; Forefront Overview
Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Forefront Overview

VIEWS: 28 PAGES: 25

  • pg 1
									        Craig Duckering
    Security Solution Specialist
North Central & South Central Areas
       Microsoft Corporation
A comprehensive line of business security
  products that helps you gain greater
 protection through deep integration and
         simplified management
Unified malware protection for business desktops, laptops and
server operating systems that is easier to manage and control

                              One solution for spyware and virus protection
                              Built on protection technology used by millions worldwide
                              Effective threat response
                              Complements other Microsoft security products



                              One console for simplified security administration
                              Define one policy to manage client protection agent settings
                              Deploy signatures and software faster
                              Integrates with your existing infrastructure




                              One dashboard for visibility into threats and vulnerabilities
                              View insightful reports
                              Stay informed with state assessment scans and security alerts
                            Summary Report
                   •   Key information on security state for
                       taking action against threats,
                   •   Snapshot of the top trends and issues in
                       the environment.
                   •   Launch point for other reports, allowing
                       the administrator to drill down into
                       details as much as needed.
                   •   Ability to review:
                        •   Deployment Status: How many machines
                            are up to date or not up to date with the
                            latest signatures
                        •   Top issues and issue history: Categorized
                            by type along with history of issues
                        •   Top Threats and threat history: Types of
                            threats, their severity and how many
                            machines a specific threat has affected.
                        •   Top alerts and alert history: Key alerts
                            impacting environment
Security Summary
                        •   Top vulnerabilities and vulnerability
                            history: Through state assessment scans
Security State Assessment

  Scanning based on security check definitions and scheduled via policy
  or invoked on-demand
  Security checks
     Detect missing security updates based on Microsoft Update
     Compare system configuration against security best practices
        Examine data from registry, file system, WMI, IIS metabase, SQL server, etc.

  A “Score” and “Severity” is given for each check:
     Score Value – level of risk associated with security issues
     Severity Value – provided by the Microsoft Security Response Center for
     Security Updates

  Reporting enables drilldown into specific security issues
     Scan results are collected from managed clients
     Used to show vulnerability exposure and overall risk

  Extensible with new checks – e.g. Windows Firewall
  “Is my environment
compliant with security
    best practices?”




   “Has my level of
vulnerability exposure
 changed over time?”




 “What portion of my
environment is at high
       risk?”
                                                        Secure Messaging

Microsoft® Forefront™ Security for Exchange Server includes multiple scan
engines from industry-leading security firms, integrated in a single solution
to help businesses protect their Exchange messaging environments from
viruses, worms, and spam.


                         Multiple industry-leading AV engines
 Comprehensive
                         Multi-layered protection across Exchange 2007
   Protection             roles
                         Premium anti-spam protection and file filtering

                         Deep integration with Exchange Server
    Optimized            Scanning innovations & performance controls
   Performance           Continuous scanning during engine updates

                         Administration console for easy setup and
     Simplified           management
    Management           Automated signature updates
                         Centralized reporting, notifications and alerts
Anti-Virus Approaches

             Internet

             Viruses                           Problem
             Worms                             Single Point of Failure
              Spam

    ISA                          SMTP
   Server
             A           A       Server



        A                                                 Single Vendor
                     A               A
                                                          Single Engine
  Exchange           Exchange     SharePoint

                         A


                 A           A
Anti-Virus Approaches

             Internet

             Viruses                           Problem
             Worms                             Management/Cost
              Spam

    ISA                          SMTP
   Server
             A         B         Server



        C                                                Multi-vendor
                     D               E
                                                         Multi-engine
  Exchange           Exchange     SharePoint

                         A

                 B           C
Harnessing the Power of Multiple Scan Engines

 Forefront Server Security     Each scan job in a Forefront
 products integrate and ship   Server Security product can
 with industry-leading         run up to five engines
 antivirus scan engines from   simultaneously




                                       Internal Messaging and
                                        Collaboration Servers




                                   A     B        C         D   E
The Multiple Engine Advantage
                                                                       Response time1 (in hours)
                                                              The Microsoft            Other single-engine
                                                         multiple-engine solution           solutions
Rapid response to         WildList       Malware         Forefront Forefront Forefront
                                                                                       Vendor A* Vendor B* Vendor C*
                          Number          Name             Set 1     Set 2     Set 3
new threats               04/2007    feebs_itw78.ex_          0.00      0.00         0.00      0.00      0.00      0.00
Fail-safe                 04/2007
                          04/2007
                                     ircbot_itw104.ex_
                                     looked_itw96.ex_
                                                              0.00
                                                              0.00
                                                                        0.00
                                                                        0.00
                                                                                     0.00
                                                                                     0.00
                                                                                               0.00
                                                                                               0.00
                                                                                                      1721.77
                                                                                                         0.00
                                                                                                                   0.00
                                                                                                                   0.00
protection                04/2007    poebot_itw52.ex_         0.00      0.00         0.00      0.00    565.78     33.95
                          04/2007    rbot_itw2230.ex_       146.93    232.13       146.93    161.72    255.90    181.52
through                   04/2007    rbot_itw2289.ex_       162.54      1.00       162.54    172.35     29.72     18.40
redundancy                04/2007    sdbot_itw2086.ex_        0.00      0.00         0.00   1463.53    655.90   1432.90
                          04/2007    sober_aa.ex_             0.00      7.55         0.00      0.00     19.53      5.58
Diversity of              05/2007    feebs_itw83.ex_          0.00      0.00         0.00      0.00      3.52      6.17
                          05/2007    fujacks_itw28.ex_        0.00      0.00         0.00      0.00      0.00    522.48
antivirus engines         05/2007    fujacks_itw9.ex_         0.00      0.00         0.00   1803.80      0.00      0.00
and heuristics            05/2007
                          05/2007
                                     looked_itw123.ex_
                                     looked_itw124.ex_
                                                              0.00
                                                              0.00
                                                                        0.00
                                                                        0.00
                                                                                     0.00
                                                                                     0.00
                                                                                               0.00
                                                                                               0.00
                                                                                                         1.00
                                                                                                       231.88
                                                                                                                 618.98
                                                                                                                  75.48
                          05/2007    poebot_itw61.ex_         0.00      0.00         0.00      0.00    118.67      0.00
                          05/2007    rbot_itw2244.ex_         0.00      0.00         0.00    129.09      0.00      0.00
                          05/2007    sdbot_itw2169.ex_        1.00      1.00         1.00   1820.66   1696.55    369.36
                          05/2007    sdbot_itw2199.ex_        0.00    199.73         0.00    153.06      1.00   1639.08
                          05/2007    sohanad_itw10.ex_        0.00      1.00         0.00   1751.19    139.77      0.00
   = Less than 5 hours    05/2007    spybot_itw224.ex_       22.45    187.74        22.45    168.00      1.00     13.15
                          05/2007    vb_itw9.ex_              0.00      0.00         0.00    766.65    710.82     39.22
   = 5 to 24 hours        06/2007    ircbot_itw111.ex_        0.00      0.00         0.00      1.00      0.00     98.50
   = More than 24 hours   06/2007    rbot_itw2392.ex_         0.00      0.00         0.00   1586.10      0.00      0.00
                          06/2007    sdbot_itw2183.ex_        0.00      0.00         0.00     60.41      0.00     47.46
                          06/2007    sdbot_itw2184.ex_        0.00      0.00         0.00   1733.00   1717.69   1702.47
                          06/2007    sdbot_itw2224.ex_        0.00      0.00         0.00     55.17    462.29    107.99
                          06/2007    tirbot_itw8.ex_          0.00      0.00         0.00      0.00      0.00      0.00



                           * Includes beta signatures                          1   Source: AV-Test.org 2007 (www.av-
                           ** 0.00 denotes proactive detection                                               test.org)
Premium Spam Protection with
Forefront & Exchange 2007
 Forefront Security for Exchange Server licenses and activates the
 premium anti-spam features for Exchange 2007
 Deployed on Exchange Edge or Hub server role
     Edge server can be deployed in front of Exchange 2003 mailboxes
 Built upon base anti-spam in Exchange 2007, premium anti-spam
 protection adds:
     Microsoft IP reputation filter service and automated updates
     Automated updates for Microsoft Smartscreen spam heuristics,
     phishing Web sites and Intelligent Message Filter (IMF)
     Targeted spam signature data and automatic updates to identify
     latest spam campaigns
                                                           Secure Collaboration

Microsoft Forefront Security for SharePoint integrates multiple scan engines from
industry-leading vendors and content controls to help businesses protect their
Microsoft SharePoint collaboration environments by eliminating documents
containing malicious code, confidential information, and inappropriate content.



                             Multiple industry-leading antivirus engines
  Comprehensive
                             File & Content Keyword Filtering
    Protection               Support for Open XML & IRM-protected docs

                             Deep integration with SharePoint Server
    Optimized                Scanning innovations and performance controls
   Performance               Continuous scanning during engine updates


                             Administration console for easy setup and
     Simplified               management
    Management               Automated signature updates
                             Centralized reporting, notifications and alerts
Forefront Security for SharePoint
                                         Virus Protection for Document Libraries
                   SQL                   - Real-time scanning of documents uploaded
                   Document                 and downloaded from document library
                   Library
                                         - Manual and scheduled scanning of
                                            document library
                              Document

                                             SharePoint
                                             Server




                                                          Document
Content Policy Enforcement
- File filtering to block documents                                         Users
  from being posted based on name
  match, file type or file extension
- Content filtering by keywords within
  documents for inappropriate words
  and phrases
Antigen for Instant Messaging

Detects and removes malware                              Outside IM
and viruses in instant message                           Clients

sessions
  Protect conversations and file                                       Firewall
  transfers
  Block clickable URLs
                                                              Live
Provides advanced content-                                    Communications
                                                              Server 2005
filtering capabilities for            Microsoft Office
                                      Communicator
messages and attachments              Clients

  Enforce content policies
     Keyword filtering in messages
     and file transfers                                          Windows
                                                                 Messenger
     File filtering by type and extension                        Clients

  Enhances built-in LCS archiving by
  blocking inappropriate content
Forefront Server Security Management Console
Capabilities

  Central management console
     Deploys and configures
     Forefront/Antigen Security for
     Exchange and SharePoint
     environments
  Automates signature
  updates across the
  enterprise                          SharePoint
                                      Servers
                                                   Exchange
                                                   Servers
     Scans for and pulls updates
     for multiple antivirus engines
     Distributes updates to all
     Forefront/Antigen servers
Microsoft Forefront provides greater protection and control over
the security of your business’ network infrastructure by providing:
         A comprehensive line of information protection and access control
          products
         Integration with your existing IT infrastructure
         Simplified deployment, management, and analysis
         Technical and industry guidance

               Services
                   Network Access
                   Protection (NAP)
                                          Edge
                Intelligent Application            Server
                Gateway
                                                 Applications
                                                                 Client &
                                                                Server OS
Flexible licensing with multiple choices
   Standalone offerings to meet your specific needs
   Suites provide enhanced value and effectively meet your
   broader security needs in one simple purchase.


                                Enterprise CAL   Forefront Security
Standalone Offerings                 Suite             Suite


Forefront Client Security                               

Forefront for Exchange Server                           

Forefront for SharePoint                                

Antigen for IM                                          

Exchange Hosted Filtering                               

Other Server CALs                     
  The Enterprise CAL Suite
                                      Content management,
                                                                                   Messaging
                                       enterprise search,
                                             portal

  Office SharePoint Server Standard CAL

     Exchange Server Standard CAL

   System Server Config Manager CML

          Windows Server CAL              System monitoring                    Identity, security,
                                                                                                      Deployment
                                           and management                    networking, workloads   Flexibility and
                                                                                                        Control

                                                              Instant messaging
                                                                 and presence
                                                                                                       Simplified
 Office Communications Server Std CAL        Web, video,                           Information       Licensing and
                                               audio                                protection
 Office Communications Server Ent CAL       conferencing                            and policy        Compliance
                                                                                   enforcement
 Office SharePoint Server Enterprise CAL
    Exchange Server Enterprise CAL                                            eForms, spreadsheet
                                              Unified
 System Center Ops Manager Client OML      messaging and                        publishing, data      Increased
                                               email                              connectivity
                                            compliance                                               Value for IT
        ForeFront Security Suite
                                                        Desktop       Client & server
                                                                                                        Spend
Windows Rights Management Services CAL                 monitoring         security
Customer Testimonials                                                         “We wouldn’t put anything else
                                                                              for e-mail security on our
                                                                              Exchange Server 2007 machines.
                                                                              The software is well-respected.
                                                                              It’s been around; it’s proven. Our
 “Forefront works like a dream. We don’t                                      own experience with Microsoft
 have to do anything to it until we’re ready                                  Antigen is that it’s an outstanding
 to upgrade. With a small IT staff, that’s                                    product. Forefront Security for
 exactly what we want.”                                                       Exchange Server makes it even
 Alexander Fischer, Chief of IT Infrastructure, Koehler Paper Group
                                                                              better.”
                                                                                Chris Habala, Senior Architect/Analyst, Del Monte




“We looked at Forefront and it
blew us away. We’re a Microsoft
shop. We want to use products                         “The integration of Forefront with Exchange is
that will integrate well with what                    even better than the integration we saw with
we have. And we’ve seen the                           Antigen. It integrates proactively
Microsoft roadmap for the                             as part of the scanning flow. It’s not complicated to
Forefront product range, so we                        install or administer. Microsoft has taken one of
know this is a product we can                         the best antivirus products for Exchange and just
use to increasing advantage in                        made it better.”
the years to come.”                                              Will Wilson, Director of Information Systems, Guardian Management
                   Peter Oescheger, CIO, Sasfin
Resources
 Craig Duckering, Security Solution Specialist
  (425) 704-6419 craigd@microsoft.com



 Edge Security - Secure Publishing, Securing Branch Offices,
 Security from External Threats
 http://www.microsoft.com/forefront/edgesecurity/default.mspx


 Server Application Security - Security Solutions for Exchange,
 SMTP, SharePoint, Instant Message
 http://www.microsoft.com/forefront/serversecurity/default.mspx


 Forefront Security White Papers
 http://www.microsoft.com/forefront/serversecurity/exchange/whitepaper.mspx


 Operating System Level Security - OS Security for Desktops &
 Servers
 http://www.microsoft.com/forefront/clientsecurity/default.mspx
Appendix
Optimized Performance
 Controls                                  Engines used are not
                                           always the same. They
                                           are dynamically
A   C                                      allocated from the
                                           available pool.


B   D


                             Bias

        Max Certainty: uses all engines (100%)
        Favor Certainty: uses all available engines*
        Neutral: uses approximately 50% of available
        engines*
        Favor Performance: uses 25% of available engines*
        Max Performance: uses one engine for every scan*
Optimized Performance
 Controls                              Engines used are not
                                       always the same. They
                         A             are dynamically
                                       allocated from the
                                       available pool.
                         B



                         Bias

    Max Certainty: uses all engines (100%)
    Favor Certainty: uses all available engines*
    Neutral: uses approximately 50% of available
    engines*
    Favor Performance: uses 25% of available engines*
    Max Performance: uses one engine for every scan*

								
To top