. Forefront Endpoint Protection provides a number of predefined reports that are located in the Reports node under the Forefront Endpoint Protection node. These reports provide administrators with information on client deployment, health, and malware detection. In this prerelease version of Forefront Endpoint Protection, there are five predefined Forefront Endpoint Protection reports, three of which are run directly from the Reports node, and two that are run by drilling down from them. These reports are available in multiple formats including a web page, pdf file or in MS-Excel. These reports can be further customized using Excel tools.
  • High-value assets (typically servers) that require a greater degree of monitoring can report their events to an Operations Manager infrastructure. Forefront Endpoint Protection 2010 includes the FEP Security Management Pack, which is a standard management pack that you can import to Operations Manager 2007 R2. The FEP Security Management Pack serves two goals. First, organizations that use Operations Manager 2007 R2 to monitor servers can now use their preferred tool to monitor security, too. Second, for organizations that require guaranteed real-time monitoring for their critical systems (like servers) the management pack uses Operations Manager 2007 R2 capabilities to ensure real-time reporting on Forefront Endpoint Protection. In addition to real-time monitoring and alerting, the FEP Security Management Pack can use SQL Reporting or MS-Excel to connect to the Operations Manager 2007 R2 database to generate custom reports. The Operations Manager 2007 R2 console provides access to real-time data generated by FEP clients with Operations Manager 2007 R2 agents installed. This data includes a state view of the various FEP client components (antimalware engine, antimalware activity, definitions, last scan time, firewall state, and others), a list of active alerts, and a list of all FEP-related events that the servers have sent./ The FEP Security Management Pack for Operations Manager 2007 R2 provides a server-centric view under Operations Manager with the following features: - Server security and availability tasks Predefined reporting views that can be used to generate custom reports using Excel. - Real-time monitoring and alerting for critical systems    
  • Forefront Endpoint Protection simplifies endpoint control with a single experience for protecting and managing endpoints Forefront Endpoint Protection integrates with and extends System Center Configuration Manager to greatly reduce the cost of deploying and maintaining secure endpoints. Forefront Endpoint Protection protects against known and unknown threats with endpoint inspection at behavior, application, and network levels. Increases Efficiency by Unifying Endpoint Protection and Client Management Delivers a single experience for client management and endpoint protection policy creation and configuration Provides a single pane of glass for client management and endpoint protection status Improves endpoint protection by increasing awareness of potentially vulnerable clients Common Management Experience Consistent policy configuration for client management and endpoint protection Decreased training and operations time for administrators   Single Pane of Glass Easy access for security and configuration trends and reports Reduced complexity in troubleshooting security and desired configuration events   Improved Endpoint Protection Simplified ability to identify and remediate at-risk computers Greatly Reduces Cost of Deployment and Ownership of Endpoint Protection Simplifies deployment of endpoint protection through a proven infrastructure that scales to hundred thousands of clients across a distributed environment Reduces infrastructure cost by using an existing System Center Configuration Manager deployment  for both endpoint protection and client management   Scalable Infrastructure Management for 100’s of thousands of clients Uses existing Configuration Manager infrastructure to minimize new capital investment   Reduced Client Deployment and Ownership costs Automated detection and removal of most common endpoint protection products Easy large-scale software deployment through Configuration Manager Supports both domain-joined and non-domain-joined clients Extends management out to branch offices
  • Most desktop vulnerabilities result from poor system configuration and security personnel’s lack of ready access to inventory, patch level, and other desktop-specific configuration data. Organizations can combine the threat-detection capabilities of Microsoft ® Forefront ® Endpoint Protection 2010 with Microsoft System Center Configuration Manager 2007 (the most widely used tool for remediating desktop security vulnerabilities) to gain a unique, consolidated view into the health and protection status of their user systems—visibility that previously could have required accessing three or more separate consoles. This combination of technologies also makes it easier for IT to consolidate and report on the risk status of their environment to management. In the case of a security event, IT administrators can identify at-risk machines and take action to patch systems, block outbreaks, and initiate clean-up efforts using a single infrastructure. Today, organizations have separate security and management infrastructures. That means that two sets of servers need to be purchased and maintained, two sets of policies need to be created and managed, and two sets of actions need to be taken when a security incident occurs. With the convergence of security and management, organizations have: One server infrastructure to maintain. A single mechanism to deploy software and updates to clients. Central policy implementation for security and management. A single solution that desktop administrators need to train on. A single license to purchase (ECAL) that contains everything organizations need to manage and secure endpoints – no need to buy single purpose software. These efficiencies not only lower hardware, maintenance, and training costs, they also allow IT administrators to do their job better and more quickly, meaning that organizations can also benefit from a reduction in help desk calls.


  • 1. Windows 7 Güvenliği ve Forefront Endpoint Protection 2010 Gökhan Şenyüz ( MVP ) [email_address]
  • 2. Gündem
    • Uç nokta güvenliğinde iş ihtiyaçları ve BT sorunları
    • Microsoft Çözümü
      • Masaüstü yönetimini ve güvenliğini birleştirmek
    • Forefront Endpoint Protection 2010 Yenilikleri ?
    • Kolay dağıtım / Yükleme
    • Gelişkin koruma
    • Kolaylaştırılmış Yönetim
    • Kaynaklar
  • 3. Masaüstü yönetimi için farklı güvenlik için farklı yönetim araçları ve yükleri Birbirlerinden farklı çözümleri yönetmenin yüksek maliyeti Maliyet Tasarrufu Bilinen ya da Bilinmeyen Tehditleri Durdurma Verimliliği korumak ve istemcileri güvenli tutmak Sürekli tehditlerle uğraşmak İş İhtiyaçları Hız ve Esneklik BT İhtiyaçları Denetim
  • 5. Applocker
    • - Lisanssız, güvenlik açıkları olduğu bilinen yazılımların kurum içinde çalıştırılmasına engel olunması
    • - İş ihtiyaçları ile ilişkili olarak kullanıcılara Uygulama kurma ve çalıştırma yetkisi verilebilmesi
    • - Kurumsal ve sektörel uyumluluk politikalarının masaüstü ortamına uygulanabilmesi
  • 7. Bitlocker ToGO
    • Kurulumda ön hazırlık
    • Harici disk desteği
    • RAID Desteği
    • Active Directory Entegrasyonu
    • GPO ile merkezi yönetim
    • Bitlocker ToGo Reader
  • 9. Windows Firewall
    • Port Engelleme
    • Protokol Engelleme
    • Program Engelleme
    • Konuma göre farklı kurallar
    • Advanced Mode ile detaylı yapılandırma
  • 11. Masaüstü yönetimi ve Güvenlik için tek çözüm Slovenia Telecom
  • 12. Forefront Endpoint Protection 2010 Forefront Client Security ’nin Yeni Sürümü
            • Microsoft ® System Center Configuration Manager temelli kurulum altyapısı
            • Tüm System Center Configuration Manager topolojilerinin desteklenmesi ve ölçeklenebilirlik
            • Mevcut üründen kolay geçiş
            • Windows Masaüstü ve Windows sunucu işletim sistemleri de dahil geniş işletim sistemi desteği
            • V irus, Casus Yazılım , R ootkit ve network açıklarına karşı koruma
            • Verimlilik ve performans ayarlı yapılandırma
            • Dahili güvenlik duvarı ile bütünleşik yönetim
            • Microsoft Malware Protection Center ile sürekli koruma
            • Masaüstü yöneticileri için birleşik yönetim arabirimi
            • Zamanında ve etkin güvenlik uyarıları
            • Basit, iş temelli politika yönetimi
            • Güvenlik yöneticileri için geçmişe dönük raporlama
            • Kolay Dağıtım / Kurulum
            • Gelişkin Koruma
            • Basitleştirilmiş Masaüstü Yönetimi
  • 13. Kolay Dağıtım / Kurulum
  • 14. System Center Configuration Manager temelli istemci güvenliği FEP Birincil siteler
      • Forefront Endpoint Protection kurulum sırasında :
      • System Center Configuration Manager sunucu rolleri tespit edilir ve FEP 2010 sunucu rolleri entegre edilir.
      • FEP 2010 dağıtım paketleri, DCM referansları ve ek bileşenler otomatik olarak oluşturulur.
      • Yeni raporlama veri tabanı oluşturulur.
      • Mevcut altyapıyı kullanarak basitleştirilmiş kurulum
      • Yeni sunucuya gerek yok
      • Bütünleşik yönetim konsolu
    System Center Configuration Manager Merkez Site
  • 15. Basitleştirilmiş dağıtım / kurulum
      • Configuration Manager Entegrasyonu
      • Mevcut yazılım dağıtım yapısının kullanılması
      • Branch Office ve Domain dahil olmayan dahil Tüm SCCM mimarilerine destek
      • Esnek dağıtım ve geçiş
      • Windows masaüstü ve Windows sunucu desteği
      • Mevcut işletim sistemi imajlarına ekleme desteği
      • Configuration Manager olmadan kullanma desteği
      • Mevcut ürünlerden kolay geçiş ve mevcut ürünlerin otomatik kaldırılması
      • Symantec
      • McAfee
      • TrendMicro
      • Forefront Client Security
    Politika yapılandırma 3. Parti denetlemesi 3. Parti ürünlerin otomatik kaldırılması FEP 2010 kurulumu İmza güncelleme Client Distribution Flow
  • 16. İmza güncelleme / dağıtım
      • Birden fazla güncelleme kaynağı
      • Kaynak öncelik belirleyebilme
      • Mevcut Microsoft Windows Server Update Services altyapısının kullanılması
      • Düşük güncelleme boyutu ile daha az bant genişliği ihtiyacı
    Şirket Ağı (UNC Paylaşım ) Internet (MU/WU) Şirket Ağı (WSUS) Antimalware Service ( İstemcisi ) Network service Local system Olay Günlüğü Güncelleme Kaynakları
  • 17. Gelişkin Koruma
  • 18. Üstün Anti-Malware Slovenia Telecom “ Forefront Endpoint Protection offers us better virus protection than we had with our previous solution. We had an incident with the Conficker virus, and our old anti-virus product was only able to disable and partially remove the virus. FEP was able to fully remove the virus from our environment. It is definitely a better tool.” AV Comparatives On Demand Test August 2010 AV Comparatives Proactive Test May 2010 VB100 August 2010 En iyiler arasında Bilinmeyen tehditlere karşı proaktif koruma Düşük False/Positive oranı Company Award Detection Rate False Positives Symantec Advanced+ 98.70% 9 Microsoft Advanced 97.60% 3 Sophos Advanced 96.80% 13 McAfee Advanced 99.40% 24 Kaspersky Advanced 98.30% 46 Trend Micro Tested 90.30% 23 Vendor/ Product Reactive Average Proactive RAP Kaspersky 94.89% 77.94% 90.66% Microsoft 84.64% 69.33% 80.81% McAfee 74.67% 54.06% 69.52% Symantec 70.16% 53.76% 66.06% Vendor % proactive detection of new malware #1 Trustport, Panda 63% #2 GData 61% #3 Kaspersky,         Microsoft 59% #7 Symantec 43% #8 McAfee 38% #13 Trend Micro 26%
  • 19. Kapsamlı Koruma Katmanı Windows Firewall Merkezi Yönetim Microsoft AppLocker™ Windows 7 Windows Internet Explorer ® 8 SmartScreen Zafiyet Koruma (Network Inspection System) Data Execution Prevention Davranış İzleme Address Space Layout Randomization Windows Kaynak Koruma Anti-malware Dinamik Çevirim ve Emulasyon Forefront Endpoint Protection
  • 20. Dinamik Çevirim
      • Dinamik çevirim güvensiz olan gerçek kaynaklara erişen kodu güvenli olan sanal kaynaklara erişen koda çevirir.
      • Kod karakterinin ve davranışlarının incelenmesi
      • Sektör lideri proaktif koruma
      • Binlerce zararlı yazılımı tespit edebilen tek bir imza
    Gerçek Kaynaklar Sanallaştırılmış Kaynaklar Potansiyel Zararlı Yazılım Güvenli Çevirim Dinamik Çevirim
  • 21. Davranış Takibi ve Dinamik İmza Hizmeti
      • Sistemin canlı izlenmesiyle yeni tehditlerin kolay tespiti
      • Bilinen / Bilinmeyen proseslerin davranış takibi
      • Dinamik İmza Servisi : İmzalara düşük bağımlılık
        • Emulasyon ile şüpheli kod tespiti
        • Şüpheli dosyalar için bulut kontrolü
      • Gerçek zamanlı imza kullanımı
      • Eş zamanlı güncelleme ile zaman ve maliyet tasarrufu
    Araştırmacılar Gerçek zamanlı imza dağıtımı Davranış Sınıflandırma Bilinirlik Özellikler / Davranış Gerçek Zamanlı İmza Örnek Talebi Örnek Gönderimi
  • 22. Ağ açıklarından korunma
      • Açıkların tespiti ve Yama güncellemesi arasında sistemlerin zarar görmesini engeller
      • Network Inspection System (NIS) temelli güvenlik teknolojisi
      • Conficker benzeri tehditlerin tespiti ve engellenmesi
      • Gelen ve giden trafiğin incelenmesi / engellenmesi
      • Yama yükleme durumuna göre imza etkinleştirme
    Yeni imza oluşturulur Açıktan Faydalanma Saldırı engellenir Yama test edilir ve yüklenir Yeni imza uygulanır Yamanın test edilmesi için geçen süre Yama yüklemeye hazır Yeni açık tespit edilir
  • 23. Basitleştirilmiş Yönetim
  • 24. Basitleştirilmiş Yönetim
      • Yönetim Seçenekleri
      • Kullanıcı temelli Yönetim
      • Merkezi Yönetim
      • Yüksek Verimlilik
      • CPU Performans ayarı
      • Ön bellekleme ile yüksek tarama performansı
  • 25. Birleştirilmiş Yönetim Arabirimi
      • Masaüstü ve güvenlik yönetimi tek konsolda
      • Politika dağıtımı ve Raporlama tek konsolda
      • İstemci güvenliğinde tüm bilgisayarların takibi
      • İstemci güvenlik sorunlarının hızlı tespiti ve çözümlenmesi
  • 26. Merkezi Politika Dağıtımı
      • Politika oluşturma ve düzenleme
      • Forefront Endpoint Protection – Configuration Manager
      • Group Policy – GPEDIT + ADMX
      • Politika dağıtımı :
      • Configuration Manager
      • Group Policy
      • Kurulum
      • Script
      • Sunucu rolleri için hazır şablonlar :
      • Performans , güvenlik ya da sunucu rolüne uygun şablon
      • Sunucu rollerine göre hazırlanmış 16 şablon
  • 27. Geçmişe Dönük Raporlama ve Uyarılar
      • Zengin SQL Raporlama
        • Malware olayları
        • Korunma durumu
        • Güvenlik uyumluluğu
        • Politika dağıtımı
        • Uyarılar
      • Özelleştirilebilir filtreler
      • Farklı raporlama biçim desteği
      • Farklı düzeylerde Uyarılar :
        • Malware Saldırısı
        • Malware tespiti
        • Çoklu malware tespiti
        • Tekrarlanan saldırılar
      • E-posta uyarıları
  • 28. Operations Manager için F EP 2010 Management Pack
      • System Center Operations Manager konsolunda sunucu bazlı görüntüleme
      • Gerçek zamanlı izleme ve Kritik Uyarılar
  • 29. Özet Forefront Endpoint Protection 2010 Basit Bütünleşik Koruma
        • Masaüstü yönetimi ve güvenlik için kolay yönetim deneyimi
        • Potansiyel tehditlerin gerçek zamanlı kontrolü ve engellenmesi
        • Yönetim ve güvenlik için düşük maliyetli tek yönetim altyapısı
        • SCCM kullanarak binlerce makineye zahmetsiz kurulum ve yönetim
        • Bilinen ve bilinmeyen tehditlere karşı üst düzey aktif koruma
        • Windows Firewall ile entegre yapısı sayesinde ağ katmanında gerçekleşen saldırıların önlenmesi
  • 30. Gelişkin Masaüstü İstemci : TechCenter: Forefront Endpoint Protection 2010 Deneme Sürümü
  • 31. ©2010 Microsoft Corporation. All rights reserved. Microsoft, AppLocker, Forefront, Internet Explorer, SharePoint, SQL Server, Hotmail, Windows, Windows Live, Windows Server, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
  • 32.  
  • 33. Security Management Topology FEP on current Configuration Manager server roles
      • Centralized policies, monitoring, and reporting capabilities
      • Discovery and installation of Forefront Endpoint Protection server roles on the Configuration Manager server roles
      • Option to install Forefront Endpoint Protection Console extension on other sites
    PRIMARY SITES FEP Console Extension FEP Server Extensions FEP Reports CENTRAL SITE
  • 34. Security Management Topology Central FEP Server with Remote Reporting Database PRIMARY SITES
      • Enables distribution of resources in the infrastructure
      • Forefront Endpoint Protection reporting role and database offloaded to a remote machine
      • Option to specify a remote Microsoft SQL Server ® during installation
    FEP REPORTS System Center Configuration Manager FEP Console Extension FEP Server Extensions FEP Console Extensions
  • 35. Centralized Management Topology Secondary Site Primary Site Primary Site Primary Site FEP Console Extension FEP Server Extensions FEP Reports FEP Console Extensions FEP Console Extensions Secondary Site Secondary Site CENTRAL SITE
  • 36. Security Management Topology Distributed Management Secondary Site Primary Site Primary Site Primary Site
      • Separate security management and operations to child sites
    Secondary Site Secondary Site CENTRAL SITE FEP Console Extensions FEP Server Extensions FEP Reports FEP Console Extensions FEP Server Extensions FEP Reports FEP Console Extensions FEP Server Extensions FEP Reports
  • 37. Distributed Management with Consolidated Reporting
      • Separate security management and operations to child sites
      • Consolidated reporting on central site
    Secondary Site Primary Site Primary Site Primary Site FEP Reports Secondary Site Secondary Site CENTRAL SITE FEP Console Extensions FEP Server Extensions FEP Reports FEP Console Extensions FEP Server Extensions FEP Reports FEP Console Extensions FEP Server Extensions FEP Reports
  • 38.
    • Experienced researchers with prior work at various global response and research labs
    • Microsoft security technology specialists who understand best practices
    • Continuous coverage with malware research labs in several countries
    • Microsoft Security Response Alliance (MSRA)
    • Microsoft Malicious Software Removal Tool
    • Windows Defender (SpyNet)
    • Microsoft Windows Live OneCare™
    • Microsoft Forefront
    • Windows Live™ Hotmail ®
    • Microsoft Exchange Hosted Services
    • Microsoft Product Support Services support organization
    • Customer submissions
        • Integrated response processes with global support organization
        • Brings Windows and cross-product resources to address issues
        • Microsoft Malware Protection Center portal
        • Search and browse anti-malware encyclopedia
        • Top threat telemetry
    Committed to long-term investment and leadership GLOBAL RESEARCH BROAD INSIGHT INTEGRATED RESPONSE
  • 39. Convergence of Desktop Security and Management “ The integration of management and security makes our IT organization more agile. We’re more efficient in the way that we use our personnel. We’ve increased the number of people available to respond to security incidents by 20% with no increase in headcount.” Riga Stradins University
      • Security personnel have access to desktop configuration data
      • Health status and protection status in a single interface, with consolidated reporting
      • Incident response (identify / patch / remediate) is more targeted
      • One server infrastructure to maintain
      • A single mechanism to deploy software updates to clients
      • Central policy implementation for security and management
      • One set of training for administrators
      • A single license to purchase (ECAL)
    Security + Management
  • 40.