Download - On Premises Protection Technologies
Forefront for OfficeOn-Premises Protection Technologies
Curtis ParkerProduct ManagerMicrosoft Corporation
al 1
Agenda
• Introduction to Microsoft® Forefront® Protection for Microsoft® Office
• On-premises secure messaging: Microsoft Forefront Protection for Exchange Server 2010– Protecting your email
• Secure collaboration– Protecting your collaboration portals
• Management experience– Improved security management (multiple-
server support)
Introduction to Forefront Protectionfor Office
Forefront for Office Products
• Aligning protection with the workloads
Forefront for Office Products Overview
Forefront server protection solutions help businesses protect their messaging and collaboration servers against viruses, worms, spam, and inappropriate content
Comprehensive protection
• Multiple scan engines at multiple layers throughout the corporate infrastructure provide maximum protection against email and collaboration threats
• Multiple-layer premium antispam
• Tight integration with Exchange and SharePoint maximizes availability and performance
Integration with Exchange and
SharePoint
Simplified management
• Easy-to-use management console provides central configuration and operation, automated scan engine signature updates, and reporting at the server and enterprise level
• Forefront Online Protection for Exchange• Exchange hosted encryption
• Forefront Protection 2010 for Exchange Server • Forefront Protection 2010 for SharePoint®
• Forefront Security for Office Communications Server• Forefront Protection Server Management Console
2010
On-Premises Secure Messaging: Forefront Protection for Exchange Server 2010
Protecting your email
Gartner Magic Quadrant for Secure Email Gateways
This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Microsoft.The Gartner Magic Quadrant is copyrighted by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
-- Gartner, Inc. Magic Quadrant for Secure E-Mail Gateways, Peter Firstbrook, Eric Ouellet, April 27, 2010.
Forefront Protection 2010 for Exchange Server:Industry-Leading Performance• West Coast Labs:
– Spam catch rate above 99 percent
– Premium antispam certification
• Virus bulletin: Continuous live spam catch rate above 99 percent:– 99.77% (September 2009)– 99.46% (November 2009)– 99.32% (January 2010)– 99.86% (March 2010)– 99.93% (May 2010)– 99.96% (July 2010)
July 2010
• Rapid response
to new threats• Fail-safe
protection through redundancy
• Diversity of antivirus engines and heuristics** 0.00 denotes proactive detection
1 Source: AV-Test.org (www.av-test.org)
The Multiple Engine Advantage
Forefront (5 Engines)Forefront (3 Engines)
G DataEset Nod32
AntiVirKaspersky
SunbeltF-Secure
MicrosoftIkarus
BitDefenderTrend Micro (Cons.)
WebrootSophosFortinet
AVGFortinet (BETA)
PandaVirusBuster
McAfee (BETA)McAfee
K7 ComputingQuickHeal
VBA32Symantec (BETA)
SymantecNormanDr.Web
AvastPC Tools
RisingTrend Micro (CPR)
Trend MicroCA-AV
AuthentiumF-Prot
ClamAV
0 200 400 600 800 1000 1200 1400 1600 1800
Average Response Times including Proactive Detections WildList 10/2010, 11/2010, and 12/2010
(the less, the better)
Protect Messages from Malware
Microsoft solution“Defense in depth”Competitors’ solutions
On premises or in the cloud
Automatic engine updates
Single engine Multiple engines
99 percent spam detection*
* With premium antispam services
38 times faster
An AV test of consumer antivirus products revealed:• On average, Forefront engine sets
provided a response in 3.1 hours or less• Single-engine vendors provided responses
in 5 days, 4 days, and 6 days, respectively
Scanning and Architecture Strategy
• For maximum protection, deploy Forefront Protection for Exchange Server on all Exchange Server roles
• To optimize server performance, implement a scanning strategy by using one or more of the following tips:– Antimalware stamp ensures a message is scanned only
once– Enable antispam scanning on the edge transport servers
and disable on hub transport and mailbox servers– Use different scan engines on different servers– Deploy both edge transport and hub transport servers
• Forefront Protection for Exchange Server will scan and stamp inbound mail on the edge server
• Forefront Protection for Exchange Server will scan and stamp outbound mail on the hub transport server
• Internal mail is scanned and stamped on the hub transport server
Forefront Protection 2010 for Exchange Server
Protection availability:• Exchange 2010• Exchange 2007 SP1
Enterprise network
External mail
Unified messaging
Voice mail and voice access
Hub transportRouting and policy
Web browser
Outlook (remote user)
Mobile phone
Outlook (local user)
Line of business applications
MailboxStorage of
mailbox items
Phone system (PBX or VOIP)
Edge transport
Client accessClient connectivity
Web services
Scanning Capabilities
• Transport scan– Scans email messages that are inbound or outbound
from an Exchange transport stack and all internal mail
• Real-time scan– Scans email messages and attachments that are
accessed in mailboxes and public folders on your Exchange server
• Scheduled scan– Similar to real-time scanning, scanning occurs in the
Exchange information store. Scheduled scans are typically used to scan the entire information store
• On-demand scan– Typically used to immediately scan specific mailboxes to
localize a known issue
Exchange 2010
+ Forefront Protection for
Exchange ServerBenefits
Connection filtering
Forefront DNS block list
• Aggregated RBL data from multiple external and internal vendors
• No configuration required
Protocol filtering
Unified management • Consolidated connection/sender/recipient/sender ID filtering for simplified management
Backscatter filter • Blocks NDR (backscatter) spam
Content filtering
Cloudmark Authority Engine (CMAE)
• Option of alternative third-party content filter • Above 99 percent detection rate• No configuration required (installs with smart defaults)
Forefront true type file filtering
• Real file type inspection (not just extension)• Actionable scanning of nested files/within ZIP
Global exception lists • Single access point to sender and recipient exception lists (allow and block actions)
Streamlined SCL • Less ambiguous ratings for fewer false positives end to endHybrid model • Integration with Forefront Online Protection for Exchange
Forefront Protection for Exchange Server Antispam Functional Highlights
Keyword Filtering
• Searches the message body for matches to keywords in selected lists
• Can be imported from an existing file• Can filter phrases• Support operators: AND, OR, NOT• Actions: SkipDetect, Delete, Suspend
File Filtering
• Filter by name, type, or size– *.exe, *.doc, *>10mb
• Filters can be combinations of size, name, and type– <photo1.jpg>10mb, *.mp3>5mb, *>10mb
• Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM, and BAT
• Actions: SkipDetect, Suspend (Realtime), Delete (Scheduled/OnDemand)
Filter rules: Delete *.exe
Quarantine
Container Behavior (ZIP, RAR, etc.)
• Forefront scans within ZIP and other compressed formats and deletes only the offending file
Container file before scan
EXE DOC
JPGBMP
Container file after scan
TXT DOC
JPGBMP
Custom deletion text
Quarantine
EXE
DEMOForefront Protection 2010 for Exchange Server
Hybrid Messaging Protection
Antivirus and antispam protection for Exchange Server 2010/Exchange Server 2007 server roles
On-premises softwareOnline
Antimalware Antispam Management
Forefront Online Protection for Exchange
• Symantec• Authentium• Kaspersky
• Inbound messaging hygiene• Stop foreign spam• Outbound spam mitigation
• Antispam feedback Loop• Message tracing• IT administrator improvements
Forefront Protection 2010 for Exchange Server
• MS AV + Antispyware• Kaspersky• Authentium• Virus Buster• Norman
• Internal mail filtering• Third-party content filtering
• Forefront Protection Server Management Console
SMTP
Exchange Server
Edge Role Hub Role Mailbox Role
Internet
Hybrid Messaging Protection
• Antispam replication– Up to 19 settings
• Quarantine– Cloud or on premises
• Content rescan– Antispam– Antivirus
Comparing Forefront Protection for Exchange Server and Forefront Online Protection for Exchange
Forefront Protection for Exchange Server
Forefront Online Protection for Exchange
Antispam • 98 percent catch rate• Content inspection engine
• DNS block list• Allow/block lists• Backscattering support • Connection filtering • SMTP filtering• SCL rating
• 98 percent SLA• SmartScreen technology from Hotmail,
in-house fingerprinting system• DNS block list• Allow/block lists• Backscattering support• Connection filtering
• Directory-based edge blocking• Protocol and directory blocks• Spamhaus SBL/XBL/PBL• Outlook safe senders list integration• Outlook junk reporting tool• Additional spam filtering options• Antispam Regex filters
Antimalware • Five antivirus engines• Antispyware protection• WormPurge feature• Transport scanning• Real-time scanning• Scheduled scanning• On-demand scanning
• Three antivirus engines• Antispyware protection• Heuristics • Edge scanning
Comparing Forefront Protection for Exchange Server and Forefront Online Protection for Exchange
Forefront Protection for Exchange Server
Forefront Online Protection for Exchange
Custom filtering
• Keyword• Case-sensitive keyword filtering• File name• File type• True file type• Scans inside attachments• Subject• Sender/domain• Sender ID filtering• Includes prepopulated lists
• Keyword
• File name• File type
• Subject• Sender/domain
• HIPAA rule set• Header
Spam quarantine
• On-premises quarantine• Managed by administrator only
• Web-based quarantine• Managed by administrators and end
users
Comparing Forefront Protection for Exchange Server and Forefront Online Protection for Exchange
Forefront Protection for Exchange Server
Forefront Online Protection for Exchange
Enterprise ready
• Integrated policy management via Forefront Protection Server Management Console
• Reporting• Improved performance and reliability• Configuration deployment• Scan engine and definition update
Deployment• Logging options
• Integrated policy management via Forefront Protection Server Management Console
• Reporting• 99.999 percent up time
• Real-time message trace• Disaster recovery
Optional components
• Active Directory Rights Management Services (AD RMS)
• Forefront Protection Server Management Console
• Exchange hosted encryption• Exchange hosted archive
Secure CollaborationProtecting your collaboration portals
The Need for SharePoint Protection
Customers
Affiliates
Partners
Suppliers
Contractors
Consultants
Employees
Repository Intranetsteam sites
Partnerportal
Extranet
With more users:• Security control decreases• Potential impact increases
Expanded uses:• Threat volumes increase• Types of threats increase
Risks
The Need for SharePoint Protection
Unified Application Gateway
Firewall
Microsoft® SQL Server® back end
Indexing server
Web front end
Management
InternalSharePoint users
External SharePoint users
Potential malware
Internet
Potential malware
Forefront Protection for SharePoint Feature Summary
• Protection for Microsoft Office SharePoint Server 2010, SharePoint 2007, and Windows SharePoint Services
• Multiple antimalware engines• Keyword and file filtering• Scan AD RMS protected repositories• Restore quarantined files• Container: ZIP, OpenXML, RAR, etc.• Native 64-bit implementation• Updated user interface• Windows PowerShell™ support
Integration with SharePoint
SharePointdatabases
SharePointweb front-end
servers
Forefront Protection for
SharePoint
VSAPI
1
Upload scenario
2
3
4
SharePointdatabases
SharePointweb front-end
servers
Forefront Protection for
SharePoint
VSAPI
1
5
3
4
Download scenario
Request
2
6
Scanning Types
• Real-time scan– Scan triggered through the SharePoint VSAPI
• Scheduled scan– Schedule can be set for off hours scanning of selected
SharePoint sites
• On- demand scan– Immediate scanning of individual sites
Forefront Protection for SharePoint Console
Forefront Protection for SharePoint Console
DEMOForefront Protection 2010 for SharePoint
Management ExperienceImproved security management
Management Options for Forefront Protection Servers
Standalone management
Forefront Management Console (Forefront
Protection for Exchange Server/Forefront
Protection for SharePoint)
Forefront Protection for Exchange
Server/Forefront Protection for
SharePoint, Windows PowerShell
New! Multiple-server management
Forefront Protection Server Script KitScripts for discovery, configuration, deployment, and reporting on Forefront Protection for Exchange Server and Forefront Protection for SharePoint• Free download:
http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=70a3fb33-a4bf-4a08-aa3c-cc05c81e4ee3
Forefront Protection Server Management Console 2010Multi-server management of Forefront Protection for Exchange Server and Forefront Protection for SharePoint in a single interface; additional support for Forefront Online Protection for Exchange• Free download:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=31f66155-50f0-4665-adc0-de94da027ed7
Simplified management• Manage multiple-server Forefront
Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint environments
• Server discovery and grouping• Product update and Forefront
Protection Server Management Console agent deployment
• Deploy policies to custom-defined groups of servers
• Manage cross-domain and nondomain servers from one console
• Firewall-friendly communication channel
• Signature redistribution for 32-bit and 64-bit engines
• Online integration with Forefront Online Protection for Exchange
Visibility and control
• Visibility into incidents across Forefront Protection for Exchange Server and Forefront Protection for SharePoint
• Real-time monitoring for security events
• User friendly dashboard view• Real-time and historical reports• Web-based interface for easier
access• License distribution and activation• Centralized quarantine
Enterprise ready
• Enterprise-ready scalability• Support for SQL Server scenarios• Business continuity for critical
functionality• Manage Forefront Protection for
Exchange Server on clusters (Exchange 2007 and Exchange 2010)
Built on Microsoft infrastructure• Windows Server 2008 R2• Hyper-V• Windows Communication Foundation
• Active Directory• SQL Server 2008• Internet Explorer 7.0 and Internet Explorer 8.0
Forefront Protection Server Management Console Capabilities
Forefront Protection Server Management Console Architecture Overview
Primary Forefront Protection Server
Management Console
Backup Forefront Protection Server
Management Console
Communication over Windows
Communication Foundation
Remote access
1. Add Forefront Protection for Exchange Server and Forefront Protection for SharePoint servers to Forefront Protection Server Management Console and deploy Agent
2. Upload policy to Forefront Protection Server Management Console and create jobs
3. Run jobs to deploy policy4. Retrieve quarantine and reporting data periodically
Continuous SQL replication
Forefront Protection Server Management Console 2010
• Release of localized versions
• No Antigen, Forefront Protection for Exchange Server/Forefront Protection for SharePoint down-level support
• No 32-bit support• No Forefront Server
Security Management Console single-server coexistence
• No Forefront Security for Office Communications Server support
H1 CY2011
Not supported
Area Features
System requirements • Windows Server 2008 R2 (native 64-bit) only• Support for SQL Server 2008 and later
Supported protection servers
• Forefront Protection 2010 for Exchange Server• Forefront Protection 2010 for SharePoint
Signature redistribution • 32-bit and 64-bit for Forefront Protection for Exchange Server/Forefront Protection for SharePoint
• Backup server for signature redistribution
Policy management and reporting
• Quarantine• Reporting• Configuration deployment• Engine and definition update deployment
Ease of use • Forefront Protection server discovery• Globalization and localization• Updated user experience (Similar to Forefront Protection for Exchange
Server/Forefront Protection for SharePoint/Forefront Online Protection for Exchange)
• Firewall/DMZ friendliness• Licensing support for Forefront Protection for Exchange
Server/Forefront Protection for SharePoint
Hybrid deployment • Launches Forefront Online Protection for Exchange administration, quarantine, reporting
• Utilizes Forefront Server Security Management Console codebase/features, with updated user experience and supports Forefront Protection for Exchange Server/ Forefront Protection for SharePoint
• Offers Forefront Online Protection for Exchange hybrid capabilities• Available for free download
Forefront Protection Server Management Console Console
• Installation options– Stand-alone server– Primary and backup server
• Access the Forefront Protection Server Management Console console by using Internet Explorer– http://<FPSMCserver>/FPSMConsole– HTTPS can be enabled by the administrator
• Initial access is limited to the installation administrator– Other users can be granted access through the console, but
they must be a local administrator, domain administrator, Exchange administrator, or enterprise administrator
– This is a change from Forefront Server Security Management Console
Forefront Protection Server Management Console Home Page
• Side navigation bar provides quick access to desired functionality
• At a Glance page provides 24-hour activity snapshot– Statistics broken
out by Exchange and SharePoint
– Top five viruses– Most active
servers• Highlighted
navigation and ‘breadcrumb bar’ for current location
Server Management
• Forefront Protection Server Management Console can manage domain-joined servers and non-domain-joined servers – E.g., edge servers, perimeter SharePoint deployments
• Automatic discovery of Forefront Protection for Exchange Server and Forefront Protection for SharePoint servers within Active Directory– Displayed under New Servers– Must be added to Forefront Protection Server Management
Console to be managed
• Non-domain-joined servers can be manually added– Need to enter FQDN
• Servers can be managed as groups
Management Agent
• Agent must be deployed to each Forefront Protection for Exchange Server/Forefront Protection for SharePoint server– Pushed out from Forefront Protection Server
Management Console server– Requires port 445 to be opened for agent deployment
• Local administrator credentials on target server needed
• Agent deployment status displayed in the console– Once successful, the Forefront version of the managed
server is displayed– Detailed logs available under Notification Logs
Job Management
• Four types of jobs:– Deployment job (policy and updates)– Signature redistribution job – Scheduled report job– Product activation job
• Jobs can be scheduled or run on demand• Jobs can be scoped to target a specific set of
servers– Configured by the administrator
Job Management
• Deployment (policy/update)– Policy deployments distribute Forefront Protection for
Exchange Server/Forefront Protection for SharePoint configuration files (XML format)• Partial policy enabled• Credentials, if applicable, must be entered
– Update deployment jobs will push out .exe and .msp files • Forefront Protection Server Management Console cannot
deploy the initial Forefront Protection for Exchange Server or Forefront Protection for SharePoint installation
• Signature redistribution– No jobs by default– Can customize jobs by engine and by target server(s)– Will download and then distribute
Job Management
• Scheduled report– Generates and emails reports: daily, weekly, or monthly– Sends all four available reports:
• Incident Detection• Spam Detection• Engine and Definition• New Servers
• Product activation– Activate evaluation Forefront Protection for Exchange
Server/Forefront Protection for SharePoint servers by deploying an activation key
– Renew expiring subscriptions by distributing new license key and expiration date
Online Integration
• Forefront Online Protection for Exchange Gateway can be specified in policies to be deployed to the servers
• Links to the Forefront Online Protection for Exchange Administration Center– Administration Center, Message Tracing, Hosted
Quarantine, and Reports
Quarantine Management
• Centralized management• Configurable retrieval period and polling interval
– Defaults to retrieving 5 days of records and polling every 15 minutes
• Broken out by Exchange and SharePoint– Enables delivery/restoration of false positives directly
from console – Results can be filtered for faster recovery
Reporting
• On demand– Incident detection, spam
detection, engine and definition version
– Report scope based on date range and desired servers
– Report includes distribution of detections, trending, and raw data
• Scheduled– Sent via email on a daily,
weekly, or monthly basis
Additional Resources/Announcements
Introducing Business Ready Security Demo 4.0i
• Business Ready Security 4.0i – New! Forefront Protection Server Management Console
RTW included– New! Forefront Protection Server Management Console
hands-on labs– New! Forefront Protection for Exchange/Forefront
Protection for SharePoint rollup updates• End-to-end demo environment
– All identity and security solutions/technologies – 7 GB zipped/installer package
• Demo scripts/architecture overview documentation provided
• Available as download: http://go.microsoft.com/fwlink/?LinkId=190269
• Distribution list: [email protected]
Business Ready Security Demo 4.0i
Business Ready Security Demo 4.0i
Solution Scenarios
Secure messaging Seamless, secure access through Forefront Unified Access Gateway (UAG)Automatically control confidential email with built-in information protectionProtect Exchange with multiple antimalware engines using Forefront Protection for ExchangeCentralized management experience with Forefront Protection for Server Management ConsoleMicrosoft Outlook Web Access 2010 integration with Active Directory Rights Management Services (AD RMS)Microsoft Outlook 2010 automatic protection
Secure collaboration solution Secure collaboration by using Active Directory Federation Services (AD FS)and AD RMS (for Partner employees)Protect your collaboration portal from malware infection using Forefront Protection for SharePointCentralized management experience with Forefront Protection for Server Management ConsoleSecure collaboration by using Forefront UAG (for internal employees)
Secure desktop solution Advanced threat protection with Forefront Threat Management Gateway2010Malware protection when not connecting to the company networkMalware protection using Forefront Protection for ExchangeForefront Protection for Exchange deployment and management using Microsoft System Center Configuration Manager Direct Access with Forefront UAG
Information protection solution Protect data-in-motion with Exchange 2010 and AD RMSProtect data-at-rest with SharePoint 2007, AD FS, and AD RMSProtect data-at-rest with File Classification Infrastructure (FCI) and AD RMS
Identity and access management solution
Group management with Forefront Identity Manager 2010 and OutlookSelf-service password reset with Forefront Identity Manager 2010
Links and Resources
Forefront site www.microsoft.com/forefront/
Forefront on TechNet http://technet.microsoft.com/en-us/library/ff684056.aspx Forefront videos on TechNet Edge
http://technet.microsoft.com/en-us/edge/ff832960.aspx?category=Forefront
Questions and Answers
• Submit text questions by using the Ask button• Don’t forget to fill out the survey• For upcoming and previously live webcasts, visit
www.microsoft.com/webcast • Got webcast content ideas? Contact us at
http://go.microsoft.com/fwlink/?LinkId=41781
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
55