microsoft forefront - security for office communications server product overview presentation
DESCRIPTION
TRANSCRIPT
Forefront Security for Office Communications ServerProduct Overview
NameTitle
Microsoft Corporation
Agenda•Corporate IM Security Overview• Forefront Solutions Overview• Introduction to Forefront
Security for Office Communications Server−Features and Benefits−Core protection and
administration capabilities
•Summary
Corporate IM Environment
Compliance is a Primary Concern
Lack of Corporate-wide IM Strategy Corporations choose to “block” or not support IM due to avoid risk or
perceived “timing wasting”, even though employees can easily work around any restrictions
Reliance on consumer IM applications opens organization to risk.
IM can be used to subvert corporate information sharing policies Employees can send and receive confidential or risky documents IM, like e-mail, is subject to electronic discovery in regulated industries
Security Vulnerabilities are Significant IM-based malware and spam continue to grow Few organizations have implemented an enterprise IM platform and
policies Even fewer organizations have implemented IM hygiene solutions
IM
Gartner Group, “Ignoring Instant Messaging at Work Won't Make It Go Away, April 2008
Why Secure Enterprise IM?
Network Security Concerns
Public network IM is unencrypted and easy to intercept Malicious-code attacks via consumer IM services have
been increasing for several years Consumer IM introduces different protocols that can find
ways around enterprise authentication systems
Wide Spread, Unmanaged Use
IM has penetrated over 90% of organizations with consumer-based tools predominant.
In organizations where IM is “not allowed” or “unsupported”, employees consistently use tools like meebo.com to overcome restrictions
Potential Corporate Risk
It is difficult to track what has been sent or received via IM.
Companies need to extend enforcement of information-sharing policies to IM, particularly in regulated industries.
IM can be a potential source of lost of research, analytical data, and other intellectual capital
Garrtner Group, “Ignoring Instant Messaging at Work Won't Make It Go Away, April 2008
Garrtner Group, “Consumer IM Applications Could Put Your Company at Risk”, Sept. 2007
EdgeClient and Server OS Server Applications
What is Microsoft Forefront?Microsoft Forefront is a comprehensive line of business security products providing greater protection and control through integration with your existing IT infrastructure, simplified deployment, management, and analysis.
Microsoft Forefront Security for Office Communications Server provides fast and effective protection against IM-based malware by including multiple scanning engines from industry-leading security partners in a single solution and helps reduce corporate liability by blocking IM messaging containing inappropriate content.
Comprehensive
Protection
IntegratedSecurity
Simplified Management
Integrates multiple antimalware engines Blocks transfer of dangerous file types Prevents sharing of out-of-policy content
Optimizes virus scanning on OCS 2007 Integrates with multiple server roles Protects federated connections and public
IM Built-in administrator console Automated signature updates IM notifications for out-of-policy activity
Protects Internal and External IM
Federated (Trusted) Organization
Internet
Public IM Networks
Access Edge Server Director ServerFront-End Server
Internal UsersRemote Users
Protects OCS 2007 and OCS 2007 R2
• Forefront Security for Office Communications Server harnesses the strengths of multiple antivirus scan engines from Microsoft and industry-leading security partners− All engines are delivered and licensed by Forefront
• Forefront Security for Office Communications Server can all or a subset of its five engines per scanning operation
Harnessing Multiple Scanning Technologies in a Single Solution
Office Communications
Server 2007
A
B
C
E
D
The Multiple Engine AdvantageRapid response to new threatsFail-safe protection through redundancyDiversity of antivirus engines and heuristics
Response time1 (in hours)
WildList Number
MalwareName
FSOCS Engines Vendor A* Vendor B* Vendor C*
10/08 agent_itw69.ex_ 0.00 0.00 226.88 0.0010/08 autorun_itw463.ex_ 0.00 115.62 109.38 126.0810/08 autorun_itw476.ex_ 0.00 152.98 1039.35 570.8210/08 ircbot_itw466.ex_ 0.00 0.00 0.00 696.8810/08 onlinegames_itw593.ex_ 66.48 47.70 115.55 152.4210/08 rbot_itw2666.ex_ 0.00 0.00 0.00 934.8510/08 slenfbot_itw21.ex_ 0.00 0.00 0.00 172.7510/08 vb_itw163.ex_ 0.00 45.17 0.00 0.0010/08 zbot_itw18.ex_ 0.00 1195.55 473.87 463.3211/08 agent_itw75.ex_ 0.00 71.70 45.43 705.3711/08 auraax_itw1.ex_ 0.00 74.73 50.03 61.8711/08 autorun_itw490.ex_ 0.00 0.00 75.23 394.3311/08 bagle_itw199.ex_ 10.52 60.67 561.95 257.6311/08 ircbot_itw470.ex_ 0.00 150.88 336.37 1034.0011/08 krap_itw1.ex_ 0.00 45.80 0.00 154.0711/08 magania_itw13.ex_ 0.00 45.80 67.55 103.8711/08 rbot_itw2668.ex_ 0.00 0.00 0.00 1156.4511/08 sdbot_itw2685.ex_ 0.00 43.48 709.07 1022.7011/08 slenfbot_itw26.ex_ 0.00 75.37 0.00 182.8811/08 slenping_itw3.ex_ 0.00 51.60 0.00 1058.4712/08 agent_itw82.ex_ 0.00 49.58 71.62 35.3212/08 autorun_itw511.ex_ 0.00 78.43 74.92 64.1712/08 ircbot_itw474.ex_ 0.00 176.23 0.00 139.3212/08 koobface_itw9.ex_ 0.00 41.22 0.00 1182.0312/08 sdbot_itw2686.ex_ 0.00 63.07 709.15 1227.4012/08 zbot_itw27.ex_ 0.00 1274.87 1059.32 1215.45
** 0.00 denotes proactive detection
1 Source: AV-Test.org 2008 (www.av-test.org)
Single-engine solutions
= Less than 5 hours
= 5 to 24 hours = More than 24 hours
Help Reduce Corporate Liability• Block dangerous or unwanted files
− By type and extension– blocks files (.exe) that could carry malicious code or (.mp3) that violate corporate policy
− By file name – block dangerous named files before a signature is available.
• Prevent sharing of inappropriate content:− Includes installable word lists in 11 languages to
automatically block messages and file transfers containing profanity and discriminatory content.
− Allows administrators to define keywords to prevent sharing of corporate confidential or unauthorized information.
Forefront Administrator• Provides local and remote management and
configuration of:− Scan Jobs− Content Filters− Updates− Incidents− Statistics− Quarantine
• Automates updates for allincluded scanengines− No administrator action required
Notify Users of IM Policies
• Automatically notify users when they attempt to share malware, unwanted file types, or out-of-policy keywords.
• Can be configured separately for internal and external users− IM admin receives e-mail
notification− Sender (and recipient if
desired) receive IM communication User IM Notification
Summary
• Organizations need to manage and secure enterprise IM
• Forefront Security for Office Communications Server − Provides fast and effective protection
against IM-based malware− Helps reduce corporate liability by
preventing inappropriate content from being shared in IM
− Simplifies management with easy-to-use administrator console, automated updates and notifications on out-of-policy conduct.
Next Steps
• Read more about Forefront Security for Office Communications Server− http://www.microsoft.com/forefront/serversecurit
y/ocs/default.mspx
• Download the trial software− http://technet.microsoft.com/evalcenter/cc50900
1.aspx
• View the webcast− http://msevents.microsoft.com/CUI/EventDetail.a
spx?EventID=1032377127&Culture=en-US
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.