The new FOPE 10.2 release offers Office 365 Beta customers greater flexibility in configuring their Anti-spam and policy filtering settings directly through the FOPE Admin center console which they will now have access to. In addition, Office 365 Beta customers will now have enhanced secure mail routing options as well as options for mail flow between their Exchange Online and on-premises mailboxes.
Forefront Protection 2010 for Exchange Server is the only leading email protection product that offers multiple scanning engines in a single solution. Multiple scanning engines are a critical component in protecting against viruses and other malware. For example, most business (97 percent) provide antivirus and firewall protection, yet half of them (52 percent) experience virus infections (according to the CSI/FBI 2007 Survey) anyway. That’s because most scanning engine vendors can’t release antivirus signatures quickly enough to detect new threats—in some cases it can take days or even weeks! The Forefront Protection 2010 for Exchange Server engine set has been proven (by AV-Test.org) to detect new threats faster than single-engine solutions, in fact 38 times faster than single engine providers. This is because the product is getting virus signatures from 5 different companies with different response teams, decreasing the time to get signatures. Administrators can run up to five scanning engines simultaneously and in different combinations at Edge, Hub, and Mailbox servers. By running multiple scanning engines simultaneously, Forefront Protection 2010 for Exchange Server can more effectively protect against a single point of failure. It can also manage these engines so that if one engine fails or goes offline to update, other engines continue to protect the IT environment without slowing mail delivery. Spam Talking Points Spam was once just an annoyance, but it has become the tactic of choice for online deception, fraud, and abuse. Companies are being forced to commit significant resources to protect their messaging infrastructures and their brands, and computer users must stay vigilant to protect themselves from the influx of deceptive email.Microsoft has developed a holistic strategy to battle spam that includes industry collaboration, prescriptive education, and the development of innovative technologies and services. Forefront Protection 2010 for Exchange Server protects Exchange through aggregated reputation services and SmartScreen filtering technology from Microsoft. These are enhanced with highly accurate spam-filtering technology from the industry-leading partner Cloudmark.Forefront Protection 2010 for Exchange Server offers built-in integration with Forefront Online Security for Exchange, a hosted filtering service that enables customers to block spam before it ever reaches their networks.
July:“… a stunning spam catch rate of 99.96% combined with a total lack of false positives not only wins the product its sixth consecutive VBSpam award, but also gives it the highest final score for the third time in a row.”
FPE uses several kinds of filtering in order to identify and mitigate spam email:Connection Filtering—FPE examines the IP address of the original sender. FPE has user configurable static IP block and allow lists and a dynamic DNS block list maintained by Microsoft that can filter up to 90% of spam email. Sender Filtering—FPE examines the SMTP sender information. This filter enables administrators to configure allowed and blocked senders by domains and email addresses. Sender ID Filtering—FPE uses a Sender ID framework to validate that the sender is not spoofing the identity of another sender. Recipient Filtering—FPE can also be configured to allow and block email messages to certain recipients in your organization. In addition, FPE has the capability, through Active Directory Domain Service queries, to validate that the recipient exists in the company’s Active Directory Domain Service.Content Filtering—FPE also examines the content of the message itself, including subject line and the message body. FPE uses a third-party anti-spam engine to scan all email for spam. Backscatter Filtering—FPE includes new technology that enables administrators to prevent false Non-Delivery Reports (NDR) generated from spoofed sender addresses from entering their environment.
Forefront Online Protection for Exchange reputation-based connection blocking employs a proprietary list that, based on analysis of historical data, contains the addresses of computers connected to the Internet that are responsible for the majority of spam. Through an ongoing partnership with Microsoft® Windows Live™ Hotmail®, FOPE aggregates both consumer and corporate junk email data to populate a massive and comprehensive reputation database. FOPE also utilizes Internet Protocol (IP) reputation information from other companies and ISPs in order to provide enhanced protection from questionable IP’s and botnet attacks, which come from a collection of compromised computers running software under a common infrastructure of command and control. Spammers are frequently creating malicious web sites that they use for phishing and infecting malware. FOPE leverages a variety of sources to quickly update lists of known malicious URLs and update its content filters to block these messages. FOPE employs a layered approach to offer protection from both known and unknown threats for both inbound and outbound email. FOPE uses three antivirus engines (Symantec, Kaspersky, and Authentium) to help protect against viruses and other email threats. The antivirus engines include powerful heuristic detection to provide protection even during the early stages of a virus outbreak. The multi-engine approach has been shown to provide significantly more protection than using just one antivirus engine.FOPE offers an integrated approach to message security through policy enforcement. It allows companies to automatically monitor outbound and inbound email, stop sensitive or inappropriate messages from leaving and entering the corporate network, and allow specific senders to bypass spam filtering completely.
In a Standalone implementation, FOPE can be used with ANY typeof on-premises mail server. It is not limited to only working with Exchange Server.
FPE and FOPE can be used together to provide the best possible email protection. FOPE filters out all spam and malware before those messages ever get to your mail servers. This can eliminate as much as 90% of incoming email traffic, drastically reducing the load on your mail servers. FPE provides additional scanning capabilities such as Mailbox scanning and On-demand scanning. FPE also provides additional protection for mail sent internally.FPE communicates with FOPE through the FOPE Gateway. You use the gateway to make changes to the FOPE server's policy settings and synchronize with FPE’s anti-spam configurations. An automated system manages synchronization of anti-spam configuration settings that are common to FPE and the FOPE servers by updating the settings on the FOPE servers when a change is made to the FOPE or anti-spam settings in the FPE Administrator Console and saved.
Microsoft Forefront Protection 2010 for SharePoint (FPSP) helps reduce company liability and prevents data theft by denying access to documents containing out-of-policy content, confidential information, inappropriate language, and malware. FPSP integrates multiple scanning engines from industry-leading security partners into a single solution. FPSP provides customers with an easy-to-use administration console that includes customizable configuration settings, filtering options, and monitoring features and reports.
FPSP enables you to configure the following antimalware scanning options:Realtime—Scans, in real time, files that are uploaded to or downloaded from sites on your SharePoint server. Scheduled—Scans files that already reside on the server. On-demand—Scans specific sites to localize a known issue.
You can now manage multiple FPE and FPSP servers from a single management point using either the Forefront Protection Server Script Kit (FPSSK) or the Forefront Protection Server Management Console 2010 (FPSMC).The Microsoft Forefront Protection Server Script Kit provides multi-server management for Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint. In addition to the ability to manage multiple Forefront Protection Servers from a single location, this Solution Accelerator provideseasily extensible command-line scripts that help enable server discovery, configuration deployment, and integration with existing management technologies. It also offers basic reporting capabilities to detect configuration drift and monitor server statistics.The Microsoft Forefront Protection Server Management Console (FPSMC) is a management tool that provides information technology (IT) administrators with a way to centrally manage Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint deployments within your enterprise. Using a browser-based user interface, the management console provides centralized management.
The FPSMC supports the management of Forefront Protection 2010 for Exchange Server andForefront Protection 2010 for SharePoint. You cannot use FPSMC to manage Forefront Security for Office Communications Server (FSOCS).You cannot use FPSMC to manage Forefront Security Server or earlier products. To centrally manage Forefront Security Server or earlier products, use the Microsoft Forefront Server Security Management Console (FSSMC).
Jobs in Microsoft Forefront Protection Server Management Console (FPSMC) refer to tasks that can be performed from the console to the managed Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint servers in your environment.From the FPSMC you can create, edit, copy, and delete jobs. You can also schedule or run a job on demand as well as check the status of a job in process.
The Microsoft Forefront Protection Server Management Console (FPSMC) can collect information from the managed servers and generate reports on a variety of Forefront Protection-related topics. The four available reports are:-Incident Detection Report: The Incident Detection report collects and presents data about the number of malware incidents and filter matches over a period of time on one or more managed servers. -Spam Detection Report: The Spam Detection report collects and presents data about the number of spam messages blocked by Forefront Protection 2010 for Exchange Server.-Engine and Definition Report: The Engine and Definition Versions report is used to collect and present data about the antivirus engine versions and definitions on selected servers running Forefront Protection 2010 for Exchange Server or Forefront Protection 2010 for SharePoint. FPSMC compares the current engine versions of the managed servers with the latest versions in the FPSMC cache to determine which, if any, of your signatures are out of date.-New Servers Report:The New Servers report displays a list of any servers running Forefront Protection 2010 for Exchange Server or Forefront Protection 2010 for SharePoint that have been added in the past 30 days to the forest in which the FPSMC resides.
Agenda<br />Forefront Protection for Office: Overview<br />Secure Messaging <br />Protecting your email<br />Secure Collaboration<br />Protecting your collaboration portals<br />Management Experience<br />Improving security management (multiple servers support)<br />Forefront Protection for Office: Licensing<br />
Forefront Protection for Office: Overview<br />
Forefront for Office Products<br />Aligning protection with the workloads<br />
Forefront for Office Products Overview<br />Microsoft® Forefront® server protection solutions help businesses protect their messaging and collaboration servers against viruses, worms, spam, and inappropriate content.<br /><ul><li>Microsoft® Forefront® Protection 2010 for SharePoint®
Microsoft® Forefront® Security for Office Communications Server
Microsoft® Forefront® Server Security Management Console 2010
Microsoft® Forefront® Online Protection for Exchange
Microsoft® Forefront ® Protection 2010 for Exchange Server
Multiple scan engines at multiple layers throughout the corporate infrastructure provide maximum protection against email and collaboration threats
Multi-layer premium anti-spam</li></ul>Comprehensive Protection<br /><ul><li>Tight integration with Microsoft® Exchangeand Microsoft®SharePoint® maximizes availability and performance</li></ul>Integration with Exchange and SharePoint<br />Simplified Management<br /><ul><li>Easy-to-use management console provides central configuration and operation, automated scan engine signature updates, and reporting at the server and enterprise level</li></li></ul><li>Anti-Spam and Anti-Malware capabilities<br /><ul><li>Microsoft AV
Gartner Magic Quadrant for Secure E-Mail Gateways<br />-- Gartner, Inc. Magic Quadrant for Secure E-Mail Gateways, Peter Firstbrook, Erik Ouellet, April 27, 2010. <br />The Gartner Magic Quadrant is copyrighted by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.<br />This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Microsoft.<br />
Protect Messages from Malware<br />Microsoft Solution<br />“Defense in Depth”<br />Competitors’ Solutions<br />Multiple engines<br />Single engine<br />38 times faster<br />Automatic engine updates<br />An AV test of consumer antivirus products revealed:<br /><ul><li>On average, Forefront engine sets provided a response in 3.1 hours or fewer.
Single-engine vendors provided responses in 5 days, 4 days,and 6 days,respectively. </li></ul>On-premises or in the cloud<br />99% spam detection*<br />* With premium anti-spam services<br />
Keyword Filtering<br />Searches the message body for matches to keywords in selected lists<br />Can be imported from an existing file<br />Can filter phrases<br />Support operators: AND, OR, NOT<br />Actions: Skip & Detect, Delete, Suspend<br />
File Filtering<br />Filter by name, type, or size:<br />*.exe <br />*.doc<br />*>10 MB<br />Filters can be combinations of size, name, and type:<br />photo1.jpg > 10 MB<br />*.mp3 > 5 MB <br />*>10 MB<br />Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM, and BAT<br />Actions: SkipDetect, Suspend (Realtime), Delete (Scheduled/OnDemand)<br />
Container Behavior<br />Forefront scans within .zip, .rar, and other compressed formats and deletes only the offending file<br />EXE<br />DOC<br />TXT<br />DOC<br />JPG<br />BMP<br />JPG<br />BMP<br />Custom deletion text<br />Filter Rules:<br />Delete *.exeQuarantine<br />Container file before scan<br />EXE<br />Container file after scan<br />Quarantine<br />
DEMO<br />Forefront Protection for Exchange Server (FPE)<br />
Remote access via HTTP</li></li></ul><li>Job Management<br />Four types of jobs:<br />Deployment job (policy and patch)<br />Signature redistribution job <br />Scheduled report job<br />Product activation job<br />Jobs can be scheduled or run on demand<br />Jobs can be scoped to target a specific set of servers<br />Configured by the administrator<br />
Reporting<br />On-demand<br />Incident detection, spam detection, engine and definition version<br />Report scoped based on date range and desired servers<br />Report includes distribution of detections, trending, and raw data<br />Scheduled<br />Sent via email on a daily, weekly, or monthly basis<br />
FPSMC Architecture Overview<br />Remote access<br />Replication<br />Backup FPSMC<br />Primary FPSMC<br />Add FPE and FPSP servers to FPSMC and deploy agent<br />Upload policy to FPSMC and create jobs<br />Run jobs to deploy policy<br />Retrieve quarantine and reporting data periodically<br />
DEMO<br />Forefront Protection Server Management Console (FPSMC)<br />
Forefront Protection for Office: Licensing<br />
Forefront Protection for Office Product List and Acronyms<br />Forefront is the Microsoft brand and suite of security products:<br />Forefront Online Protection for Exchange (FOPE)<br />Exchange Hosted Encryption (EHE)<br />Forefront Protection 2010 for Exchange Server (FPE)<br />Forefront Protection 2010 for SharePoint (FPSP)<br />Forefront Security for OCS (FSOCS)<br />Forefront Protection Server Management Console (FPSMC)<br />Forefront Protection Server Script Kit (FPSSK)<br />
Questions and Answers<br />Submit text questions by using the “Ask” button<br />Don’t forget to fill out the survey<br />For upcoming and previously live webcasts: www.microsoft.com/webcast<br />Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781<br />