Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Forefront Client Security

Similar presentations

Presentation on theme: "Microsoft Forefront Client Security"— Presentation transcript:

1 Microsoft Forefront Client Security
Gary Verster Microsoft Corporation

2 Microsoft Forefront Client Security
November 2006 The Security Environment Tenets of Microsoft Security Product Line Microsoft Forefront Microsoft Forefront Client Security Three Dimensions to Securing Clients © 2006 Microsoft Corporation. All rights reserved.

3 More advanced More frequent Profit motivated Application-oriented Too many point products Poor interoperability Lack of integration Multiple consoles Uncoordinated event reporting & analysis Cost and complexity

4 Protect Information and Control Access at
Operating system Server applications Network “edge” Content Heterogeneity Third-party products Secure custom apps 24/7 security research and response Cross-product integration MSFT security products MSFT server applications Integration with Microsoft IT infrastructure Active Directory®, SQL Server™, Operations Manager, etc. Integration with ecosystem partners and custom apps Unified view and analytics Reduced number of management consoles Simplified deployment Appliances and appliance- like experience Technical and industry guidance Simplified licensing

5 A comprehensive line of business security products that helps you gain greater protection through deep integration and simplified management Server Applications Edge Client and Server OS Categories: Includes secure access solutions and enterprise-class anti-malware: Products: Forefront Client Security (formerly called Microsoft Client Protection) Forefront Security for Exchange Server (currently called Microsoft Antigen for Exchange) Forefront Security for SharePoint (currently called Microsoft Antigen for SharePoint) Microsoft Antigen for Instant Messaging Microsoft Internet Security and Acceleration (ISA) Server 2006 Brand may be new, however the technology old: - ISA technology was first launched in 1996 Whale technology first shipped in 1998 The new Forefront Server Security products (prev. Antigen) will be v10 Forefront Client Security is built on the same highly successful Microsoft protection technology already used in products such as Windows Live™ OneCare™, Windows® Defender and Microsoft Forefront Security for Exchange Server.

6 Information Protection
Guidance Developer Tools Active Directory Federation Services (ADFS) Identity Management Systems Management Information Protection Encrypting File System (EFS) BitLocker™ Services Client and Server OS Server Applications Edge Network Access Protection (NAP) While Forefront is a key component of Microsoft’s strategy for providing end-to-end security for business customers, numerous other products and initiatives play significant roles in Microsoft’s vision of a well-managed and secure network infrastructure. Information Protection – Talk about RMS, EFS, BitLocker Identity Management – CLM, AD, MIIS Systems Management – SMS, WSUS, MOM Operating System – Foundation - XPSP2, Vista, Longhorn. Microsoft’s Network Access Protection (NAP), built into Vista and Longhorn, automatic validation and remediation of the security “health” of devices on your network. Devices are quarantined from the network until they are automatically brought back into compliance. Biggest area of vulnerability lies in one of most commonly used applications is the browser, and with Internet Explorer 7, especially in conjunction with Vista, new levels of security are enabled through Protected Mode (IE runs very low privilege) Last but not least, Microsoft offers wide range of technical and industry-specific guidance ensure solutions deployed correctly and in a manner most likely to provide the business benefits you are trying to realize.

7 Windows Live OneCare Safety Scanner
November 2006 FOR INDIVIDUAL USERS FOR BUSINESSES Windows Live OneCare Safety Scanner Microsoft Forefront Client Security Windows Defender Windows Live OneCare MSRT Remove most prevalent viruses Remove all known viruses Real-time antivirus Remove all known spyware Real-time antispyware Central reporting and alerting Windows Defender: A free program that helps protect your computer against pop-ups, security threats caused by spyware and other unwanted software. Windows Live OneCare Safety Scanner: A free web service that individuals can use to help ensure the health of their PC.  In addition to checking for and removing viruses, Windows Live Safety Center includes tools for improving PC performance. Learn more about Windows Live OneCare Safety Scanner at Windows Live OneCare: An all-in-one, automatic and self-updating PC care service designed to help consumers more easily protect and maintain their PCs. Windows Live OneCare is available for an annual subscription rate of $49.95 MSRP for up to three personal computers Malicious Software Removal Tool (MSRT): A tool that complements traditional antivirus technologies by helping to identify and remove the most prevalent viruses and worms from customer computers. It is available at no charge to licensed Windows users. Microsoft releases an updated version of this tool on the second Tuesday of each month. Customization IT Infrastructure Integration © 2006 Microsoft Corporation. All rights reserved.

8 Microsoft Forefront Client Security
Unified malware protection for business desktops, laptops and server operating systems that is easy to manage and control One solution for spyware and virus protection State Assessment Built on protection technology used by millions worldwide Effective threat response One console for simplified security administration Define one policy to manage client protection agent settings Integrates with your existing infrastructure Unified Protection Microsoft Forefront Client Security is built just for this…..provides unified malware protection that is easier to manage and control. Built on the same highly successful Microsoft protection technology already used by millions of people worldwide, Forefront Client Security helps guard against emerging threats such as spyware and rootkits as well as traditional threats such as viruses, worms and Trojan horses. Simplified administration Through single management console provides control over client settings, and integrates with existing infrastructure software, such as Active Directory, and complements other Microsoft security technologies for better protection and greater control. Visibility and Control Critical visibility into threats and vulnerabilities, ability to view reports and stay informed about your environment. Greater confidence about what you believe the state of your environment to be. One dashboard for visibility into threats and vulnerabilities View insightful reports Stay informed with state assessment scans and security alerts

9 November 2006 © 2006 Microsoft Corporation. All rights reserved.

10 Microsoft Forefront Client Security
One engine for virus and spyware protection Used in Windows® Defender, OneCare, Forefront Server Security, etc. Compatible with NAP through Windows Security Center Engine detection and removal capabilities include: Real-time, scheduled or on-demand detection & removal Real-time detection uses Windows Filter Manager technology Checks to ensure system is fully functional after cleaning Scanning dozens of archives and packers Scans for rootkits Behavior analysis and polymorphic viruses Heuristic detections for new malware and variants Windows Filter Manager Microsoft’s prescribed scanning platform - security vendors can apply “mini-filter” technology to scan malware in real time. Other anti-spyware solutions detect malware in user mode level - more reactive approach to detection have to allow spyware to first run before detect and scan. By using Windows Filter Manager, FCS is able to scan both virus and spyware files before they run. The other benefit to using the Windows Filter Manager is that end user disruption minimized during real-time scans of both viruses and spyware.

11 Microsoft Forefront Client Security
4/14/2017 9:09 AM Multiple data sources enabling advanced threat telemetry Dedicated team with automated analysis and testing Tight integration with MSRC and other support processes Deliver malware definition updates for: Forefront Client Security, Forefront Server Security Windows Live OneCare, Windows Defender Develop core anti-malware engine in Forefront and OneCare Develop Windows Malicious Software Removal Tool 11 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

12 Microsoft Forefront Client Security
Define security steady state Specify the ongoing security behavior of my clients Keep systems up-to-date Ensure that clients have the latest signatures View reports Determine the security state, now and over time Respond to alerts What critical security events require my attention? If we look at the Management Model, there are 4 key tasks an administrator must take when using FCS to ensure that systems are protected: Define security steady state – This includes the definition of client security policy for systems in the environment Keep systems up to date – Ensuring that the distribution systems are in place to receive signatures from Microsoft Update and to then distribute those signatures to the systems in the environment View Reports – Understanding what is the security state of the environment and whether it has improved or worsened over time Respond to Alerts – Quickly identifying what are the critical events to which the administrator must respond in order to get the environment back to its baseline.

13 Microsoft Forefront Client Security
One console for simplified security administration One policy to manage client protection agent settings, e.g.: Choice of 3 integrated policy profile deployment methods: Microsoft Forefront Client Security Console (uses AD/GP) ADM file (uses AD/GP) Export to a file then use existing software distribution system Scan schedule Real time protection on/off Signature update frequency Anti-spyware signature overrides Security state assessment settings Anti-spyware unknown action Alert level Event and logging settings SpyNet reporting on/off Level of end-user UI shown Choice of 3 integrated policy profile deployment methods Forefront Client Security allows customers to use from 3 different methods for profile deployment. Microsoft Forefront Client Security console (AD/GP) – within the console there is the option of selecting machines for targeting based on domains, sites, and organization units with the added ability to make exceptions to policy based on security groups. FCS will work in the background to create a Group Policy object and target the container selected. Using this preferred option simplifies administration, while providing for the level of control needed to ensure systems are protected. ADM File – If so desired, an ADM file can be used along with the Group Policy Management console for advanced targeting and customization. Use existing software distribution systems – The third choice is to use an existing software distribution. Within the console there is an option to export a desired policy to a file. Once exported, the file can be used to apply those settings through the software distribution system.

14 Microsoft Forefront Client Security
Existing SW Dist System Client Security Console GPMC Infrastructure used AD/GP AD/GP SW dist system GPMC, using ADM file Exported files Policy distribution via Console Targeting granularity OU-level Single machine Single machine Policy exceptions Security Groups Unlimited Unlimited Client Security Console When using the Client Security console, customers will benefit from having a single place to create and deploy policy to their environment. The key differentiating benefit is the ability to see profile compliance reports, which allow for verifying that systems have the latest version of the policy that has been deployed to them. GPMC GPMC allows for greater targeting granularity since a single machine can be targeted for policy deployment. Nonetheless, since the Client Security console has no knowledge of policies that have been created with GPMC, it will not be able to show policy compliance information which is the ability to ensure that systems have the correct and most up to date policy applied to them. Existing SW Distribution system Once policies are exported using the Client Security console, the exported file can be used to deploy policies to systems. Using existing software distribution systems, customers can take advantage of single machine targeting, but since the Client Security console has no knowledge of policies that have been deployed with the software distribution system, it will not be able to show policy compliance information, which is the ability to ensure that systems have the correct and most up to date policy applied to them. Policy compliance report Yes No No *Agents deployed via existing software distribution system

15 Microsoft Forefront Client Security
Microsoft Update Malware Research Signature deployment optimized for Windows Server Update Services (WSUS) Can use any software distribution system Auto and manual approval of definitions Client Security installs an Update Assistant service to: Increase sync frequency between WSUS and Microsoft Update (MU) for definitions Support for roaming users Failover from WSUS to Microsoft Update Failover Sync WSUS + Update Assistant Sync FCS is optimized for use with Windows Server Update Services. In typical Client Security environments, a local WSUS Server will be responsible for downloading antimalware definitions from Microsoft Update. Systems running the Client Security agent can obtain their definitions from WSUS, rather than each making an individual Microsoft Update (MU) request. WSUS allows administrators to approve updates, which helps customers who want to test updates with a targeted group of machines before broad deployment. When Client Security is installed, an Update Assistant for WSUS is also installed. This Update Assistant will increase the sync frequency between WSUS and MU to an hourly basis allowing for quick synchronization of available updates. Additionally, the Update Assistant will check in with WSUS on an hourly basis for any available antimalware definitions. For systems which are often disconnected from the corporate environment and without access to the WSUS Server, the client agent can be configured to failover directly to Microsoft Update. This helps ensure that disconnected systems such as those of a remote sales force are always up to date. Desktops, Laptops and Servers

16 Microsoft Forefront Client Security
One dashboard for visibility into threats and vulnerabilities View insightful reports Stay informed with state assessment scans and security alerts

17 Microsoft Forefront Client Security
Enables focus on threats and possible vulnerabilities State assessment scans determine which machines: Need to be patched Are configured insecurely Report categories include: Built on MOM 2005 technology Uses SQL™ Reporting Services Malware Threat(s) Vulnerability Summary Scan Results Historical Information Summary Report Deployment Alerts Computers FCS is built on MOM 2005 technology and uses SQL Reporting Services, which many customers may already be familiar with. The required MOM 2005 components are included as part of FCS to simplify deployment and use.

18 Microsoft Forefront Client Security

19 Microsoft Forefront Client Security
“Is my environment compliant with security best practices?” “Has my level of vulnerability exposure changed over time?” “What portion of my environment is at high risk?”

20 Microsoft Forefront Client Security
Alert configuration is policy specific Alerts notify admin of high-value incidents, including: Malware detected Malware failed to remove Malware outbreak Malware protection disabled Alert levels control type & volume of alerts generated Critical Issues Only, Low Value Assets Rich Data, High Value Assets 1 2 3 4 5 One of the great features of FCS is alerting as threats appear. Client Security policies can have different alert settings, which is especially important since administrators may want to configure alerts based on the assets that are being protected. Using the simple controls in Client Security helps administrators to save time by selecting the level of alerts that they want to see from different types of machines, rather than digging through and triaging alerts across their environment. Outbreak Malware removal failed Signature update failed Malware detected and removed Signature update failed (per min)

21 Public beta available now!
November 2006 Public beta available now! Download at Community-based support at Release To Manufacture planned for Q2 CY2007 Will be available through Microsoft’s volume licensing programs © 2006 Microsoft Corporation. All rights reserved.

22 Server and Domain Isolation (SD&I) Forefront™ Client Security
Combined Solution Windows Vista™ User Account Control IE7 with Protected Mode Randomize Address Space Layout Advanced Desktop Firewall Kernel Patch Protection (64bit) Policy Based Network Segmentation Restrict-To-Trusted Net Communications Infrastructure Software Integration Using the layered, integrated protection Microsoft technologies offer, administrators can unify client security, simplify its administration, and get more out of existing infrastructure. The three-dimensional secure client solution can be implemented incrementally without having to deploy separate management infrastructures. For example, administrators can start evaluating and implementing Server and Domain Isolation today (on Windows XP and Windows Server 2003). Then they can deploy Forefront Client Security on their existing Windows XP hosts and roll out Windows Vista as part of the organization’s client hardware refresh cycle (with Forefront Client Security part of the standard desktop image). All three dimensions of the secure client solution described here make use of Active Directory for policy management and distribution. Each of three security controls complements the defenses of the others in the true spirit of a defense-in-depth security strategy. As these hosts join the Active Directory domain, they automatically receive the policy settings for all three components, which reduces the complexity of deployment. The end result is a simplified yet comprehensive client security solution that helps protect your business effectively and efficiently. Unified Virus & Spyware Protection Central Management Reporting, Alerting and State Assessment

23 Unified Virus & Spyware Protection Simplified Administration
November 2006 Unified Virus & Spyware Protection Simplified Administration Critical Visibility & Control An integral part of Microsoft Forefront™ Better together with Windows Vista™ and S&DI Download now! © 2006 Microsoft Corporation. All rights reserved.

24 Microsoft Forefront Client Security

25 Thank you to our Partners for their support of TechDays 2007

Download ppt "Microsoft Forefront Client Security"

Similar presentations

Ads by Google