Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yusuf Joosub Security Management SSP Microsoft Session Code: SIA302.

Published byBlaze Lee Modified over 8 years ago

Similar presentations

Presentation on theme: "Yusuf Joosub Security Management SSP Microsoft Session Code: SIA302."— Presentation transcript:

1

2 Yusuf Joosub Security Management SSP Microsoft Session Code: SIA302

3 Business Ready Security Help securely enable business by managing risk and empowering people Highly Secure & Interoperable Platform Block from: Enable CostValue SiloedSeamless to:

4 Current Security & Access Challenges Even best-of-breed stand-alone protection is not enough With current silo technologies, data breaches still occur They come from combinations of events They can take months to discover and weeks to mitigate Source: 2008 Data Breach Investigations Report. Verizon Business http://www.verizonbusiness.com/resources/security/databreachreport.pdf Life-cycle of a data breach attack

5 Central Management Server Central Management Server Forefront Code Name "Stirling" Network Edge Server Applications Client & Server OS An integrated security s uite that delivers comprehensive protection across endpoint, application servers, and the edge that is easier to manage and control. Code Name “Stirling” Third-Party Partner Solutions Other Microsoft Solutions Active Directory Network Access Protection Unified Management In-Depth Investigation Enterprise-Wide Visibility Security Assessment Sharing (SAS)

6 Comprehensive Protection Multiple industry-leading detection technologies for advanced protection against viruses, spyware, spam, and web-based threats End to end coordinated protection across multiple products with correlated analytics and health assessment Support from industry-leading malware research and response Code Name “Stirling” Simplified Management Single console for managing endpoint, collaboration, on-premise and cloud messaging server security for policy configuration Enterprise-wide visibility and reporting of threats and vulnerabilities to enable compliance Automated risk assessment with prioritized view of threats for easy investigation, auditing and faster responses Integrated Security Integrated multilayered protection that optimizes performance and resource efficiency Integrates with existing Microsoft Infrastructure for operational efficiency Enables third party technology partners to interoperate for improved real time visibility

7 Comprehensive Protection Simplified Management Integrated Security

8 Stirling Server Roles Stirling Core Role Stirling Core DB Hosts the Stirling Core service Policy and rules engine Stirling CDA Role Collection, Distribution and Assessments Stirling CDA DB Installed on the System Center Operations Manager 2007/R2 server Stirling Reporting Role Stirling Data Warehouse (DWH) DB Hosts Stirling reports

9 Protecting Stirling End Points Forefront Client Security v2 Antimalware Windows Firewall (FW) management Security State Assessments (SSA) Forefront Server Security for Exchange Forefront Server Security for SharePoint Forefront Threat Management Gateway Forefront Stirling Agent Allows protection technologies to plug in “adapters” (APTA’s) to the Agent

10 Stirling End Point Agent Operations Manager Agent Stirling Agent AM APTA FW APTA SSA APTA FSE APTA FSSP APTA TMG APTA AM Engine WindowsFWWindowsFW SSA Engine FSE Engine TMG Engine

11 Comprehensive Protection Simplified Management Integrated Security

12 Unified Management Model Single policy management model One policy management experience that covers multiple policy targets Single policy engine RSOP calculation engine Single asset management experience Flexible grouping Targeting Centralized discovery Users from AD Machines from System Center Common wizards for complex tasks Group 1 Group 2 Group 3 RSOP Policy

13 Microsoft Confidential Get-FSysGroup [-Ref ] [-AssetTypeRef ] [-SessionRef ] Set-FSysGroup -Ref [-Definition ] [-Description ] [-Name ] [-Notes ] [-SessionRef ] [-Tag ] Remove-FSysGroup -Ref [-Force ] [-SessionRef ] Stirling console 100% built on Powershell Everything available in the UI is scriptable Delivers even greater manageability Enable automation of tasks 100+ Cmdlets in the system Create, modify, delete groups Trigger reports Example: A Powershell script can automatically create reports on a regular basis to meet compliance requirements

14 Stirling Server Roles Stirling Core Stirling Console Stirling SQL DB SCOM Root Management Server (RMS) SCOM SQL DB SQL Reporting Server SQL Reporting DB Software/Signature Deployment e.g. WSUS or SCCM (TYPICALLY ALREADY DEPLOYED BEFORE STIRLING) 250 – 2,500 Assets Up to 25,000 Assets Stirling Console Stirling Core SCOM (RMS) SQL Reporting Server Stirling SQL DB SCOM SQL DB SQL Reporting DB An asset is a computer with one of the Stirling protection technologies (FCS, FSE, FSSP and/or TMG) Up to 50,000 Assets Stirling Console Stirling Core SQL Reporting Server SCOM RMS + SCOM SQL DB 25,000 Assets 25,000 Assets Stirling SQL DB SQL Reporting DB 1 Server Topology 2 Server Topology 6 Server Topology 25,000 Assets 25,000 Assets SCOM RMS + SCOM SQL DB

15 Stirling Architecture

16 Comprehensive Protection Simplified Management Integrated Security

17 Forefront Security for SharePoint Forefront Security for Exchange Forefront Client Security Forefront Threat Management Gateway (ISA) Management Console Network Edge Server Applications Client & Server OS Third-PartySolutions ActiveDirectory NAP SHARED INFORMATION ACTION ACTION SAS Shared Assessments

18 Trusted Services Technologies (protection & other) part of the system Generate Security Assessments Based on domain specific data Based on assessments from others Generate Security Assessments Based on domain specific data Based on assessments from others Take local actions Consume Assessments from others Provide visibility for monitoring & investigation SAS Third Party Solutions Secure Communication Channel Who: User, Computer (IT Asset) What: Compromised / Vulnerable What else: Confidence Level, Severity, Temporary Security Assessment A conclusion about the observed security state on an IT asset Layered Protection across the organization Protection technologies that work together Protection technologies that share security information Protection technologies that take action together

19 DNS Reverse Lookup Edge Protection Log Network Admin Edge Protection Client Security Hours? Days? Weeks? Client Computer User Desktop Admin Manual Action: Launch a scan WEB Phone and E-mail Manual Action: Disconnect the computer Silo Approach Slows Response Example Malicious Web Site Solution silos slow response, increase exposure

20 Admin Client Security Client ComputerEnd User Admin WEB The Answer: Security Assessment Sharing (SAS) How "Stirling" delivers integrated and coordinated protection Respond and mitigate in just minutes Malicious Web Site 2-3 min Admin Security Assessments Sharing Alert Forefront TMG Stirling Core Automated Response Scan Quarantine Block IM Block E-mail No admin intervention required TMG identifies malware on DEMO-CLT1 computer attempting to propagate (Port Scan) FCS identifies User has logged on to Laptop NAP Active Directory Forefront Server for: Exchange SharePoint OCS

21 Security investigation Specific period of time On specific computers or users Allow investigator to drill in to appropriate level of detail SASSAS Third Party Solutions Risk Assessments Additional information Raw data Distributed query Raw data

22

23

24

25 Monitoring and Reporting Monitoring dashboard Rich graphical controls Alerts Security Status at a Glance Fully customizable Drill down model Rich reporting infrastructure In the box reports SRS infrastructure for custom reporting DW model

26 Microsoft Confidential Firewall: Port Exception Forefront for SharePoint: Malware Incidents Forefront for Exchange: Quarantine Items NAP: Computers with restricted network access Policy Deployment: User Status Authorized Software Management: Unknown Applications Security Updates: Approved and Missing Client Antimalware: Protection Coverage Security Assessment Check: Failed Remediation Client Antimalware: Affected Assets One stop shop to know if “you are secure” Measure Secure risk across all assets Risk = Security State X Asset Value Across protection technologies Clients, Servers, Network Granular visibility deep into each layer Drill down into every report and control 60+ customizable controls:

27 Microsoft Confidential Install Missing Security Updates Force Reboot NAP Evict a computer Trigger a quick scan FSE: Update Signatures FSSP: Add user to block list Block unknown application FSSP: Delete Quarantine File Get Public Folders Get Exchange Role Turn on UAC FSE Start Scan Alerts: events requiring administrator’s attention Via email, page, IM or alert view in the console Generated by Managed Assets (e.g., FSE engine failed to update) Generated by “Stirling” core System (e.g., System hasn’t been configured) Generated by SAS (e.g. Computer is compromised Granular visibility deep into each layer) Resolutions: “Stirling” can automatically cancel alerts that have been Automatically mitigated Stopped occurring Administrator can manually execute tasks to remediate alerts Tasks can be triggered from alerts view or any other report/control 50+ tasks can be remotely triggered in the system

28 Partnering with Stirling

29 Partner Interfaces SDK.NET Framework classes Microsoft platforms only Manages state, communications Protocol Web service protocol Allows cross-platform interoperability

30 Forefront "Stirling" Partners

31 Summary Stirling is an integrated enterprise security system that delivers comprehensive, coordinated protection with simplified management and critical visibility across clients, servers, and the network edge.

32 www.microsoft.com/teched International Content & Community http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification & Training Resources Resources Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings from Tech-Ed website. These will only be available after the event. Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings from Tech-Ed website. These will only be available after the event. Tech ·Ed Africa 2009 sessions will be made available for download the week after the event from: www.tech-ed.co.zawww.tech-ed.co.za

33

34 © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Yusuf Joosub Security Management SSP Microsoft Session Code: SIA302."

Similar presentations

Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.

Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.
Microsoft Forefront Client Security

Microsoft Forefront Client Security
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA403 Donny Rose Senior Program Manager.

David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA403 Donny Rose Senior Program Manager.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
As Never Seen Before Ronen Gabbay Microsoft Exchange Regional Director U-BTech & Hi-Tech CTO.

As Never Seen Before Ronen Gabbay Microsoft Exchange Regional Director U-BTech & Hi-Tech CTO.
Damian Leibaschoff Support Escalation Engineer Microsoft Rod White Support Engineer Microsoft.

Damian Leibaschoff Support Escalation Engineer Microsoft Rod White Support Engineer Microsoft.
Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.

Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.
Tech·Ed North America /19/2017 7:21 AM

Tech·Ed North America /19/2017 7:21 AM
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Jayesh Mowjee Security Consultant Microsoft Session Code: SIA203.

Jayesh Mowjee Security Consultant Microsoft Session Code: SIA203.
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
Ved Christian Stahl, Microsoft Enterprise Services Forefront Codenname ”Stirling”

Ved Christian Stahl, Microsoft Enterprise Services Forefront Codenname ”Stirling”
SYSTEM CENTER: ENDPOINT PROTECTION FUNDAMENTALS Howard A. Carter III Senior Consultant Microsoft Consulting Services September 21, 2013 TechGate 2013 –

SYSTEM CENTER: ENDPOINT PROTECTION FUNDAMENTALS Howard A. Carter III Senior Consultant Microsoft Consulting Services September 21, 2013 TechGate 2013 –
Srinivas L Technology Specialist – Security | Microsoft

Srinivas L Technology Specialist – Security | Microsoft
Walter Pitrof Technology Solution Professional Microsoft Switzerland Backup, Restore und Disaster Recovery mit Data Protection Manager 2012 Philipp Witschi.

Walter Pitrof Technology Solution Professional Microsoft Switzerland Backup, Restore und Disaster Recovery mit Data Protection Manager 2012 Philipp Witschi.
Identity and Access Management Business Ready Security Solutions.

Identity and Access Management Business Ready Security Solutions.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Similar presentations

Ads by Google