Upload
quentin-neal
View
226
Download
4
Embed Size (px)
Citation preview
Understanding Microsoft’s Forefront™ Security Solution For BusinessesSteve LambTechnical Security AdvisorMicrosoft Ltdhttp://blogs.technet.com/steve_lambmailto://[email protected]
Agenda
Strategy
Client Security
Server Applications
Network Edge
Windows Networking Solutions
Microsoft’s Promises To YouEnabling IT Pros & Development Teams across the IT Lifecycle
Providing Access With Security
23 million branch offices WW (IDC, 2006)
3.6 billion mobile users WW by 2010 (Infonetics, 2007)
85% of companies will have WLANs by 2010 (Infonetics, 2006)
Demand for Access
8x increase in phishing sites in past year (AWG, 2006)
One message-based Trojan attack per day in 2006 vs. one per week in 2005 (Message Labs, 2006)
Strong indication of increase in profit-motivated attacks (Multiple sources)
Escalating Threats
The Challenges
Security & Access Solution Requirements
Comprehensive Integrated Simplified
More advanced
More frequent
Profit motivated
Demand for access
Escalating threats
Many access points
Various devices
Intranet/Extranet
Difficult to manage
Multiple security consolesComplex reporting and analysisGranular policy hard to deploy
Fragmented technology
Point products Poor interoperability
Lack of integration
Security And Access OfferingsA comprehensive line of business security products that helps you
gain greater protection and secure access through deep integration and simplified management
Network EdgeServer ApplicationsClient And Server OS
Terminal ServicesScalable Networking Pack
Server & Domain IsolationNetwork Access Protection
Secure Wireless
Windows Networking Solutions
Interoperability
Developer Tools & Guidance
Systems Management
Identity Management
Windows Client and Server Operating Systems
Forefront and the Broader Security Story
Windows Networking Solutions
Client And Server OS
Server Applications Network Edge
Let’s take a closer look at…
Security SummarySecurity Summary
Simplified AdministrationClient And Server OS
Malware Summary
Alerts Summary
Computer Summary
Security State Assessment Summary
FCS Architecture
Let’s take a closer look at…
Integrated Security
Exchange Mailbox Server
Internet
Client MachinesMicrosoft AV
Multi-engineManager
Server Applications
Exchange Mailbox Server
Exchange Front End
Response Time (hours)Forefront
Set 1Forefront
Set 2Forefront
Set 3Vendor A Vendor B Vendor C
Mytob.NQ@mm 1.5 1.0 3.1 9.9 17.4 2.1
Mytob.NQ@mm 1.0 1.0 1.0 28.1 11.6 3.5
Nugache.a 1.0 1.0 1.0 34.1 12.9 48.1
Numuen.F 0.0 0.0 0.0 1.0 10.3 15.0
Numuen.H 1.0 1.0 1.0 103.8 251.9 114.8
Numuen.G 3.2 3.2 3.2 1.0 151.8 469.0
Rbot!E905 0.0 0.0 0.0 1,141.8 217.6 1.0
Bagle.EG 0.0 0.0 0.0 0.0 7.3 0.0
Bagle.EH@mm 0.0 0.0 0.0 0.0 18.4 0.0
Bagle.EG@mm 0.0 0.0 1.0 0.0 26.5 0.0
Bagle.LY@mm 0.0 0.0 0.0 0.0 6.4 2.5
Feebs.gen@mm 0.0 0.0 0.0 0.0 0.0 503.8
Feebs.EU 0.0 0.0 0.0 52.3 173.2 39.0
Virut.A 0.0 0.0 0.0 0.0 0.0 1,317.0
Spybot!04C2 23.0 23.0 1.0 0.0 29.9 39.0
Banwarum.B@mm 12.1 1.8 1.0 116.7 22.5 32.9
Banwarum.C@mm 87.5 87.5 1.0 116.7 73.0 129.3
> 24 hrs
4 to 24 hrs< 4 hrs
1AVTest.org, 2006
Benefit of Multiple Malware Engines1
Let’s take a closer look at…
Comprehensive Security and AccessEnd-point
devicesProtocols Policy Definitions Applications
Edge
Email(Messaging
Servers)
Unmanaged PC(Home PC, Kiosk, etc)
Intranet Apps(Internal Web
Servers)
Work PCs(Remote Desktop)
Internet
Managed PC(corporate owned,
domain-joined)
Files/Documents(Portal or
File Servers)
Exchange ActiveSync
Handhelds
SSL-VPN
IPSec VPN
HTTP/HTTPS
RPC over HTTP
RDP over HTTP
SSL Tunneling
SSL Socket Forwarding
Net
wo
rk A
cces
s P
rote
ctio
nIntelligent Application Gateway 2007
Intelligent Application Gateway Context-Based Access Matrix
Who (Identity)
Where (endpoint)
What
(Ap
plic
ati
on)
Traditional firewall
Traditional firewall
WebSrv/ OWA
WebSrv/ OWA
clientclient
Web server prompts for authentication — any Internet user can
access this prompt
SSLSSL
SSL tunnels through traditional firewalls
because it is encrypted…
…which allows viruses and worms to
pass through undetected…
…and infect internal servers!
ISA Server 2006 with HTTP
Filter
ISA Server 2006 with HTTP
Filter
Basic and Forms authentication delegation
ISA Server pre-authenticates users, with Single Sign-on and
only allows auth’d users – it also issues forms cookies, timeouts,
and Attachment Blocking for OWA
ISA Server HTTP Filter
SSL or HTTP
SSL or HTTP
SSLSSL
ISA Server can decrypt and inspect SSL traffic
and only passes authenticated traffic-no
worms as they are anonymous
inspected traffic can be sent to the internal server re-encrypted or in the
clear.
URLScan for ISA Server
HTTP filter for ISA Server can stop Web attacks at the network edge, even over encrypted inbound SSL
InternetInternet
ISA 2006's Authn Delegation
Let’s take a closer look at...
Windows Networking Solutions- Core infrastructure
Simple NPS Authentication Workflow
User requests access to port
Network device asks user for credentials
Device forwards NPS credentials and connection details
RADIUS evaluates connection details against policy; forwards credentials to Active Directory for authentication
If policy matches, and user is authentic, access allowed
Device allows access
Anti-Virus Security Software Patch
Security Appliance
Network Device
System Integrator
100+ NAP Ecosystem Partners To Date
Security Response Organization
Multiple data sources enabling advanced threat
telemetry
Extensive Data
Dedicated team with automated
analysis and testing
Rigorous Analysis
Tight integration with MSRC and other support
processes
Integrated Response
Global Response and Service
Timely and Accurate Content
Quality
Industry Leading
Detection and Removal
NextGenerationForefront Security Products
Forefront Product RoadmapH1 2007 H2 2007
Client
Server
Edge
2008+
“Microsoft is poised to become the de facto leader in the e-mail security market.”- Gartner—Peter Firstbrook & Arabella Hallwell, Gartner, “Magic Quadrant for E-Mail Security Boundary, 2006”
"Microsoft is one of the few vendors that can truly go end-to-end (cloud-edge-server-client) to make businesses more secure." - Enterprise Strategy Group Eric Ogren, “At the Forefront of Microsoft Security”, InternetNews.com June 15, 2006
Forefront delivers comprehensive, integrated and simplified protection and secure access for businessesNew brand but proven, award-winning productsVisit http://www.microsoft.com/forefront
Learn more about Forefront Download beta/evaluation software
Summary
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this
presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.