Antigen tdm

468 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
468
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Antigen tdm

  1. 1. E-mail Server Security ProductsBogdan KlekotMicrosoft Solutions Architect – Management & Securitybogdank@microsoft.com
  2. 2. Agenda Introduction to Antigen E-mail Security Products Advanced Protection Features n Multiple Antivirus (AV) Engine Management n Distributed Protection n Layered Anti-spam Availability and Control Features n Performance Bias Setting n Scanning Innovations n Worm Removal n Cluster Support n Management Secure Content Features n Content Filtering Summary
  3. 3. Service s Edge Server Applications Information Protection Client and Server OS Identity Management Systems Active Directory Management Federation Services (ADFS) Guidance Developer Tools
  4. 4. Antigen E-mail and Collaboration Server Security Live Communications SharePoint Server ISA Server Collaboration SMTP Server Exchange Server Internet Users EdgeViruses E-mail VirusesWorms WormsSpam Inapp. Content Microsoft Operations Manager Antigen MP Management
  5. 5. E-mail SecurityAntigen e-mail security solutions help businesses protect their messaging serversagainst viruses, worms, spam, and inappropriate content. Advanced Multiple scan engines at multiple layers throughout the e-mail infrastructure provide improved protection against e-mail Protection threats. Availability & Tight integration with Microsoft Exchange and Windows-based SMTP servers maximizes availability and management control. Control Helps organizations eliminate inappropriate language and Secure dangerous attachments from internal and external Content communications
  6. 6. New Microsoft Antigen Products  Antivirus and content filtering for Exchange 2003 and 2000  Helps stop threats that get past perimeter defenses and helps contain internal incidents  Antivirus and content filtering for Windows Server 2003 and 2000 SMTP Gateways  Helps stop threats before they reach internal messaging resources and users  Anti-spam and content filtering for Windows-based SMTP and Exchange-based servers  Helps stop spam before it can impact user and network productivity  Centralized management for Antigen- protected servers  Improves IT visibility and control into e-mail server security
  7. 7. Advanced Protection
  8. 8. E-mail Antivirus Approaches Internet Viruses Single Vendor/Single Engine Worms • Same scan engine, heuristics Spam technology and signature files on all server and client platforms • Dependent on one AV lab A A for scan engine updates during virus or worm ISA Server SMTP Server outbreaks • Queuing and delay during A A A engine updates on mission Exchange Exchange critical servers (likeExchange Exchange) A Problem: A A Single Point of Failure
  9. 9. E-mail Antivirus Approaches Internet Viruses Multi-vendor/Multi-Engine Worms Spam • Different scan engines, heuristics technologies and signature files on server and client platforms A B • High acquisition and ISA Server SMTP Servers maintenance cost • Added filtering complexity C D EExchange Exchange Exchange C Problem: A E Management/Cost
  10. 10. Antigen Multiple Engine Management One solution, multiple technologies A B CInternet D E Exchange Server/ Windows-based SMTP Server
  11. 11. Antigen Antivirus Scan Engines Antigen Stand-alone Messaging Products Security Suite New! Microsoft Antivirus Standard engines plus: Sophos Kaspersky Lab CA VET AhnLab Authentium CA InoculateIT VirusBuster Norman Total engines: 5 Total engines: 9
  12. 12. Signature Updates Sober.P Virus Detection Time May 2, 2005 (GMT) January 2005 Updates No. Updates/Day Time Kaspersky 18.5 Time of Day Hour : Minute Dr. Web 10.7 Kaspersky 0,69375 F-Prot 0,7041667 Sophos 2.7 AVK 0,7055556BitDefender 0,7215278 BitDefender 1.7 Sophos 0,7270833 ClamAV 1.5 Command 0,735 Ikarus F-Secure Antigen Engines 0,7597222 0,7625 AntiVir 1.4 Fortinet 0,7625 F-Secure 1.4VirusBuster 0,7805556 Panda 1.3 Panda 0,7840278eTrust- INO 0,8291667 Ikarus 1.1 AntiVir 0,85 Norman 0,8652778 Symantec 1.1Trend Micro 0,8875 AVG 0,89375 Trend Micro 1.0 Avast 0,8979167 AV-Test.org Feb. 2005 McAfee 0,9013889 eTrust-VET 0,96875 Symantec 1,0263889 Note: the chart (left) represents a single virus AV-Test.org May 2005 outbreak only. It does not represent average response times for the listed antivirus labs.
  13. 13. Distributed Protection SMTP Server Exchange Server Internet A B D C E Exchange ServerInternet A D Internet Scan Job B Real-time Scan Job (SMTP) E (Exchange Store) C
  14. 14. Anti-spam Protection Antigen Spam Manager (ASM) supports Windows-based SMTP gateways and Exchange Server n Integrated with Antigen for SMTP Gateways and Antigen for Exchange n Also deploys stand-alone on Windows SMTP gateway servers Signature-based, frequently updated anti-spam engine n Highly accurate protection against the latest spammer tactics n Works with and complements Exchange Intelligent Message F ite r’ h e u ri cs sp a m d e te cti n a p p ro a ch l s sti o Additional spam filtering options n Real-time block list (RBL) support n Mail-host block and allow lists by sender, domain and IP address
  15. 15. Layered Spam Detection On the same server, Exchange Intelligent Message Filter (IMF) scans before ASM Each applies an Spam Confidence Level (SCL) rating n The higher rating always wins (has more confidence) n Mail that is rejected, deleted or archived by IMF will not make it to ASM  Example: IMF archives SCL 7,8 and 9 IMF SCL of 0-6 IMF ASM Mail Inbox Scan Scan ASM SCL Store set to 9 If SCL is 7,8,9 Archive Junk Folder E-mail
  16. 16. Availability & Control
  17. 17. Performance Bias Settings * Engines used are not always the same. They are dynamically allocated from A C the available pool. B D D Max Certainty: uses all engines (100%) Favor Certainty: uses 75% of available engines* Neutral: uses approximately 50% of available engines* Favor Performance: uses 25% of available engines* Max Performance: uses one engine for every scan*
  18. 18. Performance Bias Settings * Engines used are not always the same. They are A dynamically allocated from the available pool. B Max Certainty: uses all engines (100%) Favor Certainty: uses 75% of available engines* Neutral: uses approx. 50% of available engines* Favor Performance: uses 25% of available engines* Max Performance: uses one engine for every scan*
  19. 19. Scanning Innovations In-memory scanning Multi-threaded scanning EXE EXE 432kb Scanning Memory Process Return to Pool Allocation Available Memory Pool
  20. 20. Worm Removal Designed to purge all messages containing worms n Use Sybari Worm List (wormprge.dat) to purge messages that match a known Worm virus n Create a custom Worm List with a single wildcard ( * ) to help match all malicious code detected n Help provide pre-emptive protection against unknown worms with file filter purge (size, type, extension, etc.) n The user receives nothing, not even a notification Purged messages containing worms should not be quarantined n There is no value in the message n Reduces network bandwidth by removing un-needed messages.
  21. 21. Enhanced Cluster Support Active Node Passive Node Passive Node Active Node Settings Updates Exchange Virtual Server
  22. 22. Central Management Software Deployment Configuration Template Deployment Distributed Quarantine Management Distributed Log File Retrieval SMTP Exchange Servers Servers
  23. 23. Automated Signature Updating www.microsoft.com Internet InternetEngine Partner Updates Antigen Engine Adaptor
  24. 24. Notifications & Reporting
  25. 25. Microsoft Operations Manager IntegrationAntigen Management Pack for MOM 2005 Over 100 Events, Performance Counters, and Services Monitored n Monitors the state of Antigen n Collects statistical data on scanning, detection, and removal of messages and attachments n Polls 5 Antigen Services - Provides timed events to poll systems for critical process health Key Tasks: n Triggers scan engine updates n Centralizes storage and deployment of license files n Imports, exports and deploys setting changes n Initiates and/or schedules manual scan jobs n Starts/Stops control of Antigen services
  26. 26. Secure Content Features
  27. 27. Content Policy Enforcement Filters body content for inappropriateFilters documents based on name match, keywords or phrases wild card, file type or file extension Body Content File name, type
  28. 28. Summary Microsoft provides comprehensive security products for e-mail servers n Multiple Engines n Integrated AV/AS n Availability and performance support n Central Management n Keyword and file filtering Antigen e-mail security products are key elements of any Windows-based SMTP or Exchange server deployment
  29. 29. Next Steps Read whitepapers on Antigen and Advanced Spam Manager n http://www.microsoft.com/antigen n Paste link for launch PressPass article Download evaluation copy of Antigen e-mail security products http://www.microsoft.com/antigen Read about Microsoft Secure Messaging solutions n http://www.microsoft.com/securemessaging

×