Secure MessagingSecure Messaging

Nick Hall & James CliffordNick Hall & James Clifford

MicrosoftMicrosoft

Our Story Begins…..Our Story Begins…..

Once upon a time there was a man name Bill Z…..Once upon a time there was a man name Bill Z…..

The CompanyThe Company

1000 Users1000 Users

3 Locations3 Locations

8Mb Internet Pipe from HQ, 2 Smaller Branches8Mb Internet Pipe from HQ, 2 Smaller Branches

Windows 2003 InfrastructureWindows 2003 Infrastructure

Exchange 2003Exchange 2003

LCS 2005LCS 2005

SharePoint 2003SharePoint 2003

Mainly Web based activity for SalesMainly Web based activity for Sales

Setup of IT Infrastructure - HQSetup of IT Infrastructure - HQ

Live Live Communications Communications

ServerServer

SharePoint SharePoint ServerServer

Exchange & BES Exchange & BES ServersServers

Cisco Cisco FirewallFirewall

SendMailSendMail

VirusesViruses

WormsWorms

IM and IM and DocumentsDocuments

E-E-mailmail

Branch OfficesBranch Offices

Connection via WAN LinkConnection via WAN Link

Exchange Server in each BranchExchange Server in each Branch

BES Server LocallyBES Server Locally

Unmanaged ClientsUnmanaged Clients

UsersUsers

LaptopsLaptops

BlackberriesBlackberries

Tablet PC’sTablet PC’s

DesktopsDesktops

Internet Access (including Office Communicator)Internet Access (including Office Communicator)

OWAOWA

Threats / IssuesThreats / Issues

Viruses & WormsViruses & Worms

SpamSpam

Performance of Internet ConnectionPerformance of Internet Connection

Management of ProductsManagement of Products

Branches MachinesBranches Machines

Expensive WAN linksExpensive WAN links

Viruses & WormsViruses & Worms

Receiving viruses but cannot review themReceiving viruses but cannot review them

Recently got hit by a virus through IMRecently got hit by a virus through IM

AV updates once a dayAV updates once a day

SpamSpam

Marketing teams being targetedMarketing teams being targeted

Sales guys having problemSales guys having problem

IT guys get some but just deleteIT guys get some but just delete

Used to be 3 or 4 a day, now 12 to 20 a dayUsed to be 3 or 4 a day, now 12 to 20 a day

Getting charged for Spam being sent to the BlackberriesGetting charged for Spam being sent to the Blackberries

Performance of Internet ConnectionPerformance of Internet Connection

Users say times to access common everyday websites is Users say times to access common everyday websites is getting slowergetting slower

Emails taking a long time to be deliveredEmails taking a long time to be delivered

Cannot increase the size of the pipe to the internet as Cannot increase the size of the pipe to the internet as have no money in networking budgethave no money in networking budget

Management of ProductsManagement of Products

Have too many products to manage, can’t do from one Have too many products to manage, can’t do from one console.console.

Complicates the update process of the scan enginesComplicates the update process of the scan engines

Branches MachinesBranches Machines

Poor WAN links, no local WSUS or SUS servers so Poor WAN links, no local WSUS or SUS servers so updated manuallyupdated manually

AV updates not happening because taking too long to AV updates not happening because taking too long to download across the linksdownload across the links

Slow performance for users Slow performance for users

Expensive WAN LinksExpensive WAN Links

Have old slow links which are expensiveHave old slow links which are expensive

Have no money in networking budget to Have no money in networking budget to increase bandwidthincrease bandwidth

So What Can Microsoft Do ? So What Can Microsoft Do ?

Exchange Hosted Services (EHS)Exchange Hosted Services (EHS)

ISA ServerISA Server

AntigenAntigen

Exchange Hosted ServicesExchange Hosted ServicesInternetInternet

ContinuityContinuity

FilteringFiltering

EncryptionEncryption

Mail Mail FlowFlow

ArchivingArchiving

FirewaFirewallll

End UsersEnd Users

E-Mail E-Mail ServerServer

No onsite IT managementNo onsite IT management

Fastest response to threatsFastest response to threats

Centralized controlCentralized control

SMTP platform-agnosticSMTP platform-agnostic

Remember…Remember…

caching

Content filtering

application publishing

advanced application layer firewall

caching

content filtering

application publishing

advanced application layer firewall / vpn

ISA ServerISA Server

Antigen SolutionsAntigen Solutions

Live Live Communications Communications

ServerServer

SharePoint SharePoint ServerServer

Exchange ServersExchange Servers

ISA ISA ServerServer

Windows SMTP Windows SMTP ServerServer

VirusesViruses

WormsWorms

IM and IM and DocumentsDocuments

AntigeAntigenn

AntigeAntigenn

AntigeAntigenn

AntigeAntigenn

E-E-mailmail

AntigeAntigenn

Defence In DepthDefence In Depth

• Multiple Scan Engines (up to 9)Multiple Scan Engines (up to 9)

• Eliminates single point of failureEliminates single point of failure

• Reduces the window of opportunityReduces the window of opportunity

Scan Engine 1Scan Engine 1

Scan Engine 4Scan Engine 4

Scan Engine 2Scan Engine 2

Scan Engine 3Scan Engine 3QuarantineQuarantine

Remember…Remember…

Microsoft Proposed SetupMicrosoft Proposed Setup

Live Live Communications Communications

ServerServer

SharePoint SharePoint ServerServer

Exchange & BES Exchange & BES ServersServers

ISA ISA ServerServer

Exchange Front End Exchange Front End ServersServers

IM and IM and DocumentsDocuments

E-E-mailmail

AntigenAntigen

AntigenAntigen

AntigenAntigen

AntigenAntigenExchange Hosted Exchange Hosted ServicesServices

EHSEHS

So What Did EHS Do ?So What Did EHS Do ?

Reduced viruses in environment by scanning “In The Cloud”Reduced viruses in environment by scanning “In The Cloud”

Reduced Spam to almost zeroReduced Spam to almost zero

Increased bandwidth on internet pipe Increased bandwidth on internet pipe

Increased productivity of usersIncreased productivity of users

Visibility of whose receiving what, when and how oftenVisibility of whose receiving what, when and how often

So What Did ISA Do ?So What Did ISA Do ?

Reduced number of potential viruses by implementing packet Reduced number of potential viruses by implementing packet filtering at the gatewayfiltering at the gateway

Secured Exchange by publishing OWASecured Exchange by publishing OWA

Implemented VPN’s from Main to Branch officesImplemented VPN’s from Main to Branch offices

Implement BITS caching for software updates to Branch officesImplement BITS caching for software updates to Branch offices

Internet experience improved through caching of websitesInternet experience improved through caching of websites

Quarantine machines to a separate webserver for updatesQuarantine machines to a separate webserver for updates

So What Did Antigen Do ?So What Did Antigen Do ?

Protected the LCS, Exchange and SharePoint products from virusesProtected the LCS, Exchange and SharePoint products from viruses

Consolidation of AV products and managed centrallyConsolidation of AV products and managed centrally

Increased the number of scan engines used and therefore Increased the number of scan engines used and therefore protection levelsprotection levels

Produced reports on entire LCS, Exchange & SharePoint threats Produced reports on entire LCS, Exchange & SharePoint threats and mailed to management everydayand mailed to management everyday

Improved performance of all the servers due to the In Memory Improved performance of all the servers due to the In Memory ScanningScanning

Defense in DepthDefense in Depth

Technical SummaryTechnical Summary

Mail flow

FirewallInternet Exchange Client

MCP MCPEHS ISA

Important DatesImportant Dates

Q1 06 Q1 06

Antigen V 9.0 for Exchange/SMTP & AEM – BetaAntigen V 9.0 for Exchange/SMTP & AEM – Beta

Q2 06 Q2 06

EHS Launched EHS Launched

Antigen V 9.0 for Exchange/SMTP & AEMAntigen V 9.0 for Exchange/SMTP & AEM

Antigen for E12 – BetaAntigen for E12 – Beta

Q3 06 Q3 06

Antigen V 9.0 for IM/SharePointAntigen V 9.0 for IM/SharePoint

ISA 2006ISA 2006

Q4 06 Q4 06

Antigen for E12Antigen for E12

SummarySummary

EHS can remove the majority of the threats in the cloudEHS can remove the majority of the threats in the cloud

ISA can secure OWA with one domain login ISA can secure OWA with one domain login

Antigen In-Memory Scanning can improve the Antigen In-Memory Scanning can improve the performance & give defence in depth in one solutionperformance & give defence in depth in one solution

www.microsoft.com/securemessagingwww.microsoft.com/securemessagingwww.microsoft.com/securitywww.microsoft.com/security

http://blogs.technet.com/nick_hall/default.aspxhttp://blogs.technet.com/nick_hall/default.aspxhttp://blogs.technet.com/sandeep/default.aspxhttp://blogs.technet.com/sandeep/default.aspxhttp://blogs.technet.com/fred/default.aspxhttp://blogs.technet.com/fred/default.aspxhttp://blogs.technet.com/steve_lamb/default.aspxhttp://blogs.technet.com/steve_lamb/default.aspx

ResourcesResources

© 2006 Microsoft Corporation. All rights reserved. This presentation is for © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.SUMMARY.

www.microsoft.com/uk/security

www.microsoft.com/uk/technet/learning