Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yaniv Feldman Microsoft Security Regional Director Infrastructure & Security Lead Israel.

Published byDora Casey Modified over 8 years ago

Similar presentations

Presentation on theme: "Yaniv Feldman Microsoft Security Regional Director Infrastructure & Security Lead Israel."— Presentation transcript:

1 Yaniv Feldman Microsoft Security Regional Director Infrastructure & Security Lead Db@net Israel

2 TWC SDL Systems Management Active Directory Federation Services (ADFS) Identity Management Services Information Protection Encrypting File System (EFS) BitLocker™ Client and Server OS Server Applications Edge Network Access Protection (NAP) Client and Server OS Server Applications Edge Forefront Stirling Management

3 Configuration Security Performance Network OS Applications Data

4

5 One solution for spyware and virus protection Built on protection technology used by millions worldwide Effective threat response Complements other Microsoft security products One console for simplified security administration Define one policy to manage client protection agent settings Deploy signatures and software faster Integrates with your existing infrastructure One dashboard for visibility into threats and vulnerabilities View insightful reports Stay informed with state assessment scans and security alerts Unified malware protection for business desktops, laptops and server operating systems that is easier to manage and control

6 Unified agent for virus and spyware protection Common engine used by Windows Defender, OneCare, Forefront Server Security On-access protection via kernel mode mini-filter Built on Windows Filter Manager platform Malware prevented from executing entirely – anti-virus and anti-spyware User mode scanning System Configuration, IE Add-ons & Configuration IE and Office downloads Services & drivers App execution & registration Scheduled and on-demand scans Quick scan - In memory processes, targeted directories, common malware extensibility points Full scan – Quick scan + local drives

7 Agent behavior manageable by IT administrator Flexible scan scheduling (time & interval based) Signature update frequency, roaming user fail-over Exclusions – file extensions, directories Signature overrides By specific malware By malware category Local end-user interface Policy aware – i.e. locked-down settings will be grayed out Lockdown user interface completely SpyNet reporting Compatible with Windows Security Center and Vista NAP Anti-virus and anti-spyware status – on/off and signatures up-to-date

8 Research & response organization delivers malware signatures for: Forefront Client Security, Forefront Server Security, Windows Live OneCare, Windows Defender, Malicious Software Removal Tool (MSRT) Currently protecting millions of systems Research team uses multiple data sources to identify threats Released products: Windows Defender, OneCare, MSRT, etc. Other sources: PSS, Hotmail, web crawling, customer submissions Partnerships with industry Top priority is responding to active threats in the wild Automation in analysis: Automatic malware submission storage and retrieval, resolving of duplicate submissions, prioritization of sample analysis Building out global 24x7 organization (US, Europe, Asia Pacific) Industry certifications (OneCare currently, expect same for FCS) ICSA Labs, West Coast Labs

9

10

11

12 “Has my level of vulnerability exposure changed over time?”

13

14 Problem Single Point of Failure SharePoint ISA Server SMTP Server Internet Viruses ExchangeExchange Single Vendor Single Engine Worms Spam A AAAA AAA

15 Problem Management/Cost SharePoint ISA Server SMTP Server Internet Viruses ExchangeExchange Multi-vendor Multi-engine Worms Spam AB C A E D B C

16 Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from Each scan job in a Forefront Server Security product can run up to five engines simultaneously Internal Messaging and Collaboration Servers A B C E D

17 Comprehensive Protection Optimized Performance Simplified Management Ships with & manages multiple antivirus engines File Filtering and premium anti-spam protection File & Content Keyword Filtering for SharePoint Deep integration with platform Scanning innovations and performance controls Maintains uptime and optimizes performance. Easily manage configuration and operation Automated signature updates Reporting, Notifications and Alerts

18 Response time 1 (in hours) Forefront Server Security multiple-engine advantage WildList Number Malware Name Forefront Set 1 Forefront Set 2 Forefront Set 3 Vendor 1*Vendor 2*Vendor 3* 10/2006Areses!Itw30 0.00**0.00 10/2006Areses!Itw36 0.00 1598.780.00 10/2006Areses!Itw37 0.00 52.30175.45 10/2006Areses!Itw41 0.00 13.15194.35 10/2006Mytob!Itw590 0.00 1332.170.00 10/2006Rontokbro!Itw36 0.00 613.40 10/2006Sdbot!Itw1809 0.00 9.97166.07270.39 10/2006Stration!Itw101 0.00 93.8823.4696.85 10/2006Stration!Itw102 0.00 26.0028.0530.83 10/2006Stration!Itw42 0.92 3.723.127.05 10/2006Stration!Itw43 2.00 4.804.208.13 10/2006Stration!Itw44 0.00 5.602.007.58 10/2006Stration!Itw45 0.00 3.552.007.58 10/2006Stration!Itw46 0.00 2.752.206.78 10/2006Stration!Itw47 0.00 3.723.127.05 10/2006Stration!Itw60 0.00 4.646.32 11/2006Rbot!Itw2090 0.00 1739.100.00298.64 11/2006Sdbot!Itw1814 0.00 1.000.00 11/2006Sdbot!Itw1866 0.00 26.801.0035.27 11/2006Sdbot!Itw1867 0.00 14.0012.8423.14 11/2006Sdbot!Itw1876 0.00 468.60306.82430.80 11/2006Stration!Itw124 0.00 0.380.661.888.80 12/2006Bagle!Itw137 0.00 4.010.0013.83 12/2006Bagle!Itw141 0.00 17.150.0013.83 12/2006Puce!Itw1 0.00 1.00 12/2006Rbot!Itw2038 0.00 1026.270.00 12/2006Sdbot!Itw1889 0.00 128.28255.2063.96 * Includes beta signatures ** 0.00 denotes proactive detection 1 Source: AV-Test.org 2007 (www.av-test.org)www.av-test.org Single-engine competitors = Less than 5 hours = 5 to 24 hours = More than 24 hours Key Value Proposition Leverage multiple antivirus research labs Diversity of antivirus engines and heuristics Rapid response Redundancy Response time

19 Bias Engines used are not always the same. They are dynamically allocated from the available pool. A B Max Certainty: uses all engines (100%) Favor Certainty: uses approximately 75% of available engines* Neutral: uses approximately 50% of available engines* Favor Performance: uses 25% of available engines* Max Performance: uses one engine for every scan* C D

20 Bias Engines used are not always the same. They are dynamically allocated from the available pool. Max Certainty: uses all engines (100%) Favor Certainty: uses approximately` 75% of available engines* Neutral: uses approximately 50% of available engines* Favor Performance: uses 25% of available engines* Max Performance: uses one engine for every scan* A B

21 Central management console Deploys and configures Forefront/Antigen Security for Exchange and SharePoint environments Automates signature updates across the enterprise SharePoint Servers Exchange Servers

22

23 Over 100 Events, Performance Counters, and Services Monitored Monitors the state of Forefront. Collects statistical data on scanning, detection, and removal of messages and attachments Polls Forefront Services - Provides timed events to poll systems for critical process health Key Tasks Triggers scan engine updates Centralizes storage and deployment of license files Imports, exports and deploys setting changes Initiates and/or schedules manual scan jobs Starts/Stops control of Forefront services

24 Mailbox Client Access Unified Messaging Edge Transport Hub Transport Enterprise network Other SMTP Servers Mailbox RoutingHygieneRoutingPolicy Voice Messaging PBX or VoIP Public Folders Fax Applications: OWA Protocols: ActiveSync, POP, IMAP, RPC / HTTP … Programmability: Web services, Web parts INTERNETINTERNET

25 New intelligent scanning does not scan email that has already been scanned By default, email scanned at Edge Transport or Hub Transport does not get scanned again when routed or deposited into mailboxes Minimizes AV scanning overhead to maximize mail system performance Significantly reduces scanning impact at the store Can be turned off to allow scanning at all points

26 INTERNETINTERNET Edge Server Hub RoleMailbox Role Public Folder Client SCAN and STAMP NO SCAN Mail scanned only once at the Edge Saves processing load on Hub and Mailbox servers Transport Scanning Inbound Mail

27 Edge ServerHub RoleMailbox Role Public Folder Client SCAN and STAMP NO SCAN Internal mail is routed through Hub role Proactive scanning at the Mailbox server (store) is turned off by default Saves processing load on Mailbox servers Internet

28 Forefront Security for Exchange Server licenses and activates the premium anti-spam features for Exchange 2007 Deployed on Exchange Edge or Hub server role Edge server can be deployed in front of Exchange 2003 mailboxes Built upon base anti-spam in Exchange 2007, premium anti-spam protection adds: Microsoft IP reputation filter service and automated updates Automated updates for Microsoft Smartscreen spam heuristics, phishing Web sites and Intelligent Message Filter (IMF) Targeted spam signature data and automatic updates to identify latest spam campaigns

29 SQL Document Library Document Users Document SharePoint Server Virus Protection for Document Libraries -Real-time scanning of documents uploaded and downloaded from document library -Manual and scheduled scanning of document library Content Policy Enforcement -File filtering to block documents from being posted based on name match, file type or file extension -Content filtering by keywords within documents for inappropriate words and phrases

30 ISA Server Public IM Networks External Users Perimeter Network Internal Network Remote User Access Edge Server Front-End Server Director Server (VPN) Federated (Trusted) Organization FSOCS scans IM Messages & file transfers flowing through OCS 2007 by protecting each instance of a Standard Edition, Front End, Director and Access Edge server role. ISA Server

31 Past Client Server Edge CurrentFuture Next Generation Client Security Next Generation Server Security Next Generation Edge Security Integrated Protection & Management Codename ‘Stirling’ Codename ‘Stirling’

32 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Yaniv Feldman Yaniv@dbnet.co.il Thanks for Listening

Download ppt "Yaniv Feldman Microsoft Security Regional Director Infrastructure & Security Lead Israel."

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.

Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.
Provide a platform built on security, privacy, and trust Maintain an evergreen service Offer highly configurable and scalable services.

Provide a platform built on security, privacy, and trust Maintain an evergreen service Offer highly configurable and scalable services.
Microsoft Forefront Client Security

Microsoft Forefront Client Security
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.

Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Communication Challenges Communication Overload Distributed teams, partners, and customers High cost of communications Security and compliance.

Communication Challenges Communication Overload Distributed teams, partners, and customers High cost of communications Security and compliance.
Optimize for Software + Services E-mail ArchivingE-mail Archiving Protect CommunicationsProtect Communications Advanced SecurityAdvanced Security Manage.

Optimize for Software + Services Archiving Archiving Protect CommunicationsProtect Communications Advanced SecurityAdvanced Security Manage.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Christophe Fiessinger & Jan Kalis Senior Technical Product Manager Microsoft Corporation Session Code: OFS214.

Christophe Fiessinger & Jan Kalis Senior Technical Product Manager Microsoft Corporation Session Code: OFS214.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.
What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.

What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.

Similar presentations

Ads by Google