sim334. internet comprehensive protection multi-engine antivirus and multi layered continuously...
TRANSCRIPT
Microsoft Forefront Online Protection for Exchange Deep Dive
Conor MorrisonSenior Program ManagerMicrosoft
SIM334
Agenda and Session Objectives
AgendaMicrosoft® Forefront™ Online Protection for Exchange (FOPE) OverviewFOPE Support and Service Level Agreements (SLAs)FOPE ArchitectureManaging FOPE in your Organization – Best Practices
Session ObjectivesUnderstand in detail what happens to mail as it passes through FOPEUnderstand some best practices for using FOPEUnderstand the benefits and best practices for integrating Forefront Protection for Exchange and FOPE
Email Protection
More than 95% of email is spamObnoxious and time wasting at bestDangerous and criminal at worstThe remaining 5% can be business critical
Mail protection is a must-haveIf your protection solution dies, you can’t reach your customers – and they can’t reach you
Internet
Comprehensive Protection
•Multi-Engine Antivirus and Multi layered continuously evolving Anti-spam
• In the Leader’s quadrant in the 2010 Gartner MQ for Secure Email Gateways
Enterprise Class Reliability
•Scales to meet the needs of virtually any enterprise via globally load-balanced datacenters
•Helps ensure that no email is lost or bounced with automatic spooling
• ISO 27001 certified
•24x7 phone support; Free 90 day IPM support for >1000 seats
Reduced Costs
•Saves time on anti-spam management, freeing up network and server resources
•Saves costly bandwidth by delivering only clean mail to your corporate network
•Reduces up-front capital investment via a predictable, subscription-based payment
Financially backed SLAs
•Filtering Accuracy• 100% Known Virus Protection• 98% Spam Email Detection• <1 in 250,000 Emails False Positive Ratio
•Filtering Network Performance• 99.999% Network Uptime• Rapid Email Delivery (Average delivery commitment of less than 1 minute)
Why FOPE for Email Protection?
5
FOPE is the largest commercial Online
service at Microsoft with >8M deployed seats
Customer Testimonials
Clifford Chance – one of the largest law firms in the world saw a 59% reduction in infrastructure costs; 20–30 mail gateways down to 4
Johnstons of Elgin – stopping over one million messages a day and reducing bandwidth by 1.5 gigabytes (GBs)
Edinburgh Napier University – 93% reduction in administration burden; 85% spam reduction over the previous solution
International Speedway Corporation – Reduced spam incidents by 25% and avoided costs of more than $120,000
Sunbelt Rentals – reduced help-desk calls, saved IT management time, improved productivity, and reduced costs over the previous solution
FOPE Core Product Capabilities• Connection Analysis (IP-based edge blocks)• Reputation Analysis and ProtectionConnection Filtering
• Load balanced delivery with multi-SMTP Profiles• Control over routing and transport level security using new FOPE
Connectors
Connection Management and
Routing
• Protect businesses from receiving and sending email–borne viruses• Multiple engine support• Heuristics support
AntiVirus
• Detect and act on spam before it reaches the corporate network• NDR Backscatter Support• Outbound spam detection and mitigation
Anti-Spam
• Custom policy rules to regulate email flow based on business need• Policy-based encryption (for EHE subscribers)• RegEx pattern matching and custom dictionary support
Policy
FOPE Support
Four Tiers of support: Tier 1 – responding directly to calls, web requestsTier 2 – for escalations or requests that require more privilegeTier 3 (Operations) – for troubleshooting potential production and infrastructure issuesTier 4 (Engineering Team) – for troubleshooting potential code issues
Response within 24 hours, if not soonerAvailable via phone and Web submission
Get Help Now link from the FOPE Administration CenterTranslation services available
Onboarding support include Implementation Project Manager for new customers with 1000 or more seats.
FOPE Service Level Agreement (SLAs)
Actual Performance99.999%+ network uptime5–15 seconds delivery
Rapid Email Delivery(Average delivery commitment
of less than 1 minute for 95th percentile)
Network Uptime> 99.999%
100%Known VirusProtection
> 98%Spam
Detection
< 1:250,000False Positive Ratio
Filtering Network Performance
Spam and VirusFiltering Effectiveness
Actual Performance vs. SLASpam effectiveness: >99% of spam caughtAround 1 in 480,000 false positives
Truly Shared Architecture
No PODs, no segmentation, no clustersLots of copies and clear logic/data separationSpam attack versus one customer?
Every FOPE server is at your service
Network geo-diversityWhole data center (DC) having problems?
Capacity to handle historical peak traffic with major DC out. Take DC ‘offline’, no service impactRegular mail flow is not interrupted
Mail.messaging.microsoft.com
FOPEDatacenters
Internet
Health Checking and Proactive Load Balancing
System Center Operations Manager is used throughout the serviceCustom ‘heatmap’ shows up to the minute status at a glance across all machines Alerting and datacenter automation tools used to resolve issues ahead of customer impact
Pushback application load balancingServers can request to be taken ‘offline’ if they are having issuesEffectively enables application-level load balancing transparently to the customer
Avoids FOPE Exchange Edge ever going in to ‘backpressure’.
Central “brain” uses global data to accept or deny requestsPrevents the entire service from going out of rotation at once
FOPE Architecture – Inbound Mailflow
SPAM preventionSPAM Protection
Safe senders
SpamPrevention
If server down, email queued for up to 5
days
Email enters the global data center network – MX
(mail.messaging.microsoft.com)
DirectoryServices
IP-based edge blocks
Look up email filtering settings for domain
Virus Scanning
Kaspersky
Symantec
Authentium
Policy Enforcement
Custom Policy Rules
Attachment and message attribute
management
Additional Spam Filter management
Rules Based Scoring
Fingerprint Engines
Content and Policy Quarantine
SPAM QuarantineSPAMSPAM
SPAM
Delivered in a flow-controlled fashion
when server is available
Queue
Corporate Network
Spam Analysts
Customer Feedback
False +ve / -ve
Envelope blocks
SMTP Reject: 55x
Connector settings
Sync
FOPE Architecture – Outbound Mailflow
Look up email filtering settings for domain
Virus Scanning
Kaspersky
Symantec
Authentium
Policy Enforcement
Custom Policy Rules
Attachment and message attribute
management
SPAM Protection
Custom Spam Filter management
Rules Based Scoring
Fingerprint Engine
Content and Policy Quarantine
Corporate Network
High Risk Delivery Pool
Score >= 30
Outbound Pool
Score < 30Safe senders
Spam Analysts
Internet
Encryption*
SPF
Additional Spam Options
Enable Additional Spam Filtering Options to:Increase a message’s spam scoreMark as spam
RecommendedImages from remote sitesNumeric IP in URLEmpty messages
False Positives
“No False Positives” a deep part of FOPE team cultureRigorously evaluate all designs for false positive risk
“Not Junk” button in spam quarantine~6,500 confirmed false positive submissions/week
Junk Email Reporting Add-in for Microsoft OutlookSelf-serve tools for customers
Per-customer IP Block List ExceptionsExchange/Outlook SafeSender support
Policy Filtering
Create custom “Policy Rules” that automatically take action on mail based on Admin-defined triggersActions include Reject, Allow, Inbound Quarantine, Force TLS, Redirect, Deliver with Bcc, and Test
Encrypt and decrypt are available for Exchange Hosted Encryption subscribers
Triggers can include header, sender, recipient, attachment, keywords, phrases, etc.
Block EXE, PIF, SCR and VBS extensions.Block ‘executable content’ as attachments (regardless of extension type)
Basic and Regular expressions support Best Practice: Check for outbound PCI/PII and inbound phishing attempt
Custom dictionaries
Advanced Reporting
Access reporting data from your FOPE serviceCreate and view reports in the Admin Center4 Available Reports:
Email Traffic ReportTop Viruses ReportDeferral ReportTop Users Report
Enable scheduled report delivery: emails the report on a one time, weekly, or monthly basis
Near Real-Time Message Trace
Search for specific messages using the following criteria:SenderRecipientDateMessage ID
Results will tell you If and when the message was received by FOPEWhether the message was scanned, blocked, or deletedWhether the message was delivered successfully
Hybrid Messaging Protection: FOPE + FPE
Antivirus and anti-spam protection for Exchange Server 2010/2007 Server Roles
On-Premises SoftwareOnline
Anti Malware Anti-spam Management
Forefront Online Protection for Exchange
• Symantec• Authentium• Kaspersky
• Inbound Messaging Hygiene• Stop Foreign Spam• Outbound Spam Mitigation
• Anti-spam Feedback Loop• Message Tracing• IT Admin Improvements
Forefront Protection 2010 for Exchange Server
• MS AV + AntiSpyware• Kaspersky• Authentium• Virus Buster• Norman
• Internal mail filtering• Industry-leading 3rd party content filtering
• Forefront Protection Server Management Console
SMTP
Exchange Server
Edge Role Hub Role Mailbox Role
Internet
FPE Sync to FOPE
Sync DNSBLSync safelistSync blocklistQuarantine in service or on premise
And more with FPSMC
FOPE Connectors: Flexibility and control in mail routing
Route outbound email through on-premises servers or DLP appliancesForce TLS for secure B2B communicationBypass spam filters for trusted partnersAnd much, much more…
Outbound smart host
DLP appliance
Forced TLS
Inbound safe listingnwtraders.com
litware.com
contoso.com
External recipients
Best Practices
Apply strong password policy for user login to Admin CenterUse Directory Sync to upload your valid recipientsUse Quarantine for Spam and Policy
Use ‘Not Junk’ in quarantine to report false positives
Use Junk e-mail reporting plugin for outlookUse ‘Additional Spam Filters’ to tighten up checks for spam.
Opt in to NDR backscatter blocking
Configure policy filter for:Extensions: EXE, PIF, SCR, VBSCheck for outbound PCI / PII and inbound phishing attempts
Use FOPE for OutboundConfigure your SPF record
Use Message Trace to troubleshoot mail issuesSynchronize FPE settings with FOPE
Takeaways
FOPE service provides leading protection against mail threats and is backed by industry-leading support and SLAFOPE Architecture is built to scale and maintain high reliabilityResearch and apply best practices to further improve protectionFOPE + FPE provides great defense in depth and can be configured to keep settings in sync
Additional Resources
Related SessionsSIM331 Microsoft Forefront Online Protection for Exchange and Microsoft Office 365: Better Together! SIM 333 Centralized Management of Anti-Malware/Anti-Spam Using Microsoft Forefront Protection Server Management Console
LinksForefront Site: http://www.microsoft.com/forefront/ Forefront on TechNet Library: http://technet.microsoft.com/en-us/library/ff684056.aspx Forefront Videos on TechNet Edge: http://technet.microsoft.com/en-us/edge/ff832960.aspx?category=Forefront
Track Resources
Don’t forget to visit the Cloud Power area within the TLC (Blue Section) to see product demos and speak with experts about the Server & Cloud Platform solutions that help drive your business forward.
You can also find the latest information about our products at the following links:
Windows Azure - http://www.microsoft.com/windowsazure/
Microsoft System Center - http://www.microsoft.com/systemcenter/
Microsoft Forefront - http://www.microsoft.com/forefront/
Windows Server - http://www.microsoft.com/windowsserver/
Cloud Power - http://www.microsoft.com/cloud/
Private Cloud - http://www.microsoft.com/privatecloud/
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
http://northamerica.msteched.com
Connect. Share. Discuss.
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.