Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dominik Zemp TSP Security Microsoft Switzerland

Published byPeter Underwood Modified over 8 years ago

Similar presentations

Presentation on theme: "Dominik Zemp TSP Security Microsoft Switzerland"— Presentation transcript:

1 Dominik Zemp TSP Security Microsoft Switzerland dominik.zemp@microsoft.com

2 Forefront Codename “Stirling” Overview Security Assessment Sharing Infrastructure and Architecture Deployment and Scalability Monitoring “Stirling” Protection Technologies Forefront Client Security Forefront Server Security Live Demo New Roadmap

3 Integrated Identity & Security offerings to help customers: Raise Productivity Improve Protection Lower Cost of Ownership Increase Visibility

4 Management Console Management Console Network Edge Server Applications Client and Server OS Management Console Comprehensive line of business security products that helps you gain greater protection and secure access through deep integration and simplified management

5 Technical Overview

6 Multiple industry-leading detection technologies for advanced protection against viruses, spyware, spam, and web-based threats End to end coordinated protection across multiple products with correlated analytics and health assessment Support from industry-leading malware research and response Multiple industry-leading detection technologies for advanced protection against viruses, spyware, spam, and web-based threats End to end coordinated protection across multiple products with correlated analytics and health assessment Support from industry-leading malware research and response Single console for managing endpoint, collaboration, on-premise and cloud messaging server security for policy configuration for faster responses Enterprise-wide visibility and reporting into threats and vulnerabilities to enable compliance Automated risk assessment with prioritized view of threats for easy investigation and auditing Single console for managing endpoint, collaboration, on-premise and cloud messaging server security for policy configuration for faster responses Enterprise-wide visibility and reporting into threats and vulnerabilities to enable compliance Automated risk assessment with prioritized view of threats for easy investigation and auditing Integrated multilayered protection that optimizes performance and resource efficiency Integrates with existing Microsoft Infrastructure for integrated security and operational efficiency Enables third party technology partners to interoperate for improved real time visibility of enterprise security risk assessment Integrated multilayered protection that optimizes performance and resource efficiency Integrates with existing Microsoft Infrastructure for integrated security and operational efficiency Enables third party technology partners to interoperate for improved real time visibility of enterprise security risk assessment ComprehensiveProtectionComprehensiveProtection SimplifiedManagementSimplifiedManagement Integrated Security An integrated security suite that delivers comprehensive protection across endpoint, application servers and the edge that is easier to manage and control

7 “Stirling” Central Mgmt Server Network Edge Server Applications Client and Server OS vNext Shared Assessment Sharing (SAS) 3 rd Party Partner Solutions Other Microsoft Solutions Unified Management In Depth Investigation Enterprise-wide Visibility An integrated security suite that delivers comprehensive protection across endpoint, application servers and the edge that is easier to manage and control Active Directory NAP

8 DNS Reverse Lookup Client Event Log Edge Protection Log Network Admin Edge Protection Client Security DEMO-CLT1 Andy Desktop Admin Manual: Launch a scan WEB Malicious Web Site Phone Manual: Disconnect the Computer Hours? Days?

9 Security Assessments Sharing TMG identifies malware on DEMO-CLT1 computer attempting to propagate (Port Scan) Security Admin Network Admin DEMO-CLT1 Andy Desktop Admin Malicious Web Site WEB Forefront TMG Client Security Compromised Computer DEMO-CLT1 High Confidence High Severity Expire: Wed Compromised Computer DEMO-CLT1 High Confidence High Severity Expire: Wed Compromised User: Andy Low Confidence High Severity Expire: Wed Compromised User: Andy Low Confidence High Severity Expire: Wed Stirling Core NAP Active Directory Forefront Server for: Exchange, SharePoint OCS FCS identifies Andy has logged on to DEMO-CLT1 Alert Scan Computer Block Email Block IM Reset Account Quarantine Minutes

10 Trusted Services Technologies (protection & other) part of the system Generate Security Assessments  Based on domain specific data  Based on assessments from others Generate Security Assessments  Based on domain specific data  Based on assessments from others Take local actions Consume Assessments from others Provide visibility for monitoring & investigation SASSAS Who: User, Computer (IT Asset) What: Compromised / Vulnerable What else: Confidence Level, Severity, Temporary Security Assessment A conclusion about the observed security state on an IT asset Layered Protection across the organization Protection technologies that work together Protection technologies that share security information Protection technologies that take action together

11 REPORTS POLICYPOLICY GROUPSGROUPS POLICY EVENTS Network Access Protection (NAP) Forefront Client Security, Forefront Security for Exchange, Forefront Security for SharePoint, Forefront Threat Management Gateway Required Infrastructure INTEGRATION INFRASTRUCTURE CORE INFRASTRUCTURE SIGNATURE, UPDATES Microsoft Update

12 Policy 66 ` Managed Asset Agent Protection Technology Policy 9 10 11 Stirling Core Service 4

13 Telemetry 4 4 4 4 4 55 6 7

14 Stirling Core Stirling Console Stirling SQL DB SCOM Root Management Server (RMS) SCOM SQL DB SQL Reporting Server SQL Reporting DB Stirling Server Roles Software/Signature Deployment e.g. WSUS or SCCM (TYPICALLY ALREADY DEPLOYED BEFORE STIRLING) 250 – 2,500 Assets Up to 25,000 Assets Stirling Console Stirling Core SCOM (RMS) SQL Reporting Server Stirling SQL DB SCOM SQL DB SQL Reporting DB WSUS 4 1 2 1 Scaling Up…. Stirling Console Stirling Core SQL Reporting Server SCOM RMS SCOM SQL DB + Per 25,000 Assets Per 20,000 Assets 1 1 WSUS 1 1 Stirling SQL DB SQL Reporting DB 1 An asset is a computer with one of the Stirling protection technologies (FCS, FSE, FSSP and/or TMG) 1

15 Antivirus / Antispyware Dynamic Signature Service Device Control NAP Integration Vulnerability Assessment & Remediation Exchange Protection New Antimalware Capabilities New Antimalware Capabilities Advanced Antispam Sharepoint Protection Content Filtering Firewall Web (URL) Filtering HTTP/FTP AV Network Intrusion Prevention Remote Access NAP Integration Security Assessment Sharing Correlated Assessments Investigation Information Sharing Forefront Online Security for Exchange Mgmt Forefront “Stirling” Management Server & Console Host Firewall Mgmt New Antimalware Capabilities New Antimalware Capabilities

16 Next Version Codename „Stirling“

17 Integrated anti-virus/anti-spyware agent delivering real- time protection Uses Windows Filter Manager Maintains stable operation Scans viruses and spyware in real-time Dynamic Translation Unique to Microsoft agent Maximizes scanning speed: Decryption and code emulation of malware with speed of native code execution Other protection features: Tunneling signatures for detecting & removing rooktits Advanced system cleaning: Customized remediation (recreating registry entries, restoring settings) Event Flood Protection: Shields reporting infrastructure during outbreak from infected clients Heuristics for classifying programs based on behavior

18 Dynamic Signature Service Client and back end infrastructure Used when FCS detects an “interesting” and unknown program Enables customer to receive real time signatures via SpyNet This will narrow the FCS protection gap … of unknown threats without waiting for signature updates. for suspicious new binaries, without having to wait for regularly-scheduled signature updates.

19 CheckAssess Remediate NEW Detect common vulnerabilities and missing security updates Discover mis-configuration exposures Configure security checks parameter New checks: IE Security Setting, DEP, IIS Setting, and more… Compare system configuration against security best practices Assign score based on associated risk Surface issues found across the enterprise in real time Automatically remediate based on policy Integrate with NAP for compliance enforcement Remotely remediate from the management console

20 Firewall Management: Centralized management of the Windows Firewall Windows XP/2003, Windows Vista/2008 and Windows 7 Support Inbound and Outbound Filtering Configure Firewall Exceptions for Ports, Applications, Services Configure Network Location Profiles for Roaming Users Centralized Visibility: Firewall State in the Enterprise Sensors for Security Incident Detection Activity Monitoring Statistics

21 Next Version Codename „Stirling“

22 FSE-protected Exchange server DNSBL Service Provider Connecting Client 5. If hash fails or request comes in clear, NXDOMAIN will be returned back, DNS Query format example:  Connecting IP address: 131.107.88.67  Hashed query format: 123ASD098LKJ0192 -131.107.88.67.blocklist.messaging.microsoft.com  123ASD098LKJ0192 – hashed token  131.107.88.67 – original IP address  blocklist.messaging.microsoft.com – DNSBL service provider 2.FSE DNSBL agent constructs a DNS query with attached hashed token and sends the query to the DNSBL service provider, 3. DNSBL service provider validates the hash and responds to the query, 4. DNSBL provider will send the response in clear: If a match found, it will return 127.0.0.x code If no match found, NXDOMAIN will be returned INTERNET 1. DNSBL agents triggered by Connection request from the Internet, 6. DNSBL is totally transparent to administration – there is nothing to configure!

23  Fingerprinting algorithms applied to every incoming message  Relevant parts of the message are fingerprinted  Message reduced to anonymous fingerprints  Fingerprints do not indicate whether message is legitimate or spam  Fingerprints compared to local cache of known bad fingerprints  Cache data updated every 45 seconds  Match: message is identified as abuse  No match: Heuristics are applied.  No match & No heuristics: message is identified as legitimate Spam Legit. FSE-protected Exchange recipient Fingerprint Cache Reject

24 Monitoring

25 Firewall: Port Exception Forefront for SharePoint: Malware Incidents Forefront for Exchange: Quarantine Items NAP: Computers with restricted network access Policy Deployment: User Status Authorized Software Management: Unknown Applications Security Updates: Approved and Missing Client Antimalware: Protection Coverage Security Assessment Check: Failed Remediation Client Antimalware: Affected Assets One stop shop to know if “you are secure” Measure Secure risk across all assets Risk = Security State X Asset Value Across protection technologies Clients, Servers, Network Granular visibility deep into each layer Drill down into every report and control 60+ customizable controls

26 Dominik Zemp TSP Security Microsoft Switzerland

27 H1 2009 Client and Server OS ServerApplications Network Edge Integrated Security System NEW NEXT NEW BETA 1 H1 2008 Q4 2009 NEXT BETA 1 BETA 2 H1 2010 NEXT

28 Forefront Team Blog http://blogs.technet.com/forefront Microsoft Forefront Server Security Blog http://blogs.technet.com/fss Forefront Server Security Support Blog http://blogs.technet.com/fssnerds/ Forefront Client Security Team Blog http://blogs.technet.com/clientsecurity Forefront Client Security Support Blog http://blogs.technet.com/fcsnerds Microsoft Malware Protection Center Blog http://blogs.technet.com/mmpc The Microsoft Security Response Center (MSRC) http://blogs.technet.com/msrc/ Security Research & Defense http://blogs.technet.com/srd/

29

30 Presentations TechDays: www.techdays.ch MSDN Events: http://www.microsoft.com/switzerland/msdn/de/presentationfinder.mspx MSDN Webcasts: http://www.microsoft.com/switzerland/msdn/de/finder/default.mspxwww.techdays.chhttp://www.microsoft.com/switzerland/msdn/de/presentationfinder.mspxhttp://www.microsoft.com/switzerland/msdn/de/finder/default.mspx MSDN Events MSDN Events: http://www.microsoft.com/switzerland/msdn/de/events/default.mspx Save the date: TechEd 2009 Europe, 9-13 November 2009, Berlinhttp://www.microsoft.com/switzerland/msdn/de/events/default.mspx MSDN Flash (our by weekly newsletter) Subscribe: http://www.microsoft.com/switzerland/msdn/de/flash.mspxhttp://www.microsoft.com/switzerland/msdn/de/flash.mspx MSDN Team Blog RSS: http://blogs.msdn.com/swiss_dpe_team/Default.aspxhttp://blogs.msdn.com/swiss_dpe_team/Default.aspx Developer User Groups & Communities Mobile Devices: http://www.pocketpc.ch/ Microsoft Solutions User Group Switzerland: www.msugs.ch.NET Managed User Group of Switzerland: www.dotmugs.ch FoxPro User Group Switzerland: www.fugs.chhttp://www.pocketpc.ch/www.msugs.chwww.dotmugs.chwww.fugs.ch

31 Presentations TechDays: www.techdays.chwww.techdays.ch TechNet Events TechNet Events: http://technet.microsoft.com/de-ch/bb291010.aspx Save the date: TechEd 2009 Europe, 9-13 November 2009, Berlinhttp://technet.microsoft.com/de-ch/bb291010.aspx TechNet Flash (our by weekly newsletter) Subscribe: http://technet.microsoft.com/de-ch/bb898852.aspxhttp://technet.microsoft.com/de-ch/bb898852.aspx Schweizer IT Professional und TechNet Blog RSS: http://blogs.technet.com/chitpro-de/http://blogs.technet.com/chitpro-de/ IT Professional User Groups & Communities SwissITPro User Group: www.swissitpro.ch NT Anwendergruppe Schweiz: www.nt-ag.ch PASS (Professional Association for SQL Server): www.sqlpass.chwww.swissitpro.chwww.nt-ag.chwww.sqlpass.ch

32 7. – 8. April 2010 Congress Center Basel

33 Classic Sponsoring Partners Media Partner Premium Sponsoring Partners

34

Download ppt "Dominik Zemp TSP Security Microsoft Switzerland"

Similar presentations

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Microsoft Forefront Client Security

Microsoft Forefront Client Security
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.

Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.

Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Windows Defender Next Generation Anti-malware

Windows Defender Next Generation Anti-malware
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Laurent Bugnion Senior User Experience Developer IdentityMine.

Laurent Bugnion Senior User Experience Developer IdentityMine.
Bernd Schneider Technical Solution Professional - BI Microsoft Schweiz.

Bernd Schneider Technical Solution Professional - BI Microsoft Schweiz.
Urs P. Küderli Principal Security Architect Microsoft.

Urs P. Küderli Principal Security Architect Microsoft.
Christian Binder Senior Platform Strategy Manager Microsoft.

Christian Binder Senior Platform Strategy Manager Microsoft.
Ronnie Saurenmann Microsoft Switzerland

Ronnie Saurenmann Microsoft Switzerland
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Jayesh Mowjee Security Consultant Microsoft Session Code: SIA203.

Jayesh Mowjee Security Consultant Microsoft Session Code: SIA203.
Agenda Next Generation Antispam Protection Forefront Overview Forefront Security for Exchange Server Forefront Online Security for Exchange Hybrid Software.

Agenda Next Generation Antispam Protection Forefront Overview Forefront Security for Exchange Server Forefront Online Security for Exchange Hybrid Software.

Similar presentations

Ads by Google