Microsoft 10 nov 2010
-
Upload
agora-group -
Category
Documents
-
view
276 -
download
0
Transcript of Microsoft 10 nov 2010
Security Technologies
Sebastian VîjeuTechnology EvangelistMicrosoft România
Cloud On-Premises
The Microsoft Security Story
The TrustworthyComputing Initiative
Security Tools & Papers
SecurityReadiness
Educationand
Training
Core Infrastructure Optimization Model
IT Process and Compliance
Identity and Security Services
Client Services
Datacenter Services
Standardized
Managed information-technology (IT) infrastructure with limited automation
Rationalized
Managed and consolidated IT infrastructure with maximum automation
Dynamic
Fully automated management, dynamic resource usage, business-linked service level agreements
Basic
Uncoordinated, manual infrastructure
Efficient Cost Center
Business Enabler
Strategic Asset
Cost Center
Business ChallengesBusiness
Landscape• More connectivity and collaboration• Increased regulatory and compliance pressure• Greater need for identity-based protection and access• Greater IT choice: On-Premises vs. Cloud
Increased volume
Greater sophistication
Profit motivated
Product proliferation
Lack of integration
High cost of ownership
Threats Current Solutions
Security not aligned to business needs and new opportunities
“Information security today suffers from a proliferation of unconnected point products, creating unnecessary complexity and cost … information security needs to move to integrated, identity-aware, adaptive security systems that support business initiatives instead of blocking them.”
Neil MacDonald, VP and Gartner Fellow
Protect Everywhere, Access Anywhere
Protection Across Multiple Layers
Access Anywhere
IDENTITY CENTRIC
Scale across physical, virtual, and cloud environments
Network
Host
Application
Information
Business Ready Security Solutions
Integrated SecurityPlatform : Active Directory, User Account Control (UAC), Direct
Access, Network Access Protection (NAP)
Information ProtectionAD Rights Management Services (RMS),
Platform : EFS, Bitlocker
Identity and Access ManagementForefront Identity Manager 2010,
Threat Management Gateway(TMG), Unified Access Gateway (UAG)
Secure MessagingForefront Protection 2010 for
Exchange Server
Secure EndpointForefront Client Security
Forefront Endpoint Protection,
Platform : Direct Access, NAP
Secure CollaborationForefront Protection 2010
for Sharepoint/OCS Server
Protect Clients Without Complexity• Simple interface
− Keep user interactions minimal and high-level
− Provide necessary interactions
• Admin-managed options− Control user
configurability− Enforce central
policy
Building Endpoint Protection On Configuration Manager 2007• Uses existing
Configuration Manager 2007 infrastructure− No new servers− Integrated console− Supports SP2/R2 and
later• Simple install process
− Installs on root site, deploys to hierarchy
− Discover Configuration Manager roles and attach FEP roles and context (or allow separate installs)
− Automatically creates additional components (FEP distribution packages, DCM baselines)
Central Site
Primary Site
Primary Site
Primary Site
FEP
Extending Endpoint Protection to Servers
Server-Centric View in OpsMgr
Predefined settings optimized per server workloadServer security and availability tasksService Level Objectives reports integrated with OpsMgr 2007 R2
Real-Time Monitoring and Alerting for Critical Systems
Protect E-mails from MalwareOn Premises and in the Cloud• Provides defense in depth
through best-in-class, multi-engine antimalware
• Increases productivity with industry-leading 99+ percent spam-catch rate
• Reduces risk through automatic engine updates
Malware Protection
“Our system is definitely more secure because every PC is getting the Forefront updates. With Forefront Security, we’ve solidified protection across the organization.”
George Podolak, Director of IT,
Pei Cobb Freed & Partners
BPOS
Protect Sensitive Information in E-mail On Premises and Cross Premises• Provides automatic protection
for sensitive e-mails with rights management
• Protects information no matter where e-mails go through cross-premises rights management
• Enables wider policy enforcement with protection capabilities for Outlook® Web App and voicemail
“I believe that Active Directory RMS will be a watershed technology like e-mail or the Web browser. It will be a fundamental technology that everyone uses, and it will not be thought of as a separate application. It will be like Active Directory—it is just there and everyone uses it.”
Jason Foster, Senior Manager of Technology at Continental Airlines
BPOS
Information
Protection
“Forefront Security for Exchange Server can support up to five scanning engines at the same time. Thus, it offers a more secure environment, compared with products that support using only a single engine.”
- Akihiro Shiotani, Deputy Director of the Infrastructure Group
Protect Everywhere, Access AnywhereExample scenario: Protect messages from malwareCompetitors’
SolutionsMicrosoft Solution
“Defense in Depth”
38 times faster
Automatic engine updates
On premises or in the cloud
99 percent spam detection*
* With premium anti-spam services
Multiple EnginesSingle Engine
An AV-Test of antivirus products revealed:• On average, Forefront™ engine sets
provided a response in 3.1 hours or less.
• Single-engine vendors provided responses in 5 days, 4 days, and 6 days respectively.
Management
Integrate and Extend Security Across the Enterprise
Integrated across the stack
Extensible across the enterprise
Workloads
Windows® Platform
Active Directory®
Enhance value from investments Extend value to changing needs
• Industry collaboration and partnership
• Seamlessly extend cloud-based operations• Claims-based identity federation
• Enable support for heterogeneous environments
• Empower developers through open standards and protocols
Backed by global resourcesMalware Protection Technology
Malware Research and Response
Security Intelligence
Simplify the Security Experience, Manage ComplianceExample scenario: User provisioning
ActiveDirectory
LotusDomino
Lightweight Directory Access Protocol (LDAP)
SQLServer®
Oracle database
Human Resource System
Forefront Identity Management(FIM)
Workflow
Manager
User Enrollment
Approval
User provisioned on all allowed systems
FIM Certificate Management
End User
ActiveDirectory
Oracle
SQLServer
IBM DS
LDAP
User requests password reset
FIM Server
Passwords
updated
Simplify the Security Experience, Manage ComplianceExample scenario: Self-service password reset
Forefront Identity Management capabilities integrated with Windows logonRandomly selects a number of questions
Reset Password
Microsoft Security Solutions Gaining Momentum
Microsoft AV achieved
Advanced+ May 2010
18
“Chief information officers looking to outsource parts or all of their company's security will want to closely
evaluate Microsoft's next-generation security services.”
Awards, Certifications, and Reviews
Try the solutions at www.Microsoft.com/forefron
t/trial
Speak with a Microsoft representative about
your needs
Deploy solutions that empower your
business needs
Next Steps and Resources
Forefront Business Ready Securityhttp://www.microsoft.com/forefront/en/us/business-ready-security.aspx
Forefront Deployment Resourceshttp://www.microsoft.com/forefront/en/us/deployment.aspx
Microsoft Forefront Case Studieshttp://www.microsoft.com/forefront/en/us/case-studies.aspx
Microsoft Serviceshttp://www.microsoft.com/services
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.