Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ved Christian Stahl, Microsoft Enterprise Services Forefront Codenname ”Stirling”

Published byCecily Zoe Tate Modified over 8 years ago

Similar presentations

Presentation on theme: "Ved Christian Stahl, Microsoft Enterprise Services Forefront Codenname ”Stirling”"— Presentation transcript:

1 Ved Christian Stahl, Microsoft Enterprise Services Forefront Codenname ”Stirling”

2 Agenda Introduktion til Security Management Introduktion til ForeFront Codename ”Stirling” Stirling funktionalitet Stirling arkitektur

3 Security Management today Jumping between consoles waste time Each console has its own policy paradigm Product’s are in silos with no integration Lack of integration with infrastructure generate inefficiencies Difficult to know if solutions are protecting from emerging threats Management Console Reporting Console Console Endpoint Protection Server Application Protection Network Edge Vulnerability Assessment

4 One console for simplified, role-based security management Define one security policy for your assets across protection technologies Deploy signatures, policies and software quickly Integrates with your existing infrastructure: SCOM, SQL, WSUS, AD, NAP, SCCM Simplified Management with Stirling

5 Network Edge Server Applications Client and Server OS Comprehensive line of business security products that helps you gain greater protection and secure access through deep integration and simplified management

6 Poll Hvor mange anvender: ForeFront Client? ISA Server? ForeFront for Exchange eller MOSS?

7 Forefront codename "Stirling" Next Generation Forefront Client Security Antivirus / Antispyware Host Firewall & NAP Others – To be announced at a later date Next Generation Forefront Server Security Exchange Protection SharePoint Protection Others – To be announced at a later date Next Generation Edge Security and Access Firewall VPN Others – To be announced at a later date Comprehensive, coordinated protection with dynamic responses to complex threats Unified management across client, server application, & edge security in one console Critical visibility into overall security state including threats and vulnerabilities Comprehensive, coordinated protection with dynamic responses to complex threats Unified management across client, server application, & edge security in one console Critical visibility into overall security state including threats and vulnerabilities

8 Management & VisibilityManagement & Visibility Dynamic Response Network Edge Server Applications Client and Server OS vNext An Integrated Security System

9 Integrated protection across clients, server and edge Integrated protection across clients, server and edge Dynamic responses to emerging threats Dynamic responses to emerging threats Next generation protection technologies Next generation protection technologies Integrated protection across clients, server and edge Integrated protection across clients, server and edge Dynamic responses to emerging threats Dynamic responses to emerging threats Next generation protection technologies Next generation protection technologies Manage from a single role-based console Manage from a single role-based console Asset and policy centric model Asset and policy centric model Integrates with your existing infrastructure Integrates with your existing infrastructure Manage from a single role-based console Manage from a single role-based console Asset and policy centric model Asset and policy centric model Integrates with your existing infrastructure Integrates with your existing infrastructure Know your security state in real-time Know your security state in real-time View insightful reports View insightful reports Investigate & remediate security issues Investigate & remediate security issues Know your security state in real-time Know your security state in real-time View insightful reports View insightful reports Investigate & remediate security issues Investigate & remediate security issues An Integrated Security System that delivers comprehensive, coordinated protection with simplified management and critical visibility across clients, servers, and the network edge ComprehensiveProtection SimplifiedManagement CriticalVisibility

10 Silo'd best of breed solution are not enough Breaches came from a combination of event: –62% were attributed to a significant error –59% resulted from hacking and intrusions –31% incorporated malicious code –22% exploited a vulnerability –15% were due to physical threats

11 Manual: Launch a scan WEBWEB Manual: Disconnect the Computer Example: Zero Day Scenario

12 TMG identifies malware on DEMO-CLT1 computer attempting to propagate (Port Scan) WEBWEB Compromised Computer DEMO-CLT1 High Fidelity High Severity Expire: Wed Compromised User: Andy Low Fidelity High Severity Expire: Wed FCS identifies Andy has logged on to DEMO-CLT1 Alert Scan Computer Block Email Block IM Reset Account Quarantine Example: Zero Day Scenario With Stirling and Dynamic Response

13 Shared Information… AssessmentSeverityDefinition Compromised Computer HighMalware gains admin-level control over the computer or the computer imposes active and immediate threat to other computers. Example - Rootkit, bot, fast self-propagating worm MedMalware has user-level control on the computer; malware might affect the computer moderately. Example - Virus with user account privileges; virus requiring humans to propagate LowMalware has minimal control over the computer, similar to the control obtained by a guest account. Example - spyware Vulnerable Computer HighThe computer is more likely to be compromised in the very near future with a potential damage that corresponds to a high severity compromised computer. Example - Can be exploited by self-propagating worm MedThe computer is more likely to be compromised eventually, but there is no immediate threat. Example – missing patch mitigated by default configuration LowThe computer can be compromised with major effort such as a full blown dictionary attack, or having a n intruder gain physical access to the computer) The potential damage is expected to be low. Example – weak password, miss-configured IE Compromised User HighAttacker is the legal owner of the account. (Intended to be used as a manual injected assessment) Example - clear insider threat MedThe attacker has full control over the account Example – attacker obtains users password LowThe attacker has limited control of the account, usually the attacker does not have account privileges. Example - email worm that propagates only when user is logged-in 70+ assessments across are coming with Stirling Beta 2.

14 Console Sneak Peak

15 Know your security state View insightful reports Investigate and remediate security risks Critical Visibility & Control

16 Risk Management Dashboard Risk = Security State X Asset Value Asset value via Stirling policies Overall security risk driven by actionable rules Single number to sort assets by Enterprise security status reports

17 Acitivity Reporting Technology specific Complementing security and health monitoring Visibility into –Security Effectiveness –Resource consumption –Productivity Impact Planning and measuring

18 TMG: Connect to "Stirling" Provided by Stirling Admin

19 Stirling: TMG connectivity state 19

20 Stirling: Response Plan (Policy)

21 TMG Assessment / Response

22 TMG: Response Implementation

23 Poll Hvor mange anvender: SCOM? WSUS?

24 Desktops, Laptops and Servers Stirling Core Server Exchange Servers SharePoint Servers Threat Management Gateway Servers Microsoft Update Virus &Spyware Definitions Events Settings Events Settings Events Settings Stirling Console Systems Center Operations Manager Windows Server Update Services (WSUS) Stirling Data Analysis & Collection Servers Events Settings Forefront Security Assessment Channel 3 rd party protection service Stirling Conceptual Architecture

25 Stirling defines several roles that make up the overall system –Stirling Core – central processing –Stirling Core DB – Stirling databases –“DAC” DAC-RMS – System Center Operations Manager – Root Management Server DAC-MS – Management Server DAC-DB – SCOM databases –Stirling Reporting –Stirling NPS (Network Policy Server) –Stirling Console

26

27

28 2-Box Configuration

29 Scaling Your Deployment

30 Q: Can I use my existing SCOM infrastructure for Stirling? A: Yes, but unless it’s already managing all your desktops too, you’ll have to add more servers to scale it out Q: Can I use.. –Clusters? –Virtualization? A: Yes

31 Q: How many clients can each SCOM server support? A: Performance testing is well underway, but I’ll cover some of our scale goals coming up

Download ppt "Ved Christian Stahl, Microsoft Enterprise Services Forefront Codenname ”Stirling”"

Similar presentations

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Microsoft Forefront Client Security

Microsoft Forefront Client Security
SIM311. Built on top of Microsoft ® System Center Configuration ManagerBuilt on top of Microsoft ® System Center Configuration Manager Supports all.

SIM311. Built on top of Microsoft ® System Center Configuration ManagerBuilt on top of Microsoft ® System Center Configuration Manager Supports all.
SIM317 Built on top of Microsoft ® System Center Configuration ManagerBuilt on top of Microsoft ® System Center Configuration Manager Supports all.

SIM317 Built on top of Microsoft ® System Center Configuration ManagerBuilt on top of Microsoft ® System Center Configuration Manager Supports all.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Microsoft Operations Management Suite

Microsoft Operations Management Suite
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.

Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Jayesh Mowjee Security Consultant Microsoft Session Code: SIA203.

Jayesh Mowjee Security Consultant Microsoft Session Code: SIA203.

Similar presentations

Ads by Google