Forefront Protection for Office Overview


Published on

Forefront Protection for Office TechNet Presentation

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • The new FOPE 10.2 release offers Office 365 Beta customers greater flexibility in configuring their Anti-spam and policy filtering settings directly through the FOPE Admin center console which they will now have access to. In addition, Office 365 Beta customers will now have enhanced secure mail routing options as well as options for mail flow between their Exchange Online and on-premises mailboxes.
  • Forefront Protection 2010 for Exchange Server is the only leading email protection product that offers multiple scanning engines in a single solution. Multiple scanning engines are a critical component in protecting against viruses and other malware. For example, most business (97 percent) provide antivirus and firewall protection, yet half of them (52 percent) experience virus infections (according to the CSI/FBI 2007 Survey) anyway. That’s because most scanning engine vendors can’t release antivirus signatures quickly enough to detect new threats—in some cases it can take days or even weeks!  The Forefront Protection 2010 for Exchange Server engine set has been proven (by to detect new threats faster than single-engine solutions, in fact 38 times faster than single engine providers. This is because the product is getting virus signatures from 5 different companies with different response teams, decreasing the time to get signatures. Administrators can run up to five scanning engines simultaneously and in different combinations at Edge, Hub, and Mailbox servers. By running multiple scanning engines simultaneously, Forefront Protection 2010 for Exchange Server can more effectively protect against a single point of failure. It can also manage these engines so that if one engine fails or goes offline to update, other engines continue to protect the IT environment without slowing mail delivery. Spam Talking Points Spam was once just an annoyance, but it has become the tactic of choice for online deception, fraud, and abuse. Companies are being forced to commit significant resources to protect their messaging infrastructures and their brands, and computer users must stay vigilant to protect themselves from the influx of deceptive email.Microsoft has developed a holistic strategy to battle spam that includes industry collaboration, prescriptive education, and the development of innovative technologies and services. Forefront Protection 2010 for Exchange Server protects Exchange through aggregated reputation services and SmartScreen filtering technology from Microsoft. These are enhanced with highly accurate spam-filtering technology from the industry-leading partner Cloudmark.Forefront Protection 2010 for Exchange Server offers built-in integration with Forefront Online Security for Exchange, a hosted filtering service that enables customers to block spam before it ever reaches their networks.  
  • July:“… a stunning spam catch rate of 99.96% combined with a total lack of false positives not only wins the product its sixth consecutive VBSpam award, but also gives it the highest final score for the third time in a row.”
  • FPE uses several kinds of filtering in order to identify and mitigate spam email:Connection Filtering—FPE examines the IP address of the original sender. FPE has user configurable static IP block and allow lists and a dynamic DNS block list maintained by Microsoft that can filter up to 90% of spam email. Sender Filtering—FPE examines the SMTP sender information. This filter enables administrators to configure allowed and blocked senders by domains and email addresses. Sender ID Filtering—FPE uses a Sender ID framework to validate that the sender is not spoofing the identity of another sender. Recipient Filtering—FPE can also be configured to allow and block email messages to certain recipients in your organization. In addition, FPE has the capability, through Active Directory Domain Service queries, to validate that the recipient exists in the company’s Active Directory Domain Service.Content Filtering—FPE also examines the content of the message itself, including subject line and the message body. FPE uses a third-party anti-spam engine to scan all email for spam. Backscatter Filtering—FPE includes new technology that enables administrators to prevent false Non-Delivery Reports (NDR) generated from spoofed sender addresses from entering their environment.
  • Forefront Online Protection for Exchange reputation-based connection blocking employs a proprietary list that, based on analysis of historical data, contains the addresses of computers connected to the Internet that are responsible for the majority of spam. Through an ongoing partnership with Microsoft® Windows Live™ Hotmail®, FOPE aggregates both consumer and corporate junk email data to populate a massive and comprehensive reputation database. FOPE also utilizes Internet Protocol (IP) reputation information from other companies and ISPs in order to provide enhanced protection from questionable IP’s and botnet attacks, which come from a collection of compromised computers running software under a common infrastructure of command and control. Spammers are frequently creating malicious web sites that they use for phishing and infecting malware. FOPE leverages a variety of sources to quickly update lists of known malicious URLs and update its content filters to block these messages. FOPE employs a layered approach to offer protection from both known and unknown threats for both inbound and outbound email. FOPE uses three antivirus engines (Symantec, Kaspersky, and Authentium) to help protect against viruses and other email threats. The antivirus engines include powerful heuristic detection to provide protection even during the early stages of a virus outbreak. The multi-engine approach has been shown to provide significantly more protection than using just one antivirus engine.FOPE offers an integrated approach to message security through policy enforcement. It allows companies to automatically monitor outbound and inbound email, stop sensitive or inappropriate messages from leaving and entering the corporate network, and allow specific senders to bypass spam filtering completely.
  • In a Standalone implementation, FOPE can be used with ANY typeof on-premises mail server. It is not limited to only working with Exchange Server.
  • FPE and FOPE can be used together to provide the best possible email protection. FOPE filters out all spam and malware before those messages ever get to your mail servers. This can eliminate as much as 90% of incoming email traffic, drastically reducing the load on your mail servers. FPE provides additional scanning capabilities such as Mailbox scanning and On-demand scanning. FPE also provides additional protection for mail sent internally.FPE communicates with FOPE through the FOPE Gateway. You use the gateway to make changes to the FOPE server's policy settings and synchronize with FPE’s anti-spam configurations. An automated system manages synchronization of anti-spam configuration settings that are common to FPE and the FOPE servers by updating the settings on the FOPE servers when a change is made to the FOPE or anti-spam settings in the FPE Administrator Console and saved.
  • Microsoft Forefront Protection 2010 for SharePoint (FPSP) helps reduce company liability and prevents data theft by denying access to documents containing out-of-policy content, confidential information, inappropriate language, and malware. FPSP integrates multiple scanning engines from industry-leading security partners into a single solution. FPSP provides customers with an easy-to-use administration console that includes customizable configuration settings, filtering options, and monitoring features and reports.
  • FPSP enables you to configure the following antimalware scanning options:Realtime—Scans, in real time, files that are uploaded to or downloaded from sites on your SharePoint server. Scheduled—Scans files that already reside on the server. On-demand—Scans specific sites to localize a known issue.
  • You can now manage multiple FPE and FPSP servers from a single management point using either the Forefront Protection Server Script Kit (FPSSK) or the Forefront Protection Server Management Console 2010 (FPSMC).The Microsoft Forefront Protection Server Script Kit provides multi-server management for Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint. In addition to the ability to manage multiple Forefront Protection Servers from a single location, this Solution Accelerator provideseasily extensible command-line scripts that help enable server discovery, configuration deployment, and integration with existing management technologies. It also offers basic reporting capabilities to detect configuration drift and monitor server statistics.The Microsoft Forefront Protection Server Management Console (FPSMC) is a management tool that provides information technology (IT) administrators with a way to centrally manage Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint deployments within your enterprise. Using a browser-based user interface, the management console provides centralized management.
  • The FPSMC supports the management of Forefront Protection 2010 for Exchange Server andForefront Protection 2010 for SharePoint. You cannot use FPSMC to manage Forefront Security for Office Communications Server (FSOCS).You cannot use FPSMC to manage Forefront Security Server or earlier products. To centrally manage Forefront Security Server or earlier products, use the Microsoft Forefront Server Security Management Console (FSSMC).
  • Jobs in Microsoft Forefront Protection Server Management Console (FPSMC) refer to tasks that can be performed from the console to the managed Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint servers in your environment.From the FPSMC you can create, edit, copy, and delete jobs. You can also schedule or run a job on demand as well as check the status of a job in process.
  • The Microsoft Forefront Protection Server Management Console (FPSMC) can collect information from the managed servers and generate reports on a variety of Forefront Protection-related topics. The four available reports are:-Incident Detection Report: The Incident Detection report collects and presents data about the number of malware incidents and filter matches over a period of time on one or more managed servers. -Spam Detection Report: The Spam Detection report collects and presents data about the number of spam messages blocked by Forefront Protection 2010 for Exchange Server.-Engine and Definition Report: The Engine and Definition Versions report is used to collect and present data about the antivirus engine versions and definitions on selected servers running Forefront Protection 2010 for Exchange Server or Forefront Protection 2010 for SharePoint. FPSMC compares the current engine versions of the managed servers with the latest versions in the FPSMC cache to determine which, if any, of your signatures are out of date.-New Servers Report:The New Servers report displays a list of any servers running Forefront Protection 2010 for Exchange Server or Forefront Protection 2010 for SharePoint that have been added in the past 30 days to the forest in which the FPSMC resides.
  • Keep this slide
  • Try to limit to TOP 5 links and Resources
  • Forefront Protection for Office Overview

    1. 1. Forefront Protection for Office: Overview<br />Curtis Parker, Product Manager<br />Microsoft Corporation<br />al<br />1<br />
    2. 2. Agenda<br />Forefront Protection for Office: Overview<br />Secure Messaging <br />Protecting your email<br />Secure Collaboration<br />Protecting your collaboration portals<br />Management Experience<br />Improving security management (multiple servers support)<br />Forefront Protection for Office: Licensing<br />
    3. 3. Forefront Protection for Office: Overview<br />
    4. 4. Forefront for Office Products<br />Aligning protection with the workloads<br />
    5. 5. Forefront for Office Products Overview<br />Microsoft® Forefront® server protection solutions help businesses protect their messaging and collaboration servers against viruses, worms, spam, and inappropriate content.<br /><ul><li>Microsoft® Forefront® Protection 2010 for SharePoint®
    6. 6. Microsoft® Forefront® Security for Office Communications Server
    7. 7. Microsoft® Forefront® Server Security Management Console 2010
    8. 8. Microsoft® Forefront® Online Protection for Exchange
    9. 9. Microsoft® Exchange Hosted Encryption
    10. 10. Microsoft® Forefront ® Protection 2010 for Exchange Server
    11. 11. Multiple scan engines at multiple layers throughout the corporate infrastructure provide maximum protection against email and collaboration threats
    12. 12. Multi-layer premium anti-spam</li></ul>Comprehensive Protection<br /><ul><li>Tight integration with Microsoft® Exchangeand Microsoft®SharePoint® maximizes availability and performance</li></ul>Integration with Exchange and SharePoint<br />Simplified Management<br /><ul><li>Easy-to-use management console provides central configuration and operation, automated scan engine signature updates, and reporting at the server and enterprise level</li></li></ul><li>Anti-Spam and Anti-Malware capabilities<br /><ul><li>Microsoft AV
    13. 13. Kaspersky
    14. 14. Authentium
    15. 15. Virus Buster
    16. 16. Norman
    17. 17. Cloudmark
    18. 18. Microsoft AV
    19. 19. Kaspersky
    20. 20. Authentium
    21. 21. Virus Buster
    22. 22. Norman
    23. 23. Symantec
    24. 24. Kaspersky
    25. 25. Authentium
    26. 26. Layered defenses against junk mail
    27. 27. IP reputation blocking
    28. 28. Connection analysis
    29. 29. Reputation analysis
    30. 30. Safe Senders Sync
    31. 31. Outlook Junk Email Plugin
    32. 32. Additional spam filtering options
    33. 33. IP-based authentication
    34. 34. Non-delivery report backscatter mitigation
    35. 35. Outbound spam filtering
    36. 36. Rules-based scoring
    37. 37. Fingerprinting
    38. 38. Integrated antispyware protection
    39. 39. Integrated antispyware protection
    40. 40. Bounce Address Tag Validation (BATV)
    41. 41. Industry-leading third-party content filtering engine
    42. 42. Data-loss prevention (DLP)</li></li></ul><li>Filtering Capabilities<br /><ul><li>Hosted Service Edge Filtering (MX Points to FOPE)
    43. 43. Transport Scanning
    44. 44. Subject line
    45. 45. Body
    46. 46. Message character sets
    47. 47. Cannot filter content inside attachments
    48. 48. Predefined rule sets
    49. 49. Filter inside attachments
    50. 50. Keyword filtering to block out-of-policy content
    51. 51. Policy Rule Syntax options support: Basic and regular expressions
    52. 52. Can add custom dictionaries
    53. 53. Determines true file type
    54. 54. Extensions
    55. 55. Format
    56. 56. Zip
    57. 57. Determines true file type
    58. 58. Extensions
    59. 59. Format
    60. 60. Zip
    61. 61. Extensions
    62. 62. Filenames</li></li></ul><li><ul><li>Rapid response to new threats
    63. 63. Fail-safe protection through redundancy
    64. 64. Diversity of antivirus engines and heuristics</li></ul>** 0.00 denotes proactive detection<br />1 Source: (<br />The Multiple-Engine Advantage<br />
    65. 65. Secure Messaging<br />Protecting your email<br />
    66. 66. Secure Messaging Solutions <br />
    67. 67. Gartner Magic Quadrant for Secure E-Mail Gateways<br />-- Gartner, Inc. Magic Quadrant for Secure E-Mail Gateways, Peter Firstbrook, Erik Ouellet, April 27, 2010. <br />The Gartner Magic Quadrant is copyrighted by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.<br />This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Microsoft.<br />
    68. 68. Forefront Protection for Exchange Server:Industry-Leading Performance<br />West Coast Labs:<br />Spam catch rate above 99%<br />Premium anti-spam certification<br />Virus Bulletin: Continuous live spam catch rate above 99%:<br />99.77% (September 2009)<br />99.46% (November 2009)<br />99.32% (January 2010)<br />99.86% (March 2010)<br />99.93% (May 2010)<br />99.96% (July 2010)<br />
    69. 69. Protect Messages from Malware<br />Microsoft Solution<br />“Defense in Depth”<br />Competitors’ Solutions<br />Multiple engines<br />Single engine<br />38 times faster<br />Automatic engine updates<br />An AV test of consumer antivirus products revealed:<br /><ul><li>On average, Forefront engine sets provided a response in 3.1 hours or fewer.
    70. 70. Single-engine vendors provided responses in 5 days, 4 days,and 6 days,respectively. </li></ul>On-premises or in the cloud<br />99% spam detection*<br />* With premium anti-spam services<br />
    71. 71. July 2010<br />
    72. 72. Forefront Protection for Exchange Server<br />Enterprise Network<br />Edge Transport<br />Protection availability:<br />Exchange 2010<br />Exchange 2007 SP1<br />Hub Transport<br />Routing & Policy<br />External mail<br />Unified Messaging<br />Voice mail & voice access<br />Mailbox<br />Storage of mailbox items<br />Mobile phone<br />Client Access<br />Client connectivity<br />Web services<br />Phone system (PBX or VOIP)<br />Web browser<br />Outlook (remote user)<br />Line of business applications<br />Outlook (local user)<br />
    73. 73. FPE Anti-Spam Functional Highlights <br />
    74. 74. Keyword Filtering<br />Searches the message body for matches to keywords in selected lists<br />Can be imported from an existing file<br />Can filter phrases<br />Support operators: AND, OR, NOT<br />Actions: Skip & Detect, Delete, Suspend<br />
    75. 75. File Filtering<br />Filter by name, type, or size:<br />*.exe <br />*.doc<br />*>10 MB<br />Filters can be combinations of size, name, and type:<br />photo1.jpg > 10 MB<br />*.mp3 > 5 MB <br />*>10 MB<br />Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM, and BAT<br />Actions: SkipDetect, Suspend (Realtime), Delete (Scheduled/OnDemand)<br />
    76. 76. Container Behavior<br />Forefront scans within .zip, .rar, and other compressed formats and deletes only the offending file<br />EXE<br />DOC<br />TXT<br />DOC<br />JPG<br />BMP<br />JPG<br />BMP<br />Custom deletion text<br />Filter Rules:<br />Delete *.exeQuarantine<br />Container file before scan<br />EXE<br />Container file after scan<br />Quarantine<br />
    77. 77. DEMO<br />Forefront Protection for Exchange Server (FPE)<br />
    78. 78. FOPE CoreProductCapabilities<br />
    79. 79. FOPE Implementation Scenarios<br />
    80. 80. Forefront Online Protection for Exchange<br />Multilayer spam and virus protection and policy enforcement<br />Corporate network<br />External senders/ recipients<br />Exchange Server<br />Legitimate<br />email<br />Antivirus<br />Inbound filteredemail<br />Policy<br />Edge Blocking<br />Active Directory<br />Encryption*<br />FOPE Directory Synchronization Tool<br />Anti-spam<br />Outbound filtered email<br />Junk email<br />Automatic spooling<br />Messaging<br />administrator<br />Administrator<br />console<br />Employees<br />About 90% of<br />email is junk<br />End-user quarantine<br />Also incorporates technology from…<br />*Requires additional <br />Exchange Hosted Encryption license<br />
    81. 81. Hybrid Messaging Protection<br />On-premises software<br />Online<br />Exchange Server<br />Internet<br />SMTP <br />Edge role<br />Hub role<br />Mailbox role<br />Antivirus and anti-spam protection for Exchange Server 2010 and Exchange Server 2007 server roles<br />
    82. 82. DEMO<br />Forefront Online Protection for Exchange (FOPE)<br />
    83. 83. Secure Collaboration<br />Protecting your collaboration portals<br />
    84. 84. The Need for SharePoint Protection<br />SQL back end<br />Indexing server<br />Management<br />External SharePoint users<br />Potential malware<br />Internet<br />Potential malware<br />InternalSharePoint users<br />Unified Application Gateway<br />Web front end<br />firewall<br />
    85. 85. Integration with SharePoint<br />Forefront Protection for SharePoint<br />Antivirus scanning<br />Antispyware scanning<br />Keyword filtering<br />File filtering<br />Quarantine <br />VSAPI<br />Upload/<br />download<br />SharePoint<br />databases<br />SharePoint<br />web front-end servers<br />
    86. 86. DEMO<br />Forefront Protection for SharePoint (FPSP)<br />
    87. 87. Management Experience<br />Improving security management<br />
    88. 88. Management Options for Forefront Protection Servers<br />
    89. 89. Simplified Management<br />Visibility and Control<br />Enterprise Ready<br /><ul><li>Manage multi-server FPE 2010 and FPSP 2010 environments
    90. 90. Server discovery and grouping
    91. 91. Product patch and FPSMC agent deployment
    92. 92. Deploy policies to custom-defined groups of servers
    93. 93. Manage cross-domain and non-domain servers from one console
    94. 94. Firewall friendly communication channel
    95. 95. Signature redistribution for 32-bit and 64-bit engines
    96. 96. Online integration with FOPE
    97. 97. Visibility into incidents across FPE and FPSP
    98. 98. Real-time monitoring for security events
    99. 99. User friendly Dashboard view
    100. 100. Real-time and historical reports
    101. 101. Web-based interface for easier access
    102. 102. License distribution and activation
    103. 103. Centralized quarantine
    104. 104. Enterprise-ready scalability
    105. 105. Support for SQL scenarios
    106. 106. Business continuity for critical functionality
    107. 107. Manage FPE on clusters (Exchange 2007 and Exchange 2010)</li></ul>Built on Microsoft Infrastructure<br /><ul><li>Windows Server 2008 R2
    108. 108. Hyper-V
    109. 109. WCF
    110. 110. Active Directory
    111. 111. SQL Server 2008
    112. 112. Internet Explorer 7.0 and Internet Explorer 8.0</li></ul>FPSMC Capabilities<br />
    113. 113. FPSMC Console<br /><ul><li>Accessible via Internet Explorer
    114. 114. Central console for all FPSMC tasks
    115. 115. Remote access via HTTP</li></li></ul><li>Job Management<br />Four types of jobs:<br />Deployment job (policy and patch)<br />Signature redistribution job <br />Scheduled report job<br />Product activation job<br />Jobs can be scheduled or run on demand<br />Jobs can be scoped to target a specific set of servers<br />Configured by the administrator<br />
    116. 116. Reporting<br />On-demand<br />Incident detection, spam detection, engine and definition version<br />Report scoped based on date range and desired servers<br />Report includes distribution of detections, trending, and raw data<br />Scheduled<br />Sent via email on a daily, weekly, or monthly basis<br />
    117. 117. FPSMC Architecture Overview<br />Remote access<br />Replication<br />Backup FPSMC<br />Primary FPSMC<br />Add FPE and FPSP servers to FPSMC and deploy agent<br />Upload policy to FPSMC and create jobs<br />Run jobs to deploy policy<br />Retrieve quarantine and reporting data periodically<br />
    118. 118. DEMO<br />Forefront Protection Server Management Console (FPSMC)<br />
    119. 119. Forefront Protection for Office: Licensing<br />
    120. 120. Forefront Protection for Office Product List and Acronyms<br />Forefront is the Microsoft brand and suite of security products:<br />Forefront Online Protection for Exchange (FOPE)<br />Exchange Hosted Encryption (EHE)<br />Forefront Protection 2010 for Exchange Server (FPE)<br />Forefront Protection 2010 for SharePoint (FPSP)<br />Forefront Security for OCS (FSOCS)<br />Forefront Protection Server Management Console (FPSMC)<br />Forefront Protection Server Script Kit (FPSSK)<br />
    121. 121. Subscription Licensed Products<br />
    122. 122. Additional Resources and Announcements<br />
    123. 123. Introducing Business Ready Security Demo 4.0i<br />Microsoft Business Ready Security (BRS) 4.0i <br />New! FPSMC RTW included<br />New! FPSMC hands-on lab (HOL)<br />New! FPE and FPSP update rollups<br />End-to-end demo environment<br />All identity and security solutions and technologies <br />7 GB zipped installer package <br />Demo scripts and architecture overview documentation provided<br />Available as download:<br />Distribution list:<br />
    124. 124. Business Ready Security Demo 4.0i (continued)<br />
    125. 125. Business Ready Security Demo 4.0i (continued)<br />
    126. 126. Links and Resources<br />
    127. 127. Questions and Answers<br />Submit text questions by using the “Ask” button<br />Don’t forget to fill out the survey<br />For upcoming and previously live webcasts:<br />Got webcast content ideas? Contact us at:<br />
    128. 128. 47<br />