microsoft forefront - secure messaging & online protection for exchange overview presentation
DESCRIPTION
TRANSCRIPT
NameTitleGroupMicrosoft Corporation
Secure Messaging & Forefront Online Protection for Exchange Overview
Business Ready SecurityHelp securely enable business by managing risk and empowering people
Protect everywhere,access anywhere
Simplify the security experience,
manage compliance
Blockfrom:
Enable
Cost Value
Siloed Seamless
to:
Integrate and extendsecurity across the
enterprise
Highly Secure & Interoperable Platform
Identity
Agenda
Secure Messaging Challenges The Microsoft Solution
Strategy for Messaging Security Online Protection On-Premises Protection Hybrid Protection
*2005 Electronic Monitoring & Surveillance Survey from American Management Association (AMA) and the ePolicy Institute
Control: Increasing regulations and compliance
• Varying levels of compliance across organization• Concern for loss of sensitive information• Need to restrict inappropriate content
Threats: Security threats continue to grow
• Spam, viruses and phishing still plague users• Network attacks still prevalent
• Need uninterrupted access to e-mail, IM and team sites• Mobile and remote access are critical for productivity• Security measures sometimes add hassle
Access: Growing Mobility
Messaging and Collaboration Security Challenges
Challenges Responses
Access
Microsoft Identity & Security Solutions
Strategy for Securing Messaging and Collaboration Systems
Control
Protect
Publish
Policy
Stop malicious software and spam from entering into the messaging environment
Provide secure access to users outside the corporate network from managed and unmanaged endpoints
Establish policies that determine secure remote access to users, partners, and customers depending on their role
Understand the health and security status of your entire environment in real-time and report on key trends.
Prevent Prevent leakage of confidential information in e-mail, documents and IM conversations internally and externally
Provision Quickly provision and de-provision user accounts and synchronize across the environment.
Manage
Threats
Gartner Magic Quadrant for Secure E-Mail Gateways
This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Microsoft.
The Gartner Magic Quadrant is copyrighted by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
-- Gartner, Inc. Magic Quadrant for Secure E-Mail Gateways, Peter Firstbrook, Eric Ouellet, April 27, 2010.
Online Protection Solutions
Edge
Blo
ckin
g
Forefront Online Protection for Exchange
End User Quarantine
AdministratorConsole
Corporate Network
MessagingAdministrator
Employees
Inbound FilteredE-mail
About 90% ofE-mail is junk
Outbound Filtered E-mail
Also incorporates technology from…
External Senders/ Recipients
Exchange Server
Anti-spam
Antivirus
Policy
Disaster Recovery
* Encryption
* Requires additional Exchange Hosted Encryption License
Active DirectoryFOPE Directory
Synchronization Tool
Multilayer spam and virus protection and policy enforcement
LegitimateE-mail
Junk E-mail
Rapid E-mail Delivery(Average delivery commitment
of less than 1 minute)
Network Uptime> 99.999%
FOPE SLAs
FOPE provides a comprehensive set of SLAs covering network performance and spam and virus filtering effectiveness
Each SLA is backed by a financial commitment from Microsoft
100%Known VirusProtection
> 98%Spam
Detection
< 1:250,000False Positive
Ratio
Filtering Network Performance
Spam and VirusFiltering Effectiveness
Terms and conditions apply. Please visit the Admin Center Resource Center at http://admin.global.frontbridge.comYou may have to login to the system to view the service level agreement. Please contact your reseller or Microsoft Account Manager if you wish to view these prior to signing up for the service.
FOPE Datacenters
Singapore140 Hosts
Texas200 Hosts
Virginia220 Hosts
WashingtonBackup, Utility
CaliforniaUtility
NOT Geo-proximityMail latency: seconds, not milliseconds
Dublin191 Hosts Amsterdam
191 Hosts
mail.messaging.microsoft.com
12/29/2004 2/2/2006 3/9/2007 4/12/2008 5/17/20090
1,000,000,000
2,000,000,000
3,000,000,000
4,000,000,000
5,000,000,000
6,000,000,000
RecipientsPost-EdgeDelivery
Disaster Capacity
Design goal: 7.5Bil, with one DC out
5 Billion
0.5 Billion
Additional safety and availability with multiple copies
Every server caches every customer’s settings No DC relies on another to process mail
Customer Config
BackupDB
Customer Config
PrimaryDB
Each Datacenter
Each Filtering Server
Config
Each Filtering Server
Config
Each Filtering Server
ConfigAdmin Center
Proactive health checking
Pushback Servers automatically leave rotation if they are having
trouble meeting SLA Invisible to customer – different from Exchange
“backpressure” Central “Brain” prevents the entire service from going
out of rotation at once
I
N
T
E
R
N
E
T
Outbound Risk Mitigation to protect your company’s email reputation
Customer’sMail Server
Non-CustomerMail Server
OutboundDelivery Pool
Higher-RiskDelivery Pool
On-Premises Protection Solutions
Forefront server security solutions help businesses protect their messaging and collaboration servers against viruses, worms, spam and inappropriate content.
Comprehensive Protection
Multiple scan engines at multiple layers throughout the corporate infrastructure provide maximum protection against e-mail and collaboration threats
Tight integration with Microsoft Exchange, SharePoint and Office Communications Servers maximizes availability and performance
Optimized Performance
Simplified Management
Easy-to-use management console provides central configuration and operation, automated scan engine signature updates and reporting at the server and enterprise level
Mailbox
Unified Messaging
Edge Transport Hub Transport
Enterprise Network
Routing Hygiene Routing Policy
Voice MessagingFax
PBX or VoIP
Public Folders
Applications:OWA
Protocols:ActiveSync, POP,
IMAP, RPC / HTTP …
Programmability:Web services,
Web parts
Other SMTPServers
Protecting Exchange Environments
Internet
ClientAccess
Multiple Engine Management
Deploy single solution using multiple integrated technologies All engines included in base cost Up to 5 engines can be run simultaneously on any scan job
Messaging and Collaboration Servers
A
B
C
E
D
Rapid response to new threats
Fail-safe protection through redundancy
Diversity of antivirus engines and heuristics
Response time1 (in hours)
WildList Number
MalwareName
Forefront Engines Vendor A Vendor B Vendor C
04/09 agent_itw106.ex_ 0.00 0.00 0.00 0.0004/09 autorun_itw625.ex_ 0.00 182.08 234.08 913.4004/09 autorun_itw639.ex_ 0.00 0.00 0.00 12.4204/09 buzus_itw9.ex_ 0.00 33.38 11.47 6.6204/09 conficker_itw18.dl_ 0.00 0.00 0.00 0.0004/09 koobface_itw32.ex_ 65.02 120.27 0.00 686.3204/09 onlinegames_itw654.ex_ 0.00 93.98 24.48 16.4704/09 prolaco_itw6.ex_ 0.00 93.85 17.97 138.8204/09 pushbot_itw15.ex_ 0.00 0.00 0.00 0.0005/09 autorun_itw677.ex_ 0.00 0.00 315.72 224.4505/09 bagle_itw137.ex_ 0.00 0.00 0.00 0.0005/09 ircbot_itw513.ex_ 0.00 48.07 0.00 77.4505/09 koobface_itw34.ex_ 0.00 54.58 175.00 683.6005/09 magania_itw66.ex_ 0.00 0.00 0.00 0.0005/09 onlinegames_itw699.ex_ 44.55 56.97 105.27 37.0305/09 snifula_itw2.ex_ 0.00 322.27 0.00 424.0505/09 zbot_itw57.ex_ 0.00 0.00 0.00 0.0006/09 agent_itw130.ex_ 0.00 50.08 30.97 0.1306/09 autorun_itw685.ex_ 3.05 160.63 183.52 848.6306/09 autorun_itw689.ex_ 0.00 52.65 225.37 15.3306/09 bagle_itw218.ex_ 0.00 0.00 54.82 788.9006/09 ircbot_itw524.ex_ 0.00 54.20 0.00 0.0006/09 koobface_itw71.ex_ 0.00 60.62 49.20 758.3506/09 magania_itw81.ex_ 0.00 0.00 0.00 16.3806/09 magania_itw82.ex_ 0.00 0.00 0.00 0.0006/09 magania_itw93.ex_ 0.00 32.48 8.27 235.2506/09 zbot_itw58.ex_ 0.00 0.00 0.00 36.58
** 0.00 denotes proactive detection1 Source: AV-Test.org 2009 (www.av-test.org)
Single-engine solutions
Less than 5 hours
The Multiple Engine Advantage
5 to 24 hours
More than 24 hours
File Filtering
Filter by name, direction, type, or size Wildcards supported, e.g., “*resume*.doc” <in>*.exe, <out>*.doc
Filters can be combinations of size, name, type & direction <in>photo1.jpg>10mb, <out>*.mp3>5mb, <in>*>10mb
Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM and BAT (match files blocked by Outlook)
Actions Skip: Detect only
logs the event but does not block Delete: Remove contents
removes the attachment only and replaces with the customized deletion text
Purge: Eliminate messagedeletes both the attachment and the message body
Filter Rules: Delete *.exeQuarantine
Container file before scan
EXE DOC
JPGBMP
Container file after scan
TXT DOC
JPGBMP
Custom deletion text
Quarantine
EXE
Zip File Behavior
Forefront scans within ZIP and other compressed formats (up to 5 deep) and deletes only the offending file.
Keyword Filtering
Filters message body and subject based on content criteria Filter lists can enable search for words, phrases, and sentences
with basic lexicon Includes pre-populated lists in 11 languages to scan for
Profanity Discriminatory words
Connection Filtering
SMTP Filtering
Content Filtering
Mailbox / Store
User Inbox
User Junk E-mail Folder
Administrator Quarantine
Forefront Anti-spam Flow
Connection filtering
Protocol filtering
Content filtering
Incoming Internet
E-mail1
2
3
1
2
3
Hybrid Messaging Protection(Online and On-Premises)
Antivirus and anti-spam protection for Exchange Server 2007 Server Roles
On-Premise SoftwareOnline
Anti Malware Anti Spam Management
Forefront Online Protection for Exchange
• Symantec• Authentium• Kaspersky
• Inbound Messaging Hygiene• Stop Foreign Spam• Outbound Spam Mitigation
• Anti Spam Feedback Loop• Message Tracing• IT Admin Improvements
Forefront Protection 2010 for Exchange Server
• MS AV + AntiSpyware• Kaspersky• Authentium• Virus Buster• Norman
• Internal mail filtering• Industry-leading 3rd party content
filtering
• Forefront Server Security Management Console
Hybrid Messaging Security
Edge Role Hub Role Mailbox Role
Internet SMTP
Firewall Exchange Server
Active Protection
Stops junk e-mail and malware before they reach your network Provides always-available e-mail with user-based Quarantine Meets most compliance requirements
High-availability global network backed by SLAs Secure operations process that meets audit standards Reduces complexity of IT environment
Enterprise-Class Reliability
Reduced Cost of Administration
Quickly activates with simple MX record change Saves time on anti-spam management; frees up resources Deployed quickly without additional Capital Expenditures
Hybrid Anti-Spam Benefits
Hybrid Anti-Spam Monitoring
Incidents JetBlue database with aggregated statistics Quarantine database
Agent Log Used for all FPE Premium anti-spam agents Compatible with Exchange agent log schema
Performance counters Messages Per spam Confidence Levels (SCLs) Total Messages sent to Quarantine, Deleted, Rejected Aggregated in SCOM pack
Reports (aggregated statistics) Hit Rate for DNSBL with granularity to action Top spam sender domain Top spam-sending IP Top targeted domain Top targeted recipient
Unified and Comprehensive
Covers functions needed to optimize your infrastructure: operating systems, virtualization, management, security, identity and access
Spans the breadth of your infrastructure: desktop, server, mobile devices, application platform, and security
Our products have always worked well together Compliant with industry standards by design
Interoperable by Design
Trusted and Familiar
Reduces IT Support and end user training costs Maximizes productivity
Microsoft is Your Technology Partner
Appendix