Microsoft Forefront - Secure Messaging & Online Protection for Exchange Overview Presentation


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Microsoft Forefront - Secure Messaging & Online Protection for Exchange Overview Presentation

  1. 1. Secure Messaging & Forefront Online Protection for Exchange Overview Name Title Group Microsoft Corporation
  2. 2. Business Ready Security Help securely enable business by managing risk and empowering people Protect everywhere, Identity Simplify the security access anywhere experience, manage compliance Highly Secure & Interoperable Platform Integrate and extend security across the enterprise from: to: Block Enable Cost Value Siloed Seamless
  3. 3. Agenda  Secure Messaging Challenges  The Microsoft Solution  Strategy for Messaging Security  Online Protection  On-Premises Protection  Hybrid Protection
  4. 4. Messaging and Collaboration Security Challenges Threats: Security threats continue to grow • Spam, viruses and phishing still plague users • Network attacks still prevalent Access: Growing Mobility • Need uninterrupted access to e-mail, IM and team sites • Mobile and remote access are critical for productivity • Security measures sometimes add hassle Control: Increasing regulations and compliance • Varying levels of compliance across organization • Concern for loss of sensitive information • Need to restrict inappropriate content *2005 Electronic Monitoring & Surveillance Survey from American Management Association (AMA) and the ePolicy Institute
  5. 5. Strategy for Securing Messaging and Collaboration Systems Microsoft Identity Challenges Responses & Security Solutions Threats Stop malicious software and spam from Protect entering into the messaging environment Access Publish Provide secure access to users outside the corporate network from managed and unmanaged endpoints Establish policies that determine secure remote access to Policy users, partners, and customers depending on their role Prevent leakage of confidential information in e-mail, Control Prevent documents and IM conversations internally and externally Quickly provision and de-provision user accounts Provision and synchronize across the environment. Understand the health and security status of your entire Manage environment in real-time and report on key trends.
  6. 6. Gartner Magic Quadrant for Secure E-Mail Gateways This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Microsoft. The Gartner Magic Quadrant is copyrighted by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. -- Gartner, Inc. Magic Quadrant for Secure E-Mail Gateways, Peter Firstbrook, Eric Ouellet, April 27, 2010.
  7. 7. Online Protection Solutions
  8. 8. Forefront Online Protection for Exchange Multilayer spam and virus protection and policy enforcement External Senders/ Corporate Network Recipients Exchange Server Legitimate Antivirus E-mail Edge Blocking Inbound Filtered Policy E-mail * Encryption Active FOPE Directory Directory Outbound Anti-spam Synchronization Tool Junk E-mail Filtered E-mail Disaster Recovery Messaging Administrator Administrator Console About 90% of Employees E-mail is junk End User Quarantine Also incorporates * Requires additional Exchange technology from… Hosted Encryption License
  9. 9. FOPE SLAs  FOPE provides a comprehensive set of SLAs covering network performance and spam and virus filtering effectiveness  Each SLA is backed by a financial commitment from Microsoft 100% > 98% < 1:250,000 Spam and Virus Filtering Effectiveness Known Virus Spam False Positive Protection Detection Ratio Filtering Network Rapid E-mail Delivery Network Uptime Performance (Average delivery commitment > 99.999% of less than 1 minute) Terms and conditions apply. Please visit the Admin Center Resource Center at You may have to login to the system to view the service level agreement. Please contact your reseller or Microsoft Account Manager if you wish to view these prior to signing up for the service.
  10. 10. FOPE Datacenters NOT Geo-proximity Mail latency: seconds, not milliseconds Washington Dublin Backup, Utility 191 Hosts Virginia Amsterdam 191 Hosts California Texas 220 Hosts Utility 200 Hosts Singapore 140 Hosts
  11. 11. Disaster Capacity 6,000,000,000 5 Billion 5,000,000,000 4,000,000,000 Recipients 3,000,000,000 Design goal: 7.5Bil, with Post-Edge 2,000,000,000 one DC out Delivery 1,000,000,000 0.5 Billion 0 12/29/2004 2/2/2006 3/9/2007 4/12/2008 5/17/2009
  12. 12. Additional safety and availability with multiple copies  Every server caches every customer’s settings  No DC relies on another to process mail Each Datacenter Customer Config PrimaryDB Each Filtering Each Filtering Server Each Filtering Server Server Config Customer Config Config Config BackupDB
  13. 13. Proactive health checking  Pushback  Servers automatically leave rotation if they are having trouble meeting SLA  Invisible to customer – different from Exchange “backpressure”  Central “Brain” prevents the entire service from going out of rotation at once I N T E R N E T
  14. 14. Outbound Risk Mitigation to protect your company’s email reputation Customer’s Outbound Non- Mail Server Delivery Pool Customer Mail Server Higher-Risk Delivery Pool
  15. 15. On-Premises Protection Solutions
  16. 16. Forefront server security solutions help businesses protect their messaging and collaboration servers against viruses, worms, spam and inappropriate content. Multiple scan engines at multiple layers throughout Comprehensive the corporate infrastructure provide maximum Protection protection against e-mail and collaboration threats Tight integration with Microsoft Exchange, Optimized SharePoint and Office Communications Servers Performance maximizes availability and performance Easy-to-use management console provides central configuration Simplified and operation, automated scan engine signature updates and Management reporting at the server and enterprise level
  17. 17. Protecting Exchange Environments Enterprise Network Edge Transport Hub Transport PBX or VoIP Other SMTP Routing Hygiene Routing Policy Servers Applications: Unified OWA Messaging Internet Protocols: ActiveSync, POP, Voice Messaging IMAP, RPC / HTTP … Mailbox Fax Programmability: Web services, Web parts Public Folders Client Access
  18. 18. Multiple Engine Management  Deploy single solution using multiple integrated technologies  All engines included in base cost  Up to 5 engines can be run simultaneously on any scan job A B C Messaging and D Collaboration Servers E
  19. 19. The Multiple Engine Advantage Response time1 (in hours) Single-engine solutions WildList Malware Forefront Vendor A Vendor B Vendor C Number Name Engines 04/09 agent_itw106.ex_ 0.00 0.00 0.00 0.00 04/09 autorun_itw625.ex_ 0.00 182.08 234.08 913.40  Rapid response 04/09 04/09 autorun_itw639.ex_ buzus_itw9.ex_ 0.00 0.00 0.00 33.38 0.00 11.47 12.42 6.62 to new threats 04/09 04/09 conficker_itw18.dl_ koobface_itw32.ex_ 0.00 65.02 0.00 120.27 0.00 0.00 0.00 686.32 04/09 onlinegames_itw654.ex_ 0.00 93.98 24.48 16.47  Fail-safe 04/09 04/09 prolaco_itw6.ex_ pushbot_itw15.ex_ 0.00 0.00 93.85 0.00 17.97 0.00 138.82 0.00 protection through 05/09 05/09 autorun_itw677.ex_ bagle_itw137.ex_ 0.00 0.00 0.00 0.00 315.72 0.00 224.45 0.00 redundancy 05/09 05/09 ircbot_itw513.ex_ koobface_itw34.ex_ 0.00 0.00 48.07 54.58 0.00 175.00 77.45 683.60 05/09 magania_itw66.ex_ 0.00 0.00 0.00 0.00  Diversity of 05/09 onlinegames_itw699.ex_ 44.55 56.97 105.27 37.03 05/09 snifula_itw2.ex_ 0.00 322.27 0.00 424.05 antivirus engines 05/09 zbot_itw57.ex_ 0.00 0.00 0.00 0.00 06/09 agent_itw130.ex_ 0.00 50.08 30.97 0.13 and heuristics 06/09 autorun_itw685.ex_ 3.05 160.63 183.52 848.63 06/09 autorun_itw689.ex_ 0.00 52.65 225.37 15.33 06/09 bagle_itw218.ex_ 0.00 0.00 54.82 788.90 06/09 ircbot_itw524.ex_ 0.00 54.20 0.00 0.00 Less than 5 hours 06/09 koobface_itw71.ex_ 0.00 60.62 49.20 758.35 06/09 magania_itw81.ex_ 0.00 0.00 0.00 16.38 06/09 magania_itw82.ex_ 0.00 0.00 0.00 0.00 5 to 24 hours 06/09 magania_itw93.ex_ 0.00 32.48 8.27 235.25 06/09 zbot_itw58.ex_ 0.00 0.00 0.00 36.58 More than 24 hours ** 0.00 denotes proactive detection 1 Source: 2009 (
  20. 20. File Filtering  Filter by name, direction, type, or size  Wildcards supported, e.g., “*resume*.doc”  <in>*.exe, <out>*.doc  Filters can be combinations of size, name, type & direction  <in>photo1.jpg>10mb, <out>*.mp3>5mb, <in>*>10mb  Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM and BAT (match files blocked by Outlook)  Actions  Skip: Detect only logs the event but does not block  Delete: Remove contents removes the attachment only and replaces with the customized deletion text  Purge: Eliminate message deletes both the attachment and the message body
  21. 21. Zip File Behavior Forefront scans within ZIP and other compressed formats (up to 5 deep) and deletes only the offending file. Custom deletion text Filter Rules: EXE DOC Delete *.exe TXT DOC Quarantine BMP JPG BMP JPG Container file EXE Container file before scan after scan Quarantine
  22. 22. Keyword Filtering  Filters message body and subject based on content criteria  Filter lists can enable search for words, phrases, and sentences with basic lexicon  Includes pre-populated lists in 11 languages to scan for  Profanity  Discriminatory words
  23. 23. Forefront Anti-spam Flow Incoming Internet 1 E-mail Connection filtering 1 Connection Filtering SMTP Filtering 2 2 Protocol filtering Content 3 Filtering Administrator Quarantine Mailbox / Store 3 Content filtering User Inbox User Junk E-mail Folder
  24. 24. Hybrid Messaging Protection (Online and On-Premises)
  25. 25. Hybrid Messaging Security Online On-Premise Software Exchange Server Firewall Internet SMTP Edge Role Hub Role Mailbox Role Antivirus and anti-spam protection for Exchange Server 2007 Server Roles Anti Malware Anti Spam Management Forefront Online • Symantec • Inbound Messaging Hygiene • Anti Spam Feedback Loop Protection for Exchange • Authentium • Stop Foreign Spam • Message Tracing • Kaspersky • Outbound Spam Mitigation • IT Admin Improvements Forefront Protection • MS AV + AntiSpyware • Internal mail filtering • Forefront Server Security 2010 for Exchange • Kaspersky • Industry-leading 3rd party content Management Console Server • Authentium filtering • Virus Buster • Norman
  26. 26. Hybrid Anti-Spam Benefits  Stops junk e-mail and malware before they reach your network Active  Provides always-available e-mail with user-based Quarantine Protection  Meets most compliance requirements  High-availability global network backed by SLAs Enterprise-Class  Secure operations process that meets audit standards Reliability  Reduces complexity of IT environment  Quickly activates with simple MX record change Reduced Cost  Saves time on anti-spam management; frees up resources of Administration  Deployed quickly without additional Capital Expenditures
  27. 27. Hybrid Anti-Spam Monitoring  Incidents  JetBlue database with aggregated statistics  Quarantine database  Agent Log  Used for all FPE Premium anti-spam agents  Compatible with Exchange agent log schema  Performance counters  Messages Per spam Confidence Levels (SCLs)  Total Messages sent to Quarantine, Deleted, Rejected  Aggregated in SCOM pack  Reports (aggregated statistics)  Hit Rate for DNSBL with granularity to action  Top spam sender domain  Top spam-sending IP  Top targeted domain  Top targeted recipient
  28. 28. Microsoft is Your Technology Partner  Covers functions needed to optimize your infrastructure: operating Unified and systems, virtualization, management, security, identity and access Comprehensive  Spans the breadth of your infrastructure: desktop, server, mobile devices, application platform, and security Interoperable  Our products have always worked well together by Design  Compliant with industry standards by design Trusted  Reduces IT Support and end user training costs and Familiar  Maximizes productivity
  29. 29. Appendix