Ovidiu PismacMCSE Security, CISSP, MCTS Forefront, Windows 7, Virtualization Microsoft Romaniaovidiup@microsoft.com

Business Ready Security

Business Ready Security Solutions

Integrated Security

Information Protection

Identity and Access Management

Secure Messaging Secure EndpointSecure Collaboration

Business Ready Security Roadmap

Subject to change

Active DirectoryFederation Services

Lightweight Directory ServicesCertificate ServicesDomain Services

Windows Cardspace

Network Access Protection

Management Consoles

Windows Identity FoundationWindows Cardspace

VirusesWormsSpam

Office Communications Server

Users

Internet

SMTP Server

ISA (TMG)Server

SharePoint

Exchange Server

EdgeE-mail

Collaboration

Forefront Comprehensive Security

VirusesWormsInapp. Content

Management

Microsoft Operations Manager

Forefront Management Pack (MP)

Forefront Client Security / Endpoint Protection

Forefront Protection Manager

Forefront 2010 - Protection Drilldown

AntivirusAntispyware

Host Firewall

Host audit & log analysis

Device Control

NAP Integration

Software Restriction

Vulnerability Assessment & Remediation

Exchange 2007 &E 14 Protection

New AntimalwareCapabilities

Advanced Antispam

Sharepoint 2007 and SPS 14 Protection

Content Filtering

Firewall

Web (URL) Filtering

HTTP/FTP/SMTP AV

Network Intrusion Prevention

VPN server - Remote Access

NAP Integration

Enterprise Security Assessment

Coordinated Defense Adaptive InvestigationInformation Sharing

Application layer security

HTTPS inspection

PROTECT everywhereACCESS anywhere

SIMPLIFY security,MANAGE compliance

Protect client and server operating systems from emerging threats and information loss, while enabling more secure access from virtually anywhere

INTEGRATE andEXTEND security

Secure Endpoint

• Advance Malware Protection

• Secure Always On Access

• Unified Management Console

• Enterprise-Wide Visibility

• Integrate with OS Security

• Leverage Existing Infrastructure

Windows Use of Filter Manager – included in Windows OS form Windows 2000 Professional with SP4 - Stable performance; scan viruses & spyware in real-time

Advanced system cleaning: Customized remediation (recreating registry entries, restoring settings)

WSUS Automated deployment of security agents and signatures using existing WSUS infrastructure

Being an administrative controlled policy, machines that have removed client agents accidentally or intentionally can automatically receive the agent through WSUS sync

Active Directory

Single policy configures anti-virus, anti-spyware and state assessment

FCS console is integrated with Active Directory for easy policy deployment

Policy can also be deployed via Group Policy Mgmt console or using 3rd party software distribution systems

OperationsManager (Embedded)

Real-time alerts and reportingEvent Flood Protection shields reporting infrastructure during outbreak from infected clients

State Assessment

Identify vulnerabilities and improperly configured machines; measure risk profile based on security best practicesWindows Firewall check: Visibility into ports that have been opened and applications allowed to access network. Use Group Policy to take corrective action

“Is my environment compliant with security

best practices?”

“Has my level of vulnerability exposure changed over time?”

“What portion of my environment is at high

risk?”

PROTECT everywhereACCESS anywhere

SIMPLIFY security,MANAGE compliance

Enable more secure business communication from virtually anywhere and on virtually any device, while preventing unauthorized use of confidential information

INTEGRATE andEXTEND security

Secure Messaging

• Best-in-class anti-malware on premise / in the cloud

• Protect sensitive information in email

• Secure, seamless access

• Built-in Information Protection

• Extend secure E-mail with partners

• Enterprise-wide visibility and reporting

• Unified management

PROTECT everywhereACCESS anywhere

SIMPLIFY security,MANAGE compliance

Enable more secure business collaboration from virtually anywhere and across devices, while preventing unauthorized use of confidential information

INTEGRATE andEXTEND security

Secure Collaboration

• Secure, seamless access

• Protect sensitive information in email

• Best-in-class anti-malware

• Enterprise-wide visibility

• Easier partner management

• Deep OCS, Exchange, SharePoint and Office integration

• Standards-based, interoperability

Advanced Protection – the strength of single vendor / multiple engines

Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from

Each scan job in a Forefront Server Security product can run up to five engines simultaneously

Internal Messaging and Collaboration Servers

A B C ED

No single point of failureIntegrated managementCost reductionSingle point of support

SharePoint

ISA Server

SMTP Server

Internet

Viruses

Application Servers advanced protection Microsoft antivirus approach

Exchange Exchange

One vendorMulti-engine

WormsSpam

A B

C

A

ED

B C

Automatic Engine Updates

Single Engine Multiple Engines

38 times faster response

Eliminates single point of failure

An AV-Test of consumer antivirus products revealed:On average, Forefront engine sets provided a response in 3.1 hours or less.Single-engine vendors provided responses in 5 days, 4 days, and 6 days respectively.

Comprehensive Protection for Exchange and Sharepoint and OCS Environments

“Forefront Server Security can support up to five scanning engines at the same time. Thus, it offers a more secure environment, compared with products that support using only a single engine.”– Akihiro Shiotani, Deputy Director of the Infrastructure Group, Astellas Pharma Information Systems Department

Content Filtering EngineProactively blocks a specific range of potentially dangerous file types whether or not a signature exists.

Filters specific files by size, name, type, or combinations

of these For e-mail attachments, can also filter

based on direction <in>*.exe, <out>*.doc, *.avi

Blockig based on file size *.mp3 >5MB Wildcards supported, e.g.,

“*resume*.doc” Inspects the real file type, not just

extension Can also spot and delete files within ZIP Suggested files to block:

EXE, COM, PIF, SCR, VBS, SHS, CHM and BAT (match files blocked by Outlook)

Actions

Skip detectLogs the event but does not block

DeleteRemoves the document and replaces with the customized deletion text

BlockDeletes the e-mail or blocks the upload to the document library

Virus Protection for Document LibrariesReal-time scanning of documents uploaded and downloaded from document libraryManual and scheduled scanning of document library

Content Policy EnforcementFile filtering to block documents from being posted based on name match, file type or file extensionContent filtering by keywords within documents for inappropriate words and phrases

SQL Document Library

SharePoint Server

Document

Users

Document

Forefront Security for SharePoint

Forefront for Instant Messaging – Office Communications Server

Find and remove viruses from the IM conversations and file transferInfected file blockingContinuous scanning IM traffic for removing malicious softwareContent filtering and support for encrypted traffic

Microsoft Office Communicator

Office Communications Server

Firewall

Microsoft Live Messenger

• Protect Critical Data Wherever It Goes

• Protect Data Wherever it Resides

• Secure endpoints to reduce risk

PROTECT everywhereACCESS anywhere

SIMPLIFY security,MANAGE compliance

• Extend confidential communication to partners

• Built into the Windows platform and applications

Information ProtectionDiscover, protect, and manage confidential data throughout your business with a comprehensive solution integrated with the computing platform and applications

INTEGRATE andEXTEND security

• Simplify deployment and ongoing management

• Enable compliance with information policy

Protect Sensitive Information in E-mail

“I believe that Active Directory RMS will be a watershed technology like e-mail or the Web browser. It will be a fundamental technology that everyone uses, and it will not be thought of as a separateapplication. It will be like Active Directory—it is just there and everyone uses it.”—Jason Foster, Senior Manager of Technology at Continental Airlines

• Automatically protect sensitive e-mail with Active Directory RMS

• Filter message body and subject based on content criteria

• Policy based restricted usage of email attachments

Protecteverywhere

access anywhere

Outlook Web Access

PROTECT everywhereACCESS anywhere

SIMPLIFY security,MANAGE compliance

Enable more secure, identity-based access to applications on-premises and in the cloud from virtually any location or device

INTEGRATE andEXTEND security

Identity and Access Management

• Provide more secure, always-on access

• Enable access from virtually any device

• Extend powerful self-service capabilities to users

• Automate and simplify management tasks

• Control access across organizations

• Provide standards-based interoperability

Scale across physical, virtual and cloud environments

Protect Everywhere, Access Anywhere

Information

Application

Network

Host

IDENTITY CENTRIC

PROTECT everywhereACCESS anywhere

SIMPLIFY security,MANAGE compliance

Protect information and infrastructure across your business through a comprehensive solution that is easier to manage and control

INTEGRATE andEXTEND security

Integrated Security

• Comprehensive, Defense-in-depth protection

• Data Leakage Prevention

• Unified Security Management

• Enterprise-wide visibility and reporting

• Maximize infrastructure efficiency

• Interoperate with partner solutions

Results of testing of 29 anti-virus engines against more than 870,000 malware files

discovered during the last six months

Test of consumer anti-virus products using a malware sample covering approximately the last three years.

Received AVComparatives Advanced Certification

In recent tests, Microsoft rated among the leaders in anti-virus protection

Kaspersky 97.4%Symantec 96.1%Microsoft 96.1%Trend Micro 95.4%AVG 95.1%Sophos 95.0%NOD32 93.6%Panda 93.3%Norman 90.8%McAfee 86.4%eTrust 73.7%

Test based on more than 1 million malware samples

Kaspersky 98.30%

Symantec 97.70%

McAfee 94.90%

Microsoft 93.90%

VBA32 87.70%

AVK (G Data) 99.91%

Trend Micro 98.72%

Sophos 98.10%

Microsoft 97.79%

Kaspersky 97.17%

F-Secure 96.78%

Norton (Symantec) 95.70%

McAfee 95.58%

eTrust / VET (CA) 72.07%

Forefront efficiently uses system resources, scans quickly, and detects malware effectively

Product Name/ Capability

Symantec Corporate AntiVirus

10.2

Forefront Client Security

Memory Footprint1

ServerClient

58.6 Mbs66.3 Mbs

56.5 Mbs57.9 Mbs

Avg Usage, CPU & Memory2

% Server Avg% Client Avg

30.5%29.4%

2.0%11.1%

Boot time increase3

62% avgincrease

4.5% avgincrease

Scanning time (quick)

Network 1 (Avg)4

Network 2 (Avg)429.9 min12.0 min

13.6 min5.3 min

Scanning time (full)

Network 1 (Avg)4

Network 2 (Avg)4156.8 min92.8 min

34.6 min18.3 min

60%+ less CPU

usage

14x faster

at boot time

2x faster in

quick scans

5x faster in full scans

Sources: West Coast Labs, AVTest.org• Performance benchmarking study with West Coast Labs.

Product Name/ Capability

Symantec End Point Security

Forefront Client Security

Memory Footprint1

Client – uninfected Client -infected

536 Mbs593 Mbs

522 Mbs495 Mbs

Avg Usage, CPU & Memory2

% Client – uninfected % Client - infected

82.37%88.56%

79%81.6%

Scanning timeUninfected client

Infected client147.69min167.09min

81.82 min95.33 min

Application Startuptime

Starting Wordwith no AV – 1.725 2.425 sec 2.233 sec

Starting IEwith no AV – 2.275 3.6 sec 2.6 sec

7% less CPU

2x faster

Certifications and awards for Forefront technology:VB 100% October 2009VB 100% August 2009 on Windows Vista SP2VB 100% April 2009 on Windows XPVB 100% December 2008 on Windows Vista x64VB 100% October 2008 on Windows Server 2008VB 100% February 2008 on Windows Server 2003ICSA Labs certification – Forefront was the first product certifed for Exchange 2007West Coast Labs’ Checkmark certification

Industry thought leadership“Behavioral Classification” paper delivered at 2006 European Institute for Computer Antivirus Research (EICAR) conference

On-demand detection

WildList Viruses Worms & bots

Polymorphic viruses

Trojans

McAfee 100% 100% 100% 90.62%

Microsoft 100% 100% 100% 92.75%

Symantec 100% 100% 100% 92.13%

Trusted Technology - Microsoft products earn CC certification

The following platform & application products have earned Common

Criteria certification (EAL4+) – highest certification for commercial software:

Windows Server 2008Windows 2008 Hyper-VWindows Certificate ServicesRights Management ServiceWindows VistaWindows 7 FIPS 140-2Windows XP Embedded SP 2Exchange Server 2007 SP2ISA Server 2006Windows Mobile 6.1

Microsoft Malware Protection Centerhttp://www.microsoft.com/security/portal

Microsoft IT SecurityForefront at scale deployment

First and Best Customer

Forefront Endpoint Protection: 93K+ Forefront Protection for Exchange & RMS: 130K+ mailboxesForefront Identity ManagerISA Sever 2006: Edge SecurityCovering Microsoft.com, Live Meeting, Hotmail

Enterprise Infrastructure

5 data centers9,700 production servers108,000 servers (MSN)98 countries550 buildings260,000+ SMS managed computers585,000 devices141,549 end users

High-Scale Processes

2,400,000 internal e-mails with 18,000,000 inbound (97% filter rate)36,000,000 IMs per month136,000+ e-mail server accounts137,000,000+ remote connections per month

Multiple Vendors > $750/user*

*Known industry approximations**Mid-level Microsoft EA Level “C” up-front pricing based on July 2009 published list pricing

While meeting your broad infrastructure needs

Core CAL Suite Exchange Enterprise CAL SharePoint Enterprise

CAL Office Communications

Server Standard & Enterprise CAL

Forefront Security Suite Rights Management

Services CAL

Microsoft Value $225/user**

1. One simple CAL

2. 50% discount

3. Reduced TCO

Simplify Your Security Purchase

Business Ready Security Solutions

Why invest now?

Take advantage of 30% promotion by Dec. 31, 2009

Deploy Forefront protection products to improve endpoint, messaging and collaboration security today

Automatically get access to next generation technologies available in the Forefront Protection Suite

New Cloudmark engine for improved antispam (Q4 CY09)New Microsoft Threat Management Gateway Web Protection Service – Forefront antivirus in TMG server (Q4 CY09)New centralized management, reporting and investigation console with Forefront Protection Manager

Security Guidance and ResourcesMicrosoft Security Home Page: www.microsoft.com/securityMicrosoft Security Portal: www.microsoft.com/security/portalMicrosoft Trustworthy Computing: www.microsoft.com/security/twcMicrosoft Security Intelligence Report: www.microsoft.com/sirInfrastructure Optimization: www.microsoft.com/ioMicrosoft Security Assessment Tool: www.microsoft.com/security/msat

General Information:Microsoft Live Safety Center: safety.live.comMicrosoft Security Response Center: www.microsoft.com/security/msrcSecurity Development Lifecycle: http://msdn2.microsoft.com/en-us/library/ms998404.aspxGet the Facts on Windows and Linux: www.microsoft.com/windowsserver/compare

Anti-Malware:Understanding malware http://download.microsoft.com/download/a/b/e/abefdf1c-96bd-

40d6-a138-e320b6b25bd3/understandingantimalwaretechnologies.pdfMicrosoft Forefront: www.microsoft.com/forefrontMicrosoft OneCare: www.windowsonecare.comMicrosoft Defender: www.microsoft.com/athome/security/spyware/softwareSpyware Criteria: www.microsoft.com/athome/security/spyware/software/isv

Guidance Centers:Security Guidance Centers: www.microsoft.com/security/guidanceSecurity Guidance for IT Professionals: www.microsoft.com/technet/securityThe Microsoft Security Developer Center: msdn.microsoft.com/security

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be

interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.