Downloaded 55 times
More Related Content
Similar to System Center Endpoint Protection
![Vibe Coding vs. Spec-Driven Development [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/vibecodingvsspecdrivendevelopment-251209105622-43f455e7-thumbnail.jpg?width=640&height=640&fit=bounds)
System Center Endpoint Protection
- 1. Management Consulting |IAM and Data Protection | Governance Risk and Compliance System Center Endpoint Protection 2012 R2 Norman W. Mayes CISSP, MCSE: Private Cloud, ITIL-F February 2014 © 2014 Edgile, Inc. – All Rights Reserved
- 2. Table of Contents SystemCenter Endpoint Protection 2012 R2 1 Key Features and Benefits 2 Competitive Protection 2
- 3. System Center EndpointProtection Key Features and Benefits Simplified Administration Comprehensive Protection Stack Real time Endpoint Protection operations from console Malware-driven operations from the console Client-side merge of antimalware policies Single administrator experience for simplified endpoint protection and management © 2014 Edgile, Inc. – All Rights Reserved Simplified, 3X delivery of definitions through software updates New and improved Endpoint Protection client 3
- 4. System Center EndpointProtection Comprehensive Protection Stack Building on Windows Platform Security System Center Configuration Manager and Endpoint Protection Management Software Updates + SCUP Endpoint Protection Management Settings Management Operating System Deployment Software Distribution MDM System Center 2012 Endpoint Protection Antimalware Antimalware Behavior Monitoring Dynamic Translation Vulnerability Shielding Windows Defender Offline Cloud Clean Restore ELAM and Measured Boot Windows AppLocker BitLocker Data Execution Prevention Address Space Layout Randomization Windows Resource Protection Platform Internet Explorer Secure Boot Through UEFI Early Launch Antimalware (ELAM) Measured Boot User Access Control Available only in Windows 8.x © 2014 Edgile, Inc. – All Rights Reserved 4
- 5. System Center EndpointProtection Real-Time Operations Endpoint protection operations to clients in <1 minute Available Endpoint protection operations: – – – – – – Run definition updates Run quick scan Run full scan Allow threats Exclude paths and/or files Restore files quarantined by threat © 2014 Edgile, Inc. – All Rights Reserved 5
- 6. System Center EndpointProtection Malware Driven Operations Admin can easily view and take follow up actions on specific malware by type, and remediation status © 2014 Edgile, Inc. – All Rights Reserved 6
- 7. System Center EndpointProtection Client-Side Merge Endpoint Protection Policies Create granular policies for specific scenarios and have those merged on the clients Removes overhead of redundant policies Policies still honors relative priority, and merge when possible (exclusions, for example) © 2014 Edgile, Inc. – All Rights Reserved 7
- 8. System Center EndpointProtection Software Update Integration Architectural Changes to Support Updates 3X per Day Category-based scans from clients Delta synchs between Software Update Point (SUP) and WSUS Architectural Changes to Simplify SUP Setup Source top-level SUP from internal WSUS server Simplified, fault tolerant software update point setup (add multiple SUPs as needed, up to 8 per Primary Site no NLB or active SUP requirements) – Multiple SUP model is built for fault tolerance – Best performance comes from using a shared SUSDB for your software update points – Clients are optimized to NOT switch SUPs, and only do so after 4 failures (@ 30 minute intervals) – Full cross-forest support of SUPs including untrusted forests – Clients optimized to fallback to SUPs within their own forest first – Use Group Policy preferences if setting a WSUS server for client deployments © 2014 Edgile, Inc. – All Rights Reserved 8
- 9. System Center EndpointProtection Software Update Overview Hierarchy (Forest1) Hierarchy (Forest2) Primary Site Software Update Point 1 Software Update Point 2 Software Update Point 3 Software Update Point 4 4X Client Client Client.Forest1 © 2014 Edgile, Inc. – All Rights Reserved Client.Forest2 9
- 10. System Center EndpointProtection Enhanced Protection Enhanced Protection Common antimalware platform across Microsoft AM clients Proactive protection against known and unknown threats Integration with UEFI Trusted Boot, early-launch antimalware Reduced complexity while protecting clients Protect against known and unknown threats with endpoint inspection at behavior, application, and network levels © 2014 Edgile, Inc. – All Rights Reserved Heterogeneous antimalware clients Competitive protection: Endpoint Protection vs. Trend Micro 10
- 11. System Center EndpointProtection Common Antimalware Platform Platform Overview Common platform for all of Microsoft’s antimalware clients Security Essentials alone has +100 million users (#1 in North America) +660 million executions of Malicious Software Removal Tool per month All of these clients service Microsoft’s protection services research and response Diagnostic and Recovery Toolkit © 2014 Edgile, Inc. – All Rights Reserved Windows Defender Offline 11
- 12. System Center EndpointProtection Reduced Complexity Simple Interface Minimal, high-level user interactions Administrative Control User configurability options Central policy enforcement UI Lockdown and disable Maintains High Productivity CPU throttling during scans Faster scans through advanced caching Minimal network and client © 2014 Edgile, Inc. – All Rights Reserved 12
- 13. System Center EndpointProtection Heterogeneous Antimalware Clients Features Anti-virus and anti-malware support Machines connect directly to internet service for security content Client UI for user visibility and control SCOM monitoring pack for Linux with management control Platforms Native support for Windows 8.1 and Windows Server 2012 R2 Apple Mac (10.6-10.7) Linux Server: RedHat Enterprise 6, SuSE Linux 11 © 2014 Edgile, Inc. – All Rights Reserved 13
- 14. Table of Contents SystemCenter Endpoint Protection 2012 R2 1 Key Features and Benefits 2 Competitive Protection 14
- 15. System Center EndpointProtection Competitive Protection CHALLENGERS Endpoint Protection LEADERS Symantec McAfee Trend Micro Kaspersky Lab Sophos Microsoft Eset Bitdefender Ability to Execute F-Secure Panda Security Webroot IBM Check Point Software Technologies LANDesk Lumension Security ThreatTrack Security BeyondTrust NICHE PLAYERS Completeness of Vision © 2014 Edgile, Inc. – All Rights Reserved Arkoon Network Security VISIONARIES As of January 2014 Microsoft's malware lab benefits from a vast installation of the consumer version of the SCEP engine and its online system check utilities, which provide a large distribution of malware samples System Center Configuration Manager supports a dedicated endpoint protection role configuration. SCEP also allows on-demand signature updates from the cloud for suspicious files and previously unknown malware Organizations licensed under Microsoft's Enterprise CAL or Core CAL program receive SCEP at no additional cost. Approximately onethird of enterprise customers are actively considering Microsoft, during their next renewal periods Microsoft offers advanced system file cleaning, which replaces infected system files with clean versions from a trusted Microsoft cloud 15
- 16. System Center EndpointProtection Competitive Protection Endpoint Protection Challenges Microsoft System Center Configuration Manager is a prerequisite to SCEP Microsoft's client anti-malware protection approach: – Industry test scores are not has high as some competitors – Focused on reducing the impact of prevalent malware in the Windows installed base with the lowest false-positive rates in the industry SCEP does not have some advanced features other endpoint security solutions include – Microsoft leverages other Windows security features: Windows Firewall, BitLocker, AppLocker and Group Policy Objects © 2014 Edgile, Inc. – All Rights Reserved 16
- 17. System Center EndpointProtection Competitive Protection Trend Micro’s Challenges Historically, Trend Micro has been very conservative with new EPP capabilities, such as encryption and application control The core endpoint offerings – OfficeScan and Deep Security – are two separate products from separate teams with separate consoles. Deep Security has not been integrated into TMCM for deployment and policy management, but it has been integrated from a security reporting perspective Some capabilities (like encryption) that have been integrated into TMCM still require their native consoles to be deployed, but from that point forward, they can be managed within TMCM Trend Micro's installed base and market share in North America and EMEA are not as strong as in Asia/Pacific There is no out-of-the-box security state assessment beyond the EPP agent status, and no significant integration with operations tools, such as vulnerability assessments © 2014 Edgile, Inc. – All Rights Reserved 17
- 18. System Center EndpointProtection Competitive Protection Cost Avoidance Potential System Center 2012 R2 server management licensing maximizes value while simplifying purchasing. All server management licenses (SMLs) include the same components and the ability to manage any workload. System Center 2012 R2 SMLs are available in two editions differentiated by virtualization rights only: Datacenter: Maximizes cloud capacity with unlimited virtualization for high density private clouds Standard: For lightly or non-virtualized private cloud workloads. © 2014 Edgile, Inc. – All Rights Reserved Edition Components Included Operations Manager Microsoft System Center 2012 R2 Datacenter Configuration Manager Data Protection Manager Service Manager Virtual Machine Manager Microsoft System Center 2012 R2 Standard Endpoint Protection Orchestrator App Controller 18
- 19. System Center EndpointProtection Competitive Protection Cost Avoidance Potential Server Management Licenses are required for managed devices that run server Operating System Environments (OSEs). Licenses are processor-based, with each license covering up to two physical processors. The number of Server MLs required for each managed server is determined by the number of physical processor in the server for Datacenter Edition and either number of physical processors in the server or number of OSEs being managed for Standard Edition (whichever is greater). Example 4 Servers with 4 Cores Each to Support System Center Roles 4 Servers * 4 Cores / 2 = 6 Server ML Licenses © 2014 Edgile, Inc. – All Rights Reserved Server ML Edition Comparison: Datacenter Standard # of physical processors per license 2 2 # of Managed Operating System Environments (OSEs) per license Unlimited 2 Includes all System Center server management components Yes Yes Right to run management server software and supporting SQL Server Runtime (SQL Server Standard Edition) Yes Yes Manage any type of supported workload Yes Yes $3,607 $1,323 Open No Level (NL) License and Software Assurance (L&SA) 2-year price 19
- 20. System Center EndpointProtection Competitive Protection Configuration Manager Client ML Cost Avoidance Potential Client Management Licenses (MLs) are required for managed devices that run non-server OSEs. There are three System Center 2012 R2 Client ML offerings: Components Included Endpoint Protection Subscription Client Management Suite Client ML Configuration Manager Endpoint Protection Service Manager Virtual Machine Manager Operations Manager Data Protection Manager Configuration Manager Client ML Orchestrator Endpoint Protection Subscription Client Management Suite Client ML Included in Core CAL Suite Yes Yes No Core CAL and Enterprise CAL Suites will continue to be the most cost effective way to purchase client management products. Included in Enterprise CAL Suite Yes Yes Yes Open NL L&SA 2-year price $62 $22 $121 © 2014 Edgile, Inc. – All Rights Reserved 20
- 21. Wrap Up |Questions and Answers Norman W. Mayes 425.749.7447 Norman.Mayes@Edgile.com © 2014 Edgile, Inc. – All Rights Reserved 21