Download presentation
Presentation is loading. Please wait.
Published byGarey Grant Modified over 9 years ago
1
Microsoft System Center 2012 Endpoint Protection Overview Adwait Joshi (AJ) Product Marketing Manager Microsoft Corporation Mark Florida Principal Program Manager Lead Microsoft Corporation MGT310
4
National Interest Personal Gain Personal Fame Curiosity Script-Kiddy Hobbyist Hacker Expert Specialist Vandal Thief Spy Trespasser Tools created by experts now used by less skilled attackers and criminals Fastest growing segment Author
5
Unified Infrastructure Reduce the cost of maintaining secure endpoints with unified management and security infrastructure Simplified Administration Single administrator experience for simplified endpoint protection and management Enhanced Protection Protect against known and unknown threats with endpoint inspection at behavior, application, and network levels
6
Exchange ConnectorSettings ManagementSoftware Updates + SCUPEndpoint Protection SWD OSD
7
Unified Infrastructure Reduce the cost of maintaining secure endpoints with unified management and security infrastructure Easy to setup and operate the management infrastructure Easy client install and migration Automated deployment of updates using ConfigMgr infrastructure Simplified deployment of antimalware policies
8
EP CLIENT on ConfigMgr Server FEP SERVICE FEP DW FEP DB CM DB CONFIGURATION MANAGER SITE SERVER MANAGEMENT POINT CM CLIENT DISTRIBUTION POINT EP CLIENT EXCEL TEMPLATE REPORTS FEP EXTENSIONS EP DEPLOYMENT EP OPERATIONS EP POLICY SERVERCLIENT CONFIGURATION MANAGER 2007 FOREFRONT ENDPOINT PROTECTION 2010 EP SITE ROLE CONFIGURATION MANAGER 2012 ENDPOINT PROTECTION 2012 Pre-Packaged EP CLIENT FEP DEPLOYMENT FEP OPERATIONS FEP POLICY Definition Catalogs
9
Centralized management for AM and Firewall Policy AM and FW policy delivered as ConfigMgr policy – no package/program dependency Out of box templates Import, Export, Merge Prioritization of policies by collection Simplified UI for customizing policy
10
Easier distribution process Automatic deployment rules within ConfigMgr software updates Minimizes WAN impact Uses distribution points and reduced definition size Ensures always up-to-date security regardless of the client location Multiple update sources (ConfigMgr, WSUS, Microsoft Update, Windows File Share) MICROSOFT UPDATE ON THE ROAD Fallback to online update Updates distributed through ConfigMgr, WSUS or Windows File Share DELTA UPDATE SIZE: 50-2048 KB UPDATE FREQUENCY: 3 TIMES/DAY
11
Ease of client setup and deployment No separate deployment needed for endpoint protection client Endpoint Protection agent installer deployed with Configuration Manager client setup Endpoint Protection client and definitions easily integrated with OSD Flexible administrative control Administrator can force or suppress any required reboots Configurable option for automatic removal of existing AV client Easy migration from existing solutions and automatic removal of existing clients Symantec McAfee TrendMicro Forefront Client Security or Forefront Endpoint Protection
12
Client Deployment
13
Single interface for client management and security Improved alerting, client to admin within 5 minutes, and reporting, with real-time and user-centric data views Simplified Administration Single administrator experience for simplified endpoint protection and management
14
Single interface for client management and security Dashboard integrated with ConfigMgr console Simplified cross-feature integration Quick identification and remediation of client security issues Dashboard focused on actionable events Flexibility to separate security admin role Role-based administration Access to only relevant security information
15
Quick alerts and event notification in the console Uses high speed data channel to notify events in real time High speed data channel prioritizes EP messages in state system, and no client “wait” to send messages up Integrated monitoring for client health and antimalware status Email subscription for alerts
16
Rich reporting on client security SQL Reporting Services-based reports on many categories User-centric reports enable identification of commonly impacted users Customizable reports simplified through database integration
17
Management and Real-time Monitoring
18
What’s new in SP1
19
Administrator “Dial tone” Active TCP Session with the MP Client Checking for urgent tasks 1 2 In administrative console selects “Run Full Scan” on a collection “Call is placed” Client via this TCP connection is told there are urgent tasks to run Client then connects to the MP to get policy Client runs the Full Scan Task 4 Client Task = “Run Full Scan” A task is created MP is told that new urgent task has been requested 3 Site Server and MP All this happens within seconds What’s new in SP1
20
Real-time Administrative Actions in Endpoint Protection SP1
21
Comprehensive protection stack building on Windows Security Proactive protection against known and unknown threats Reduced complexity while protecting clients Enhanced Protection Protect against known and unknown threats with endpoint inspection at behavior, application, and network levels
22
Proactive Techniques (Against Unknown Threats) APPLICATION FILE SYSTEM NETWORK Reactive Techniques (Against Known Threats) DYNAMIC CLOUD UPDATES Microsoft Malware Protection Center Dynamic Signature Service System Center Endpoint Protection Windows 7 Data Execution Prevention Address Space Layout Randomization Windows Resource Protection User Account Control Internet Explorer ® 8 SmartScreen Microsoft BitLockerMicrosoft AppLocker
23
Real Time Protection Driver Intercepts Industry-leading proactive detection Emulation based detection helps provide better protection Safe translation in a virtual environment for analysis Enables faster scanning and response to threats Heuristics enable one signature to detect thousands of variants Potential Malware Execution attempt on the system VIRTUALIZED RESOURCES Safe Translation Using DT Malware Detected Malicious File Blocked
24
Live system monitoring identifies new threats Tracks behavior of unknown processes and known bad processes Multiple sensors to detect OS anomaly Updates for new threats delivered through the cloud in real time Real time signature delivery with Microsoft Active Protection Service Immediate protection against new threats without waiting for scheduled updates RESEARCHERSREPUTATION REAL-TIME SIGNATURE DELIVERY BEHAVIOR CLASSIFIERS Microsoft Active Protection Service Properties/ Behavior Real-time signature Sample request Sample submit 1234
25
Simple interface Minimal, high-level user interactions Administrative Control User configurability options Central policy enforcement Maintains high productivity CPU throttling during scans Faster scans through advanced caching
27
What’s new in SP1
28
Key ScenariosForefront Endpoint Protection 2010System Center 2012 Endpoint Protection Unified infrastructureSystem Center Configuration Manager 2007System Center 2012 Configuration Manager Server setupSeparate installUnified setup Client deploymentConfigMgr distribution processIntegrated Signature updatesMultiple sources (WSUS, File Share, Microsoft Update) Multiple sources with automatic deployment rules from ConfigMgr console Proactive protection Firewall management Role based administrationNew Alerts and monitoringReal time alerts ReportsAdditional user centric reports Unify Protect Simplify
29
Launching a Windows Defender Offline Scan with Configuration Manager 2012 OSD Operating System Deployment and Endpoint Protection Client Installation Software Update Content Cleanup in System Center 2012 Configuration Manager Building Custom Endpoint Protection Reports in System Center 2012 Configuration Manager Managing Software Updates in Configuration Manager 2012 How-to-Videos Product Documentation Security and Compliance Manager – Configuration Packs
30
Breakout Sessions MGT309 | Microsoft System Center 2012 Configuration Manager Overview MGT311 | Microsoft System Center 2012 Configuration Manager Deployment and Infrastructure Technical Overview MGT312 | Deep Application Management with Microsoft System Center 2012 Configuration Manager MGT313 | Microsoft System Center 2012 Configuration Manager: Plan, Deploy, and Migrate from Configuration Manager 2007 to 2012 MGT318 | Patch and Settings Management in Microsoft System Center 2012 Configuration Manager WCL388 | Client Management Scenarios in the Windows 8 Timeframe
31
Hands-on Labs: MGT23-HOL | Deploying Windows 7 to Bare Metal Systems with Microsoft System Center 2012 Configuration Manager MGT24-HOL | Implementing Endpoint Protection 2012 in Microsoft System Center 2012 Configuration Manager MGT12-HOL | Compliance and Settings Management in Microsoft System Center 2012 Configuration Manager MGT25-HOL | Deep Dive: Microsoft System Center 2012 Configuration Manager SQL Replication Labs MGT21-HOL | Basic Software Distribution in Microsoft System Center 2012 Configuration Manager MGT16-HOL | Migrating from Microsoft System Center Configuration Manager 2007 to System Center 2012 Configuration Manager MGT14-HOL | Implementing Role Based Administration in Microsoft System Center 2012 Configuration Manager MGT15-HOL | Deploying a Microsoft System Center 2012 Configuration Manager Hierarchy MGT11-HOL | Introduction to Microsoft System Center 2012 Configuration Manager
32
Connect. Share. Discuss. http://northamerica.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn
33
Required Slide Complete an evaluation on CommNet and enter to win!
34
Scan the Tag to evaluate this session now on myTechEd Mobile
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.