3More advancedMore frequentProfit motivatedApplication-orientedToo many point productsPoor interoperabilityLack of integrationMultiple consolesUncoordinated event reporting & analysisCost and complexity
4Protect Information and Control Access at Operating systemServer applicationsNetwork “edge”ContentHeterogeneityThird-party productsSecure custom apps24/7 security research and responseCross-product integrationMSFT security productsMSFT server applicationsIntegration with Microsoft IT infrastructureActive Directory®, SQL Server™, Operations Manager, etc.Integration with ecosystem partners and custom appsUnified view and analyticsReduced number of management consolesSimplified deploymentAppliances and appliance- like experienceTechnical and industry guidanceSimplified licensing
5A comprehensive line of business security products that helps you gain greater protection through deep integration and simplified managementServer ApplicationsEdgeClient and Server OSCategories: Includes secure access solutions and enterprise-class anti-malware:Products:Forefront Client Security (formerly called Microsoft Client Protection)Forefront Security for Exchange Server (currently called Microsoft Antigen for Exchange)Forefront Security for SharePoint (currently called Microsoft Antigen for SharePoint)Microsoft Antigen for Instant MessagingMicrosoft Internet Security and Acceleration (ISA) Server 2006Brand may be new, however the technology old:- ISA technology was first launched in 1996Whale technology first shipped in 1998The new Forefront Server Security products (prev. Antigen) will be v10Forefront Client Security is built on the same highly successful Microsoft protection technology already used in products such as Windows Live™ OneCare™, Windows® Defender and Microsoft Forefront Security for Exchange Server.
6Information Protection GuidanceDeveloper ToolsActive Directory Federation Services (ADFS)Identity ManagementSystems ManagementInformation ProtectionEncrypting File System (EFS)BitLocker™ServicesClient and Server OSServer ApplicationsEdgeNetwork Access Protection (NAP)While Forefront is a key component of Microsoft’s strategy for providing end-to-end security for business customers, numerous other products and initiatives play significant roles in Microsoft’s vision of a well-managed and secure network infrastructure.Information Protection – Talk about RMS, EFS, BitLockerIdentity Management – CLM, AD, MIISSystems Management – SMS, WSUS, MOMOperating System – Foundation - XPSP2, Vista, Longhorn.Microsoft’s Network Access Protection (NAP), built into Vista and Longhorn, automatic validation and remediation of the security “health” of devices on your network. Devices are quarantined from the network until they are automatically brought back into compliance.Biggest area of vulnerability lies in one of most commonly used applications is the browser, and with Internet Explorer 7, especially in conjunction with Vista, new levels of security are enabled through Protected Mode (IE runs very low privilege)Last but not least, Microsoft offers wide range of technical and industry-specific guidance ensure solutions deployed correctly and in a manner most likely to provide the business benefits you are trying to realize.
8Microsoft Forefront Client Security Unified malware protection for business desktops, laptops and server operating systems that is easy to manage and controlOne solution for spyware and virus protectionState AssessmentBuilt on protection technology used by millions worldwideEffective threat responseOne console for simplified security administrationDefine one policy to manage client protection agent settingsIntegrates with your existing infrastructureUnified ProtectionMicrosoft Forefront Client Security is built just for this…..provides unified malware protection that is easier to manage and control.Built on the same highly successful Microsoft protection technology already used by millions of people worldwide, Forefront Client Security helps guard against emerging threats such as spyware and rootkits as well as traditional threats such as viruses, worms and Trojan horses.Simplified administrationThrough single management console provides control over client settings, and integrates with existing infrastructure software, such as Active Directory, and complements other Microsoft security technologies for better protection and greater control.Visibility and ControlCritical visibility into threats and vulnerabilities, ability to view reports and stay informed about your environment.Greater confidence about what you believe the state of your environment to be.One dashboard for visibility into threats and vulnerabilitiesView insightful reportsStay informed with state assessment scans and security alerts
10Microsoft Forefront Client Security One engine for virus and spyware protectionUsed in Windows® Defender, OneCare, Forefront Server Security, etc.Compatible with NAP through Windows Security CenterEngine detection and removal capabilities include:Real-time, scheduled or on-demand detection & removalReal-time detection uses Windows Filter Manager technologyChecks to ensure system is fully functional after cleaningScanning dozens of archives and packersScans for rootkitsBehavior analysis and polymorphic virusesHeuristic detections for new malware and variantsWindows Filter ManagerMicrosoft’s prescribed scanning platform - security vendors can apply “mini-filter” technology to scan malware in real time.Other anti-spyware solutions detect malware in user mode level - more reactive approach to detection have to allow spyware to first run before detect and scan. By using Windows Filter Manager, FCS is able to scan both virus and spyware files before they run.The other benefit to using the Windows Filter Manager is that end user disruption minimized during real-time scans of both viruses and spyware.
12Microsoft Forefront Client Security Define security steady stateSpecify the ongoing security behavior of my clientsKeep systems up-to-dateEnsure that clients have the latest signaturesView reportsDetermine the security state, now and over timeRespond to alertsWhat critical security events require my attention?If we look at the Management Model, there are 4 key tasks an administrator must take when using FCS to ensure that systems are protected:Define security steady state – This includes the definition of client security policy for systems in the environmentKeep systems up to date – Ensuring that the distribution systems are in place to receive signatures from Microsoft Update and to then distribute those signatures to the systems in the environmentView Reports – Understanding what is the security state of the environment and whether it has improved or worsened over timeRespond to Alerts – Quickly identifying what are the critical events to which the administrator must respond in order to get the environment back to its baseline.
13Microsoft Forefront Client Security One console for simplified security administrationOne policy to manage client protection agent settings, e.g.:Choice of 3 integrated policy profile deployment methods:Microsoft Forefront Client Security Console (uses AD/GP)ADM file (uses AD/GP)Export to a file then use existing software distribution systemScan scheduleReal time protection on/offSignature update frequencyAnti-spyware signature overridesSecurity state assessment settingsAnti-spyware unknown actionAlert levelEvent and logging settingsSpyNet reporting on/offLevel of end-user UI shownChoice of 3 integrated policy profile deployment methodsForefront Client Security allows customers to use from 3 different methods for profile deployment.Microsoft Forefront Client Security console (AD/GP) – within the console there is the option of selecting machines for targeting based on domains, sites, and organization units with the added ability to make exceptions to policy based on security groups. FCS will work in the background to create a Group Policy object and target the container selected. Using this preferred option simplifies administration, while providing for the level of control needed to ensure systems are protected.ADM File – If so desired, an ADM file can be used along with the Group Policy Management console for advanced targeting and customization.Use existing software distribution systems – The third choice is to use an existing software distribution. Within the console there is an option to export a desired policy to a file. Once exported, the file can be used to apply those settings through the software distribution system.
14Microsoft Forefront Client Security Existing SW Dist SystemClient Security ConsoleGPMCInfrastructure usedAD/GPAD/GPSW dist systemGPMC, using ADM fileExportedfilesPolicy distribution viaConsoleTargeting granularityOU-levelSingle machineSingle machinePolicy exceptionsSecurity GroupsUnlimitedUnlimitedClient Security ConsoleWhen using the Client Security console, customers will benefit from having a single place to create and deploy policy to their environment. The key differentiating benefit is the ability to see profile compliance reports, which allow for verifying that systems have the latest version of the policy that has been deployed to them.GPMCGPMC allows for greater targeting granularity since a single machine can be targeted for policy deployment. Nonetheless, since the Client Security console has no knowledge of policies that have been created with GPMC, it will not be able to show policy compliance information which is the ability to ensure that systems have the correct and most up to date policy applied to them.Existing SW Distribution systemOnce policies are exported using the Client Security console, the exported file can be used to deploy policies to systems. Using existing software distribution systems, customers can take advantage of single machine targeting, but since the Client Security console has no knowledge of policies that have been deployed with the software distribution system, it will not be able to show policy compliance information, which is the ability to ensure that systems have the correct and most up to date policy applied to them.Policy compliance reportYesNoNo*Agents deployed via existing software distribution system
15Microsoft Forefront Client Security Microsoft UpdateMalware ResearchSignature deployment optimized for Windows Server Update Services (WSUS)Can use any software distribution systemAuto and manual approval of definitionsClient Security installs an Update Assistant service to:Increase sync frequency between WSUS and Microsoft Update (MU) for definitionsSupport for roaming usersFailover from WSUS to Microsoft UpdateFailoverSyncWSUS + Update AssistantSyncFCS is optimized for use with Windows Server Update Services.In typical Client Security environments, a local WSUS Server will be responsible for downloading antimalware definitions from Microsoft Update.Systems running the Client Security agent can obtain their definitions from WSUS, rather than each making an individual Microsoft Update (MU) request.WSUS allows administrators to approve updates, which helps customers who want to test updates with a targeted group of machines before broad deployment.When Client Security is installed, an Update Assistant for WSUS is also installed. This Update Assistant will increase the sync frequency between WSUS and MU to an hourly basis allowing for quick synchronization of available updates. Additionally, the Update Assistant will check in with WSUS on an hourly basis for any available antimalware definitions.For systems which are often disconnected from the corporate environment and without access to the WSUS Server, the client agent can be configured to failover directly to Microsoft Update. This helps ensure that disconnected systems such as those of a remote sales force are always up to date.Desktops, Laptops and Servers
16Microsoft Forefront Client Security One dashboard for visibility into threats and vulnerabilitiesView insightful reportsStay informed with state assessment scans and security alerts
17Microsoft Forefront Client Security Enables focus on threats and possible vulnerabilitiesState assessment scans determine which machines:Need to be patchedAre configured insecurelyReport categories include:Built on MOM 2005 technologyUses SQL™ Reporting ServicesMalware Threat(s)Vulnerability SummaryScan ResultsHistorical InformationSummary ReportDeploymentAlertsComputersFCS is built on MOM 2005 technology and uses SQL Reporting Services, which many customers may already be familiar with. The required MOM 2005 components are included as part of FCS to simplify deployment and use.
19Microsoft Forefront Client Security “Is my environment compliant with security best practices?”“Has my level of vulnerability exposure changed over time?”“What portion of my environment is at high risk?”
20Microsoft Forefront Client Security Alert configuration is policy specificAlerts notify admin of high-value incidents, including:Malware detectedMalware failed to removeMalware outbreakMalware protection disabledAlert levels control type & volume of alerts generatedCritical Issues Only,Low Value AssetsRich Data,High Value Assets12345One of the great features of FCS is alerting as threats appear. Client Security policies can have different alert settings, which is especially important since administrators may want to configure alerts based on the assets that are being protected.Using the simple controls in Client Security helps administrators to save time by selecting the level of alerts that they want to see from different types of machines, rather than digging through and triaging alerts across their environment.OutbreakMalware removal failedSignature update failedMalware detected and removedSignature update failed (per min)
22Server and Domain Isolation (SD&I) Forefront™ Client Security Combined SolutionWindows Vista™User Account ControlIE7 with Protected ModeRandomize Address Space LayoutAdvanced Desktop FirewallKernel Patch Protection (64bit)Policy Based Network SegmentationRestrict-To-Trusted Net CommunicationsInfrastructure Software IntegrationUsing the layered, integrated protection Microsoft technologies offer, administrators can unify client security, simplify its administration, and get more out of existing infrastructure.The three-dimensional secure client solution can be implemented incrementally without having to deploy separate management infrastructures. For example, administrators can start evaluating and implementing Server and Domain Isolation today (on Windows XP and Windows Server 2003). Then they can deploy Forefront Client Security on their existing Windows XP hosts and roll out Windows Vista as part of the organization’s client hardware refresh cycle (with Forefront Client Security part of the standard desktop image).All three dimensions of the secure client solution described here make use of Active Directory for policy management and distribution. Each of three security controls complements the defenses of the others in the true spirit of a defense-in-depth security strategy. As these hosts join the Active Directory domain, they automatically receive the policy settings for all three components, which reduces the complexity of deployment.The end result is a simplified yet comprehensive client security solution that helps protect your business effectively and efficiently.Unified Virus & Spyware ProtectionCentral ManagementReporting, Alerting and State Assessment