Forefront Security for Office Communications ServerProduct Overview

NameTitle

Microsoft Corporation

Agenda•Corporate IM Security Overview• Forefront Solutions Overview• Introduction to Forefront

Security for Office Communications Server−Features and Benefits−Core protection and

administration capabilities

•Summary

Corporate IM Environment

Compliance is a Primary Concern

Lack of Corporate-wide IM Strategy Corporations choose to “block” or not support IM due to avoid risk or

perceived “timing wasting”, even though employees can easily work around any restrictions

Reliance on consumer IM applications opens organization to risk.

IM can be used to subvert corporate information sharing policies Employees can send and receive confidential or risky documents IM, like e-mail, is subject to electronic discovery in regulated industries

Security Vulnerabilities are Significant IM-based malware and spam continue to grow Few organizations have implemented an enterprise IM platform and

policies Even fewer organizations have implemented IM hygiene solutions

IM

Gartner Group, “Ignoring Instant Messaging at Work Won't Make It Go Away, April 2008

Why Secure Enterprise IM?

Network Security Concerns

Public network IM is unencrypted and easy to intercept Malicious-code attacks via consumer IM services have

been increasing for several years Consumer IM introduces different protocols that can find

ways around enterprise authentication systems

Wide Spread, Unmanaged Use

IM has penetrated over 90% of organizations with consumer-based tools predominant.

In organizations where IM is “not allowed” or “unsupported”, employees consistently use tools like meebo.com to overcome restrictions

Potential Corporate Risk

It is difficult to track what has been sent or received via IM.

Companies need to extend enforcement of information-sharing policies to IM, particularly in regulated industries.

IM can be a potential source of lost of research, analytical data, and other intellectual capital

Garrtner Group, “Ignoring Instant Messaging at Work Won't Make It Go Away, April 2008

Garrtner Group, “Consumer IM Applications Could Put Your Company at Risk”, Sept. 2007

EdgeClient and Server OS Server Applications

What is Microsoft Forefront?Microsoft Forefront is a comprehensive line of business security products providing greater protection and control through integration with your existing IT infrastructure, simplified deployment, management, and analysis.

Microsoft Forefront Security for Office Communications Server provides fast and effective protection against IM-based malware by including multiple scanning engines from industry-leading security partners in a single solution and helps reduce corporate liability by blocking IM messaging containing inappropriate content.

Comprehensive

Protection

IntegratedSecurity

Simplified Management

Integrates multiple antimalware engines Blocks transfer of dangerous file types Prevents sharing of out-of-policy content

Optimizes virus scanning on OCS 2007 Integrates with multiple server roles Protects federated connections and public

IM Built-in administrator console Automated signature updates IM notifications for out-of-policy activity

Protects Internal and External IM

Federated (Trusted) Organization

Internet

Public IM Networks

Access Edge Server Director ServerFront-End Server

Internal UsersRemote Users

Protects OCS 2007 and OCS 2007 R2

• Forefront Security for Office Communications Server harnesses the strengths of multiple antivirus scan engines from Microsoft and industry-leading security partners− All engines are delivered and licensed by Forefront

• Forefront Security for Office Communications Server can all or a subset of its five engines per scanning operation

Harnessing Multiple Scanning Technologies in a Single Solution

Office Communications

Server 2007

A

B

C

E

D

The Multiple Engine AdvantageRapid response to new threatsFail-safe protection through redundancyDiversity of antivirus engines and heuristics

Response time1 (in hours)

WildList Number

MalwareName

FSOCS Engines Vendor A* Vendor B* Vendor C*

10/08 agent_itw69.ex_ 0.00 0.00 226.88 0.0010/08 autorun_itw463.ex_ 0.00 115.62 109.38 126.0810/08 autorun_itw476.ex_ 0.00 152.98 1039.35 570.8210/08 ircbot_itw466.ex_ 0.00 0.00 0.00 696.8810/08 onlinegames_itw593.ex_ 66.48 47.70 115.55 152.4210/08 rbot_itw2666.ex_ 0.00 0.00 0.00 934.8510/08 slenfbot_itw21.ex_ 0.00 0.00 0.00 172.7510/08 vb_itw163.ex_ 0.00 45.17 0.00 0.0010/08 zbot_itw18.ex_ 0.00 1195.55 473.87 463.3211/08 agent_itw75.ex_ 0.00 71.70 45.43 705.3711/08 auraax_itw1.ex_ 0.00 74.73 50.03 61.8711/08 autorun_itw490.ex_ 0.00 0.00 75.23 394.3311/08 bagle_itw199.ex_ 10.52 60.67 561.95 257.6311/08 ircbot_itw470.ex_ 0.00 150.88 336.37 1034.0011/08 krap_itw1.ex_ 0.00 45.80 0.00 154.0711/08 magania_itw13.ex_ 0.00 45.80 67.55 103.8711/08 rbot_itw2668.ex_ 0.00 0.00 0.00 1156.4511/08 sdbot_itw2685.ex_ 0.00 43.48 709.07 1022.7011/08 slenfbot_itw26.ex_ 0.00 75.37 0.00 182.8811/08 slenping_itw3.ex_ 0.00 51.60 0.00 1058.4712/08 agent_itw82.ex_ 0.00 49.58 71.62 35.3212/08 autorun_itw511.ex_ 0.00 78.43 74.92 64.1712/08 ircbot_itw474.ex_ 0.00 176.23 0.00 139.3212/08 koobface_itw9.ex_ 0.00 41.22 0.00 1182.0312/08 sdbot_itw2686.ex_ 0.00 63.07 709.15 1227.4012/08 zbot_itw27.ex_ 0.00 1274.87 1059.32 1215.45

** 0.00 denotes proactive detection

1 Source: AV-Test.org 2008 (www.av-test.org)

Single-engine solutions

= Less than 5 hours

= 5 to 24 hours = More than 24 hours

Help Reduce Corporate Liability• Block dangerous or unwanted files

− By type and extension– blocks files (.exe) that could carry malicious code or (.mp3) that violate corporate policy

− By file name – block dangerous named files before a signature is available.

• Prevent sharing of inappropriate content:− Includes installable word lists in 11 languages to

automatically block messages and file transfers containing profanity and discriminatory content.

− Allows administrators to define keywords to prevent sharing of corporate confidential or unauthorized information.

Forefront Administrator• Provides local and remote management and

configuration of:− Scan Jobs− Content Filters− Updates− Incidents− Statistics− Quarantine

• Automates updates for allincluded scanengines− No administrator action required

Notify Users of IM Policies

• Automatically notify users when they attempt to share malware, unwanted file types, or out-of-policy keywords.

• Can be configured separately for internal and external users− IM admin receives e-mail

notification− Sender (and recipient if

desired) receive IM communication User IM Notification

Summary

• Organizations need to manage and secure enterprise IM

• Forefront Security for Office Communications Server − Provides fast and effective protection

against IM-based malware− Helps reduce corporate liability by

preventing inappropriate content from being shared in IM

− Simplifies management with easy-to-use administrator console, automated updates and notifications on out-of-policy conduct.

Next Steps

• Read more about Forefront Security for Office Communications Server− http://www.microsoft.com/forefront/serversecurit

y/ocs/default.mspx

• Download the trial software− http://technet.microsoft.com/evalcenter/cc50900

1.aspx

• View the webcast− http://msevents.microsoft.com/CUI/EventDetail.a

spx?EventID=1032377127&Culture=en-US

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.