SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefront Secure Messaging Solution


Published on

Come learn how Forefront and Exchange Server 2010 work better together! This session covers how Forefront Protection 2010 for Exchange Server (FPE) and Forefront Online Protection for Exchange (FOPE) will facilitate protection of Microsoft Exchange Server 2010 from malware and unsolicited mail.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefront Secure Messaging Solution

  1. 1.
  2. 2. Better Together: Microsoft Exchange Server 2010 and Microsoft Forefront Secure Messaging Solution <br />Cristian Mora<br />Technical Product Manager<br />Microsoft Corporation<br />SIA 311<br />Alexander Nikolayev<br />Program Manager<br />Microsoft Corporation<br />SIA 311<br />
  3. 3. Agenda <br />E-mail Security Threats<br />Spam & Malware<br /> Phishing & Viruses<br />Premium Antimalware Protection<br />Premium Antispam Protection<br />Administration and Management<br />Forefront/Exchange<br />Better Together Security<br /> Forefront Protection 2010 for Exchange: Key Differentiators<br /> Forefront/Exchange Better Together: Benefits and Better Together Security<br />Summary<br />
  4. 4. Top E-mail Threat Concerns<br />Malware via URLs,<br />Malware via Attachments,<br />Phishing,<br />Spam,<br />Data Leakage.<br />Source: Messaging Security Survey: The Good, Bad, and Ugly Study. IDC, 2009<br />
  5. 5. “The growth in e-mail traffic means that over the next four years, organizations will need increasingly better defenses against all types of spam and malware… Battling spam alone is very costly – in 2009, a typical 1,000-user organization spends over $1.8 million annually to manage spam.”<br />— The Radicati Group, Inc., E-mail Security Market, 2009-2013<br />… Around $8 Billion Lost to Viruses, Spyware and Phishing… 2 million consumers have had to replace their computers over the past two years due to software infections… 1 in 5 online consumers have been victims of Cybercrime…<br />— 2009 State of the Net Survey<br />“As one leading financial institution told us, it routinely sees that at least 14 out of every 15 incoming emails are pure spam”<br />- Forrester Wave Email filtering Q2 2009, April 2009<br />“Almost 60% of organizations reported spam blocking effectiveness of less than 95%” - Brian E. Burke, “Messaging Security Survey” IDC February 2009<br />
  6. 6. 7,197<br />5,259<br />5,242<br />4,564<br />4,630<br />4,367<br />4,280<br />3,326<br />2,854<br />2,870<br />2,625<br />2,560<br />1,707<br />May<br />Jun<br />Jul<br />Apr<br />Aug<br />Mar<br />Sep<br />Feb<br />Oct<br />Jan<br />Nov<br />Dec04<br />Dec05<br />New Phishing Sites By Month<br />Source:<br />
  7. 7. New Phishing Sites By Month<br />Source:<br />
  8. 8. So, what’s the Solution???<br />
  9. 9. Business Ready SecurityHelp securely enable business by managing risk and empowering people<br />Protection<br />Access<br />Protect everywhere,<br />access anywhere<br />Identity<br />Simplify the security experience,<br />manage compliance<br />Management<br />Highly Secure & Interoperable Platform<br />Integrate and extend<br />security across the enterprise<br />from:<br />to:<br />Block<br />Enable<br />Cost<br />Value<br />Siloed<br />Seamless<br />
  10. 10. Information Protection<br />Identity and Access Management<br />Business Ready Security Solutions<br />Secure Endpoint<br />Secure Collaboration<br />Secure Messaging<br />
  11. 11. Secure Messaging<br />Enable more secure business communication from virtually anywhere and on virtually any device, while preventing unauthorized use of confidential information<br />PROTECT everywhere<br />ACCESS anywhere<br />SIMPLIFY security,<br />MANAGE compliance<br />INTEGRATE and<br />EXTEND security<br /><ul><li>Best-in-class anti-malware on-premise / in-the-cloud
  12. 12. Protect sensitive information in e-mail
  13. 13. Secure, seamless access
  14. 14. Enterprise-wide visibility and reporting
  15. 15. Unified management
  16. 16. Built-in information protection
  17. 17. Extend secure e-mail to partners</li></li></ul><li>Innovative Technologies<br />Industry Collaboration and Cooperation<br />User Education<br />Effective Legislation<br />
  18. 18. Forefront Protection 2010 for Exchange Server<br />Antispam Protection<br />DNSBL<br />New content filter engine <br />Anti-Backscatter <br />Multiple engines<br />Hybrid Model<br />Enhanced Filtering<br />Keyword Filtering<br />Support for earlier Exchange server versions (Exchange 2003)<br />FOPE Integration <br />Integrated provisioning <br /> and Management<br />File Filtering<br />Multiple Engine Support<br />Antivirus protection<br />Antispam protection<br />Exchange 2007 Integration <br />Integrated into the Transport Pipeline<br />Administration<br />Powershell support<br />New Interface dashboard<br />Edge, Hub, and Mailbox<br />Hyper V support<br />Improved Performance <br />VSAPI for virus scanning<br />Microsoft Antispyware engine<br />
  19. 19. Forefront/Exchange Better Together:<br />Surpassing Security Expectations<br />Exchange 2010<br />Forefront 2010<br />Encryption<br />Antivirus<br />Antispam<br />Default Intra-Org <br />∙<br />Inter-Org mTLS support<br />∙<br />IRM support<br />Multiple Engine Malware Detection <br />Basic<br />Premium<br />Unified Management<br />Hosted, Hybrid Protection<br />Standard CAL<br />Enterprise CAL<br />
  20. 20. Industry-Leading Performance<br />3600 Malware and Spam Protection<br />West Coast Labs:<br />Spam Catch Rate above 99%<br />Premium Antispam certification<br />Virus Bulletin:<br />Continuous Spam Catch Rate above 99%:<br />99.77% (September 2009)<br />99.46% (November 2009)<br />
  21. 21. Protection 2010 for Exchange Server<br />Forefront Protection 2010 for Exchange Server Deployment Options<br />
  22. 22. Forefront Protection 2010 for Exchange Server<br />Threat Management Gateway<br />Enterprise Network<br />Edge Transport<br />Protection Availability:<br />Exchange 2010<br />Exchange 2007 SP1<br />Hub Transport<br />Routing & Policy<br />External Mail<br />Protection 2010 for Exchange Server<br />Protection 2010 for Exchange Server<br />Unified Messaging<br />Voice mail & voice access<br />Mailbox<br />Storage of mailbox items<br />Mobile phone<br />Protection 2010 for Exchange Server<br />Threat Management Gateway<br />Client Access<br />Client connectivity<br />Web services<br />Web browser<br />Phone system (PBX or VOIP)<br />Outlook (remote user)<br />Line of business applications<br />Outlook (local user)<br />
  23. 23. Protection 2010 for Exchange Server<br />Forefront Protection 2010 for Exchange Server Malware Protection<br />
  24. 24. Protect Messages from Malware<br />Protect everywhere,<br />access anywhere<br />Microsoft Solution<br />“Defense in Depth”<br />Competitors’ Solutions<br />Multiple Engines<br />Single Engine<br />38 times faster<br />An AV-Test of consumer antivirus products revealed:<br /><ul><li>On average, Forefront engine sets provided a response in 3.1 hours or less.
  25. 25. Single-engine vendors provided responses in 5 days, 4 days,and 6 days respectively. </li></ul>Automatic Engine Updates<br />On premises or in the cloud<br />99% spam detection*<br />* With premium antispam services<br />“<br />“Forefront Security for Exchange Server can support up to five scanning engines at the same time. Thus, it offers a more secure environment, compared with products that support using only a single engine.” <br />- Akihiro Shiotani, Deputy Director of the Infrastructure Group<br />Source: New Solution Helps Pharmaceutical Maker Improve IT Performance and Security. Microsoft case study, June 2008.<br />
  26. 26. Forefront Protection 2010 for Exchange Server: Multiple AV Scanning Engines Advantages<br />Leading antimalware engines deployment via integrated solution,<br />Allows multi-directional protection of messaging stream: inbound, outbound, internal, and data at rest,<br />Intelligent Engine Selection:<br />Automatically chooses the most current and effective engines first,<br />Allows administrators to balance security with performance needs.<br />Removal of a single point of failure in the organization,<br />Lower TCO – all engines included in base cost.<br />
  27. 27. Performance Improvements<br />Forefront Protection 2010 for Exchange Server vs. <br />Forefront Security for Exchange 2007<br />Results (5 engines test)<br />Technology investment<br />Message throughput improvement <br />From 25 to 40 messages/second<br />Measured reduction is 30%<br />Reduction in Context Switches<br />Improvements in CPU Utilization<br />15% in CPU Utilization improvement<br />Native 64-bit supportC<br />Coming in SP1<br />Gated by the Exchange Server perf<br />Spam Filtering throughput<br />
  28. 28. Automatic Updates<br />Remote Update Services<br />Forefront Engines Updates<br />MSAV/CMAE<br />Directly from vendor<br />Redistribution<br />Manual Config<br />
  29. 29. Managing Multi-Engine Environment <br />demo<br />
  30. 30. Protection 2010 for Exchange Server<br />Forefront Protection 2010 for Exchange Server <br />Antispam Overview<br />
  31. 31. Forefront Protection 2010 AntispamFunctional Highlights <br />
  32. 32. Forefront Protection 2010 Antispam Features<br />Recipient<br />Filter<br />Sender ID Filter<br />Sender Filter<br />Content<br />Filter<br />DNSBL <br />Filter<br />Backscatter Filter<br />Junk E-mail Filter<br />IP Block <br />List<br />Layered Antispam Technologies<br />Connection Filtering (IP Block/Allow, DNSBL, SenderID filters)<br />Protocol Filtering (Sender, Recipient, Backscatter filters)<br />Content Filtering (spam/phishing)<br />New additions: DNSBL, Cloudmark CMAE Engine, Backscatter, Hybrid Model<br />
  33. 33. Reducing the Carbon Footprint of Spam: Forefront DNSBL<br />Implemented as SMTP Receive Agent, configuration/maintenance-free feature,<br />Multiple external and internal RBL providers with continuous flow of feeds,<br />Queries sent to Forefront-owned DNS infrastructure,<br />Efficiency: based on internal MSIT numbers 80-85% of all incoming connection requests being denied by DNSBL,<br />Rejection response is actionable (to help with the corrective actions: “550 5.7.1 Do thisto get the IP removed from the DNSBL list…”<br />
  34. 34. &quot;Why I&apos;m getting this NDR??!&quot; Forefront Backscatter Protection<br />Outbound<br />Categorizer<br />Exchange internal<br />sender<br />External recipient<br />Token Definition:<br /><ul><li>BATV-compliant
  35. 35. Hashed tag (based off a key, time, sender, expiration, etc.)
  36. 36. Keys maintained and rotated</li></ul>Anti-Backscatter Agent:<br /><ul><li>Implemented as RoutingAgent
  37. 37. Acts only on Outbound mail
  38. 38. Attaches a token to P1.MailFrom:</li></li></ul><li>Forefront Backscatter protection<br />Inbound<br />Transport Pipeline<br />NDR generating<br />MTA<br />Exchange<br />NDR recipient<br />Token Verification:<br /><ul><li>Decrypt the sig using proper key
  39. 39. Verify integrity of the sig
  40. 40. If correct – strip off the sig, stamp the header, and accept NDR
  41. 41. If incorrect – Discard</li></ul>Backscatter Filter logic:<br /><ul><li>NDR discovery
  42. 42. Token verification
  43. 43. Acceptance decision</li></ul>SMTP Receive Agent:<br /><ul><li>Disabled by default
  44. 44. Acts upon DSNs only</li></li></ul><li>Forefront Content Filter Fingerprinting<br />Fingerprint Cache<br />Spam<br />Reject<br />Legitimate<br /><ul><li>Fingerprints compared to local cache of known bad fingerprints
  45. 45. Cache data updated every 45 seconds
  46. 46. Match: message is identified as abuse
  47. 47. No match: message is identified as legitimate
  48. 48. Message reduced to anonymous fingerprints
  49. 49. Fingerprints don’t indicate whether the message is legit or spam
  50. 50. Fingerprinting applied to every incoming message *
  51. 51. Relevant parts of the entire message are fingerprinted</li></ul>* Exceptions apply (Safe Senders/Recipients/Safe Listed IPs etc.)<br />
  52. 52. Content Filter SCL definitions<br />Forefront Content Filter enables normalization of raw spam score from CMAE engine to SCL<br />Forefront normalization logic:<br />All messages classified as not spam get SCL:-1<br />SCL assignment logic can be reverted to SCL:0 via powershell (New-FseExtendedOption –Name CFAllowBlockedSenders –Value true)<br />SCL:-1 boundaries are within -1 to 4 in Exchange<br />Actions available for messages within SCL range 5 to 9:<br />Reject/Delete/Stamp and Continue/Quarantine<br />SCL assigned to the message and can be enforced on a per-recipient basis<br />
  53. 53. Spam Configuration and Management <br />demo<br />
  54. 54. Forefront Unified Monitoring <br />and Reporting <br />Single Node – basic reports available for each technology layer,<br />Multi Node – advanced reports available via Forefront Protection Manager,<br />Single connection point to reporting via Forefront UI,<br />Agent Logs, Perfmon Data,<br />Incidents and Quarantine Database, Rich Eventing Model.<br />Author policy<br />Deploy<br />Correct<br />Collect Events<br />Analyze<br />View Alerts & Reports<br />
  55. 55. Simplify Security Management<br />Simplify security,<br />manage compliance<br /><ul><li>Unified policy management for on-premise and cloud-based messaging servers
  56. 56. Enterprise-wide visibility into e-mail threats through a single console
  57. 57. Help enable compliance with in-depth reporting capabilities
  58. 58. Easy to use inerfaces and templates for system configuration and threat response</li></ul>“<br />&quot;It let them bring everything together into one package for ease of management in the network“<br />- Amy Babinchak, Harbor Computer Services, Inc.<br />Source: New Solution Helps Pharmaceutical Maker Improve IT Performance and Security. Microsoft case study, June 2008.<br />
  59. 59. Malware protection<br />demo<br />
  60. 60. Protection 2010 for Exchange Server<br />Forefront Protection 2010 for Exchange Server: an extension into Online Services<br />
  61. 61. Firewall<br />Hybrid Messaging SecurityWith FPE + FOPE + Exchange <br />On-Premise Software<br />Internet<br />Spam policy<br />Mail<br />Spam policy<br />FOPE Gateway<br />Full Management Policy<br />SMTP <br />Mail<br />Exchange Hub<br />Mailbox Server<br />Exchange Edge<br />Antivirus and antispam protection for Exchange Server 2007/2010 Server Roles<br />Protection 2010 for Exchange Server<br />
  62. 62. Malware Protection: <br />Multiple Engines<br />Spam Protection:<br />Layered Defense<br />Key Differentiators<br />Ease of Administration, <br />Monitoring, and Reporting<br />Protection 2010 for Exchange Server <br />Hybrid Model:<br />Integration with <br />Online Service<br />
  63. 63. Forefront Protection 2010 for Exchange Server Benefits<br />Integrated multiple engine malware protection,<br />Best of breed spam protection for on the premises and in the cloud customers:<br />Precise spam detection with above 99% catch rate,<br />Reduction in Carbon Footprint of spam by early rejection of unwanted messaging stream.<br />Hybrid Model and Ease of Administration:<br />Low TCO with High ROI for Exchange organizations,<br />Flexible implementation.<br />
  64. 64. Exchange + Forefront Better Together Security Summary <br />Exchange 2010 provides…<br />Default encryption and broader support for IRM<br />Extensive infrastructure for per-user SCL<br />Incremental Edge Synch for safe/blocked senders<br />Per recipient list aggregation from Outlook <br />Forefront 2010 extends foundation with…<br />Premium multiple engine antimalware <br />Auto-configuration of antispam agents<br />Unified management of FPE, Exchange, FOPE<br />Leading antispam content filter engine (above 99% detection rate) <br />Option of hosted and hybrid protection for lower TCO<br />Config/maintenance-free setup.<br />
  65. 65. More Info….<br /><ul><li>Microsoft FPE Web Site
  66. 66. NEW! Microsoft FPE Whitepapers
  67. 67. Forefront Protection 2010 for Exchange Server Antispam Framework
  68. 68. Forefront Protection 2010 For Exchange Server Antispam
  69. 69. Forefront Protection 2010 for Exchange Server
  70. 70. Forefront Protection 2010 for Exchange Server Scan Actions And Sequence
  71. 71. Monitoring Forefront Protection 2010 for Exchange Server
  72. 72. Microsoft BRS – Secure Messaging
  73. 73. Microsoft Edge - FPE</li></li></ul><li>Additional Sessions<br /><ul><li>SIA317 – Microsoft Forefront Online Services – Overview, Architecture and Roadmap
  74. 74. SIA02-DEMO – End-to-End E-mail Protection
  75. 75. SIA05-IS – Secure Messaging using AD RMS and Exchange 2010
  76. 76. SIA304 – Windows Server 2008 R2 AD RMS</li></li></ul><li>question & answer<br />
  77. 77. Please Complete An Evaluation FormYour input is important!<br />Multiple ways to access Online Evaluation Forms:<br />CommNet stations located throughout conference venues<br />Via a Windows Mobile device<br />Via the CommNet “Julian” offline Windows Mobile evaluation and session scheduling tool<br />From any wired or wireless connection to:<br />1.<br />2.<br />3.<br />4.<br />For more information please refer to your Pocket Guide<br />Speaker – Click Hereto Launch Video<br />
  78. 78. Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!<br />
  79. 79. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.<br />The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.<br />
  80. 80. Content Filter Updates<br />Better Together for ECAL customers<br />ECAL customers receive premium Forefront content filter and updates,<br />ECAL customers will always have the freshest spam fingerprints,<br />“Lights Out” engine updates<br />
  81. 81. Secure Messaging – The Road Ahead<br />Currently Shipping<br />CY 2009<br />CY 2010<br />H2<br />H1<br />Manage-ment<br />Management Consoles<br />Protection & Access<br />Platform<br />Subject to Change<br />