Bashar Kachachi Senior Program Manager Lead Microsoft Corporation SIA204 Session Objectives And Takeaways Session Objectives: Understand the capabilities of FCSv2 Know how FCSv2 protects endpoints against.
Download ReportTranscript Bashar Kachachi Senior Program Manager Lead Microsoft Corporation SIA204 Session Objectives And Takeaways Session Objectives: Understand the capabilities of FCSv2 Know how FCSv2 protects endpoints against.
Bashar Kachachi Senior Program Manager Lead Microsoft Corporation SIA204 Session Objectives And Takeaways Session Objectives: Understand the capabilities of FCSv2 Know how FCSv2 protects endpoints against threats Plan an FCSv2 deployment Key Takeaways: FCSv2 provides comprehensive endpoint protection FCSv2 is part of Forefront codename: “Stirling” Microsoft Confidential Agenda Forefront Today Forefront Client Security v2 Unified Protection Simplified Administration Visibility and Control Enterprise Ready Question and Answer Business Ready Security Help securely enable business by managing risk and empowering people Identity Highly Secure & Interoperable Platform from: Block Cost Siloed to: Enable Value Seamless Comprehensive line of business security products that helps you gain greater protection and secure access through deep integration and simplified management Client & Server OS Server Applications Network Edge Comprehensive protection for business desktops, laptops and server operating systems that is easier to manage and control Comprehensive Protection Unified endpoint security that integrates anti-malware, host firewall and more Coordinated protection with Forefront codename: “Stirling” Inspection, threat mitigation and remediation Simplified Administration Manage from a single role-based console Integrates with existing Microsoft infrastructure Easy discovery and deployment of protection for endpoints Visibility and Control One dashboard for visibility into threats, vulnerabilities, and configuration risks Increased visibility into endpoint security with vulnerability assessment scanning Comprehensive Protection Forefront Client Security v2 Proactive Reduce attack surface of vulnerabilities Vulnerability Remediation Limit exposure from vulnerable clients Network Access Protection Restrict what applications can do Reactive Host Firewall Scan for vulnerabilities and configuration exposures Vulnerability Assessment Monitor suspicious processes Behavior Monitoring Block, remove and clean malicious software Antivirus/ Antispyware Antivirus – Antispyware Building on FCS v1 In recent tests, Microsoft rated among the leaders in anti-virus protection AVTest.org AVTest.org AVComparatives (March 2008) (Feb 2008) Kaspersky Symantec McAfee Microsoft 98.3% 97.7% 94.9% 93.9% VBA32 87.7% Received AVComparatives Advanced Certification Test of consumer anti-virus products using a malware sample covering approximately the last three years. AVK (G Data) 99.9% Trend Micro 98.7% Sophos 98.1% Microsoft 97.8% Kaspersky 97.2% F-Secure 96.8% Norton (Symantec) 95.7% McAfee 95.6% eTrust / VET (CA)than 1 million 72.1% Test based on more malware samples (Sept 2008) AVK 2009 (G Data) 99.8% F-Secure 99.2% Norton (Symantec) 98.7% Kaspersky 98.4% Microsoft 97.7% Sophos 97.5% McAfee 93.6% Trend Micro 91.3% Test basedCA on -more VETthan 1 million 65.5% malware samples FCS Awards and Certifications Antivirus – Antispyware Building on FCS v1 Integrated anti-virus/anti-spyware agent delivering real-time protection Uses Windows Filter Manager Maintains stable operation Scans viruses and spyware in real-time Dynamic Translation Unique to Microsoft agent Maximizes scanning speed: Decryption and code emulation of malware with speed of native code execution Other protection features: Tunneling signatures for detecting and removing rootkits Advanced system cleaning: Customized remediation (recreating registry entries, restoring settings) Event Flood Protection: Shields reporting infrastructure during outbreak from infected clients Heuristics for classifying programs based on behavior Better malware detection Multiple technologies for malware protection Greater stability of client environment Faster malware scanning conducted in real-time Antivirus – Antispyware The FCS agent efficiently uses Building on FCS v1 quickly, and detects malware Product Name/ Capability Memory Footprint1 Server Client Avg Usage, CPU & Memory2 % Server Avg % Client Avg Boot time increase3 Scanning time (quick) Network 1 (Avg)4 Network 2 (Avg)4 Scanning time (full) Network 1 (Avg)4 Network 2 (Avg)4 Leading Competitor 58.6 Mbs 66.3 Mbs effectively Forefront Client Security Product Name/ Capability Leading Competitor Forefront Client Security 56.5 Mbs 57.9 Mbs Memory Footprint1 Client – uninfected Client -infected 536 Mbs 593 Mbs 522 Mbs 495 Mbs 60%+ less CPU usage 30.5% 29.4% 2.0% 11.1% 62% avg increase 4.5% avg increase 29.9 min 12.0 min 13.6 min 5.3 min 14x faster at boot time 2x faster in quick scans 5x faster in full scans 156.8 min 92.8 min system resources, scans 34.6 min 18.3 min Avg Usage, CPU & Memory2 % Client – uninfected % Client - infected Scanning time Uninfected client Infected client 7% less CPU 82.37% 88.56% 79% 81.6% 2x faster 147.69min 167.09min 81.82 min 95.33 min Starting Word with no AV – 1.725 2.425 sec 2.233 sec Starting IE with no AV – 2.275 3.6 sec 2.6 sec Application Startup time Sources: West Coast Labs, AVTest.org, Performance benchmarking study conducted by West Coast Labs. Vulnerability Management Proactively reduce the surface area Check NEW Assess Remediate Detect common vulnerabilities and missing security updates Discover misconfiguration exposures Configure security checks parameter New checks include: IE Security Setting, DEP, IIS Setting, and more… Compare system configuration against security best practices Assign score based on associated risk Surface issues found across the enterprise in real time Automatically remediate based on policy Integrate with NAP for compliance enforcement Remotely remediate from the management console Vulnerability Assessment Checks Available in Forefront Client Security v2 Internet Explorer Browser Security Restricted Sites Allowed Trusted Sites Home Page Protection Internet Explorer Browser Security Phishing Filter Pop-up Blocker Protected Mode Antimalware •Malware detected and/or failed to clean BitLocker Device Control Antimalware AM Service Running AM Signatures Up-To-Date AM Scan Required File System File System NTFS Shares Security Updates Windows Firewall Data Execution Prevention (DEP) Account Management Guest Account Autologon Restrict Anonymous Auditing (Login/Logoff) Password Expiration Approved Updates Unapproved Updates Automatic Updates Unnecessary Desktop Services Office Macros Internet Explorer Browser Security Internet Explorer Zones Enhanced Security Configuration User Account Control (UAC) Application Elevation for App Install Application Elevation for Signed Exe Application Elevation for UIAccess Apps ActiveX Install Without Prompt Virtualization for File and Registry Failures Admin Approval Mode for Built-In Admin Elevation Prompt for Admins Elevation Prompt for Standard Users Admin Approval Mode for All Admins Elevation Prompt Secure Desktop Secure Credential Entry Network Access Protection Up-to-date Protection: ensures that all clients have the latest definitions & host protection policy Compliance Enforcement: enables administrators to enforce their corporate security policy and protect the network from non-compliant and vulnerable clients Outbreak Containment: protects the network from clients with active malware infections Network Eviction: enables administrators to protect the network from suspicious and potentially compromised clients 1 Host Firewall Firewall Management: centralized management of the Windows Firewall Windows XP/2003, Windows Vista/2008, and Windows 7 Support Inbound and Outbound Filtering Configure Firewall Exceptions for Ports, Applications, and Services Configure Network Location Profiles for Roaming Users Centralized Visibility: Firewall State in the Enterprise Sensors for Security Incident Detection Activity Monitoring Statistics Forefront Code Name "Stirling" An integrated security suite that delivers comprehensive protection across endpoint, application servers, and the edge that is easier to manage and control Code Name “Stirling” Central Management Server Unified Management In-Depth Investigation Enterprise-Wide Visibility Security Assessment Sharing (SAS) Client & Server OS Server Applications Network Edge Third-Party Partner Solutions Other Microsoft Solutions Active Directory Network Access Protection Simplified Administration With Stirling Protect your business with greater efficiency FCSv2 is managed through “Stirling” One console for simplified, role-based security management Define one security policy for your assets across protection technologies Deploy signatures, policies and software quickly Integrates with your existing infrastructure: SQL, WSUS, AD, NAP, SCCM, SCOM (new & existing) Integration With Your Infrastructure Required Infrastructure POLICY POLICY Microsoft Update REPORTS (OR ALTERNATE SYSTEMS) EVENTS Network Access Protection (NAP) GROUPS (OR ALTERNATE SYSTEM) SIGNATURE, UPDATES CORE INFRASTRUCTURE INTEGRATION INFRASTRUCTURE Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, Forefront Threat Management Gateway Deployment and Scalability An asset is a computer with one of the Stirling protection technologies (FCS, FSE, FSSP and/or TMG) 250 – 2,500 Assets Stirling Server Roles Up to 25,000 Assets 1 4 Stirling Console Stirling Core Stirling SQL DB SCOM Root Management Server (RMS) SCOM SQL DB SQL Reporting Server SQL Reporting DB Software/Signature Deployment e.g. WSUS or SCCM (TYPICALLY ALREADY DEPLOYED BEFORE STIRLING) Stirling Console 1 Stirling Core SCOM (RMS) SQL Reporting Server WSUS 2 Stirling SQL DB 1 SCOM SQL DB SQL Reporting DB Scaling Up… Stirling Console 1 Stirling Core SQL Reporting Server Per 25,000 Assets 1 SCOM RMS + 1 SCOM SQL DB Stirling SQL DB 1 SQL Reporting DB Per 20,000 Assets 1 WSUS Critical Visibility and Control Know where action is required Know your security state View insightful reports Investigate and remediate security risks Critical Visibility and Control Take action to remediate issues FCSv2 Tasks: Update signatures AM quick/full Scan Vulnerability scan Install missing updates Vulnerability remediation Network eviction Reboot computer Integrated With Dynamic Response Enhanced Enterprise Capabilities Forefront Client Security Scale to the largest enterprises Role-based Administration Virtualized Deployments Clustering and High Availability Deployments Support for both domain and non-domain joined assets Protection for Windows Server Roles Native NAP Integration Microsoft Confidential Platform Support Client Agents Windows XP, Windows Vista, Windows 7 Windows 2003, Windows 2008 Virtual machines (MSFT virtual machine technology only) Non-domain joined machines Windows Embedded, WEPOS Server Infrastructure Windows Server 2003, Windows 2008 (x64 only) SQL Server 2008 Standard or Enterprise Will support installation of server infrastructure on virtual machines (MSFT virtual machine technology only) Will support clustered environments for high availability Summary Forefront Client Security v2 provides unified protection for endpoints (desktops, laptops and servers) that is easier to manage and control Built on FCS v1 strong foundations Offers greater protection Integrated with “Stirling” Centralized management Comprehensive, insightful reports Enterprise Ready Contact Us Bashar Kachachi [email protected] Resources www.microsoft.com/teched www.microsoft.com/learning Sessions On-Demand & Community Microsoft Certification & Training Resources http://microsoft.com/technet http://microsoft.com/msdn Resources for IT Professionals Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources Complete an evaluation on CommNet and enter to win! © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.