![Page 1: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/1.jpg)
![Page 2: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/2.jpg)
![Page 3: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/3.jpg)
Malware
Compliance
SharePoint Security
Forefront/SharePoint Better Together Security
Premium Antimalware Protection Keyword and File Filtering Restore Quarantine Scalability and Performance
Demo Microsoft® Forefront™ Protection 2010 for
SharePoint: Key Scenarios
![Page 4: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/4.jpg)
Risks
![Page 5: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/5.jpg)
Across on-premises & cloud
Highly Secure & Interoperable Platform
Identity Protect everywhere, access anywhere
Simplify the security experience, manage compliance
Block
from:
Enable
Cost Value
Siloed Seamless
to:
Help securely enable business by managing risk and empowering people
Integrate and extend security across the
enterprise
![Page 6: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/6.jpg)
Enable more secure business collaboration from virtually any location or device,
while preventing unauthorized use of confidential information
• Provide more secure, always-on access
• Protect sensitive information
• Best-in-class anti-malware
• Enterprise-wide visibility
• Easier partner management
PROTECT everywhere
ACCESS anywhere
INTEGRATE and
EXTEND security
SIMPLIFY security,
MANAGE compliance
• Deep Microsoft SharePoint and Office integration
• Standards-based interoperability
![Page 7: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/7.jpg)
Features Summary
Protection for MOSS 2010, MOSS 2007 and Windows SharePoint Services
Multiple Antimalware Engines
Keyword and File Filtering
Scan RMS Protected Repositories
Restore Quarantined Files
Container : Zip, OpenXML, RAR, etc
Native 64-bit Implementation
Friendly user interface
PowerShell Support
![Page 8: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/8.jpg)
Internet
Malware
Inappropriate
Content
Web Front End
Microsoft® SQL Server®
Malware
Inappropriate Content
Firewall
External SharePoint
Users
Internal
SharePoint Users
Web Front End
FPSP Deployment Infrastructure
Extranet Intranet
Web Application
Servers
![Page 9: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/9.jpg)
SharePoint
Databases
SharePoint
Web Front-End
Servers
Forefront
Protection for
SharePoint
1
Upload
Scenario
2
3
4
SharePoint
Databases
SharePoint
Web Front-End
Servers
Forefront
Protection for
SharePoint
1
5
3
4
Download
Scenario
2
6
![Page 10: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/10.jpg)
Scan Process
Workload (SharePoint/Exchange/OCS)
Forefront Scanning Architecture
File Navigators Keyword
File Filtering Engines
Quarantine and Actions
Antimalware engine adapters
Antivirus
Antispyware
![Page 11: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/11.jpg)
Scanning Types
Realtime Scan
Scan triggered through the SharePoint VSAPI
Scheduled Scan
Schedule can be set for off hours scanning of selected SharePoint sites
On-Demand Scan
Immediate scanning of individual sites
![Page 12: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/12.jpg)
Antimalware Scanning
Antivirus Scanning
Multi engines
Available with all 3 scanning types
Antispyware Scanning
Microsoft Antimalware Engine
Only available for Realtime scanning
![Page 13: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/13.jpg)
Rapid response
to new threats
Fail-safe protection
through redundancy
Diversity of antivirus
engines and
heuristics
Response time1 (in hours)
WildList
Number
Malware
Name
Forefront
Engines Vendor A Vendor B Vendor C
07/09 autorun_itw702.ex_ 0.00 0.00 0.00 0.00
07/09 autorun_itw713.ex_ 0.00 65.50 16.33 76.02
07/09 buzus_itw16.ex_ 0.00 28.40 19.38 38.27
07/09 koobface_itw116.ex_ 0.00 0.00 7.22 532.87
07/09 koobface_itw135.ex_ 25.52 36.13 10.95 41.87
07/09 koobface_itw136.ex_ 0.00 20.32 3.75 1213.67
07/09 koobface_itw137.ex_ 0.00 0.00 0.00 0.00
07/09 koobface_itw155.ex_ 0.00 27.17 34.77 133.02
07/09 sdbot_itw2696.ex_ 0.00 87.42 117.83 214.27
08/09 autoit_itw111.ex_ 0.00 0.00 0.00 0.00
08/09 bspread_itw1.ex_ 2.05 576.33 363.55 591.28
08/09 kolab_itw22.ex_ 2.27 306.47 55.57 58.45
08/09 kolab_itw24.ex_ 0.00 127.72 10.63 81.47
08/09 koobface_itw172.ex_ 0.00 0.00 0.00 0.00
08/09 koobface_itw175.ex_ 0.00 0.00 3.07 431.20
08/09 mytob_itw640.ex_ 1.55 614.92 576.05 629.87
08/09 onlinegames_itw116.ex_ 0.00 0.00 0.00 0.00
08/09 palevo_itw3.ex_ 2.27 51.50 27.77 57.08
08/09 spybot_itw290.ex_ 13.07 59.78 0.00 115.53
09/09 autorun_itw768.ex_ 0.00 16.60 194.65 0.00
09/09 autorun_itw774.ex_ 0.00 19.17 196.33 739.45
09/09 autorun_itw775.ex_ 0.00 0.00 0.00 0.00
09/09 buzus_itw20.ex_ 0.00 72.03 1.48 84.23
09/09 buzus_itw21.ex_ 0.00 20.03 14.22 209.40
09/09 palevo_itw5.ex_ 0.00 18.57 200.07 410.50
09/09 sdbot_itw2701.ex_ 0.00 33.93 101.22 19.47
09/09 vb_itw142.ex_ 0.00 0.00 0.00 0.00
** 0.00 denotes proactive detection 1 Source: AV-Test.org 2009 (www.av-test.org)
Single-engine solutions
Less than 5 hours
5 to 24 hours
More than 24 hours
![Page 14: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/14.jpg)
Keyword Filtering
Searches documents for matches to keywords in selected lists
Can be imported from an existing file
Can filter phases
Support operators: AND, OR, NOT
Actions: SkipDetect, Delete, Suspend
![Page 15: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/15.jpg)
File Filtering
Filter by name, type, or size *.exe, *.doc, *>10mb
Filters can be combinations of size, name and type <photo1.jpg>10mb, *.mp3>5mb, *>10mb
Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM and BAT
Actions: SkipDetect, Suspend(Realtime), Delete(Scheduled/OnDemand)
![Page 16: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/16.jpg)
Filter Rules:
Delete *.exe
Quarantine
Container behavior (zip, rar, etc)
Forefront scans within ZIP and other compressed formats and deletes only the offending file
Container file
before scan
EXE DOC
JPG BMP
Container file
after scan
TXT DOC
JPG BMP
Custom deletion text
Quarantine
EXE
![Page 17: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/17.jpg)
Performance and Impact
In http://office deployment, measured at 12-15% overhead
Average less than 1 second per file overhead on file access requests (upload and download).
~80% speed improvement scanning Office 2007 documents
![Page 18: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/18.jpg)
Scalability Improvements
More efficiently normalizing strings for keyword filtering
Reductions in context switching
More efficient use of machine resources to allow scanning of larger files
Native 64-bit implementation takes advantage of systems with more than 4GB of memory
![Page 19: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/19.jpg)
http://technet.microsoft.com/en-us/library/ee707326.aspx
![Page 20: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/20.jpg)
![Page 21: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/21.jpg)
Feature FPM FSSMC Service Pack
(FPE 2010, FPSPS 2010)
FSSMC
Legacy Products
Server Discovery
(Workload and Product)
Server Grouping
Remote Deployment
(Management Agent)
Remote Deployment (Product)
Policy Deployment
In-line Policy Editing Partial
Quarantine Administration
Signature Redistribution
Alerts
Hybrid Management
Cluster Management
Licensing and Activation
Centralized Reporting
Manual & On Demand Scan
Rich Reporting TBD
Log Collection
Technology
SQL Support Standard - 2008 Express – 2005 & 2008
UI Architecture .NET
Thick Client
Web
(ASP.NET)
Reporting Architecture SQL Standard SRS SQL Express SRS + Custom Custom
Communications Channel SCOM WCF / WS DCOM
![Page 22: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/22.jpg)
![Page 24: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/24.jpg)
Major players: TrendMicro, McAfee, Symantec
Support for MOSS 2007, 2003 and Windows SharePoint Services
Scan for Malware
Some with File Filtering and Rules Engine
![Page 25: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/25.jpg)
http://technet.microsoft.com/en-us/library/cc482990.aspx
http://blogs.technet.com/FSS/
http://technet.microsoft.com/en-us/library/dd639425.aspx
![Page 26: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/26.jpg)
![Page 27: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/27.jpg)
![Page 28: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/28.jpg)
Play the TAG Game and Win Exciting Prizes!
http://gettag.mobi
![Page 29: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/29.jpg)
![Page 30: SIP310 - Forefront Protection 2010 for SharePoint · EXTEND security SIMPLIFY security, MANAGE compliance Deep Microsoft SharePoint ... Web Front End FPSP Deployment Infrastructure](https://reader036.vdocuments.net/reader036/viewer/2022071211/6023ce72e56af160a5440bfd/html5/thumbnails/30.jpg)