SIM326 Forefront server protection solutions help businesses protect their messaging and collaboration servers against viruses, worms, spam, and inappropriate content. Comprehensive Protection Integration.
Download ReportTranscript SIM326 Forefront server protection solutions help businesses protect their messaging and collaboration servers against viruses, worms, spam, and inappropriate content. Comprehensive Protection Integration.
SIM326 Forefront server protection solutions help businesses protect their messaging and collaboration servers against viruses, worms, spam, and inappropriate content. Comprehensive Protection Integration with Exchange and SharePoint Simplified Management Forefront Protection 2010 for Exchange Server • • • • • Antivirus Antispyware Anti-spam Integrated antispyware protection • BATV - Bounce Address Tag Validation Industry-leading 3rd party content filtering engine Premium IP Reputation based RBLs • Forefront Protection 2010 for SharePoint • • • • • • Symantec • Kaspersky • Authentium Microsoft AV Kaspersky Authentium Virus Buster Norman • • Forefront Online Protection for Exchange • • • • • • • • • • • • Layered Defenses against Junk Mail IP Reputation Blocking Connection Analysis Reputation Analysis Safe Senders Sync Outlook Junk Email Plugin Additional Spam Filtering Options IP-Based Authentication Non-Delivery Report Backscatter Mitigation Outbound Spam Filtering Rules-Based Scoring Fingerprinting • Microsoft AV Kaspersky Authentium Virus Buster Norman Integrated antispyware protection N/A Forefront Protection 2010 for Exchange Server Edge Keyword • Transport Scanning • Predefined rule sets • Filter inside attachments Attachment & File Scanning Forefront Protection 2010 for SharePoint • Hosted Service Edge Filtering (MX Points to FOPE) • • • • Subject Line Body Message Character Sets Cannot filter content inside attachments N/A • Keyword filtering to block out-of-policy content • Policy Rule Syntax options support: Basic and regular expressions • Can add custom dictionaries RegEx File Type Forefront Online Protection for Exchange • • • • Determines True File Type Extensions Format Zip • Extensions • Filenames • • • • Determines True File Type Extensions Format Zip Average Response Times including Proactive Detections WildList 10/2010, 11/2010 & 12/2010 (the less, the better) 0 1 ** 0.00 denotes proactive detection Source: AV-Test.org (www.av-test.org) Forefront (5 Engines) Forefront (3 Engines) G Data Eset Nod32 AntiVir Kaspersky Sunbelt F-Secure Microsoft Ikarus BitDefender Trend Micro (Cons.) Webroot Sophos Fortinet AVG Fortinet (BETA) Panda VirusBuster McAfee (BETA) McAfee K7 Computing QuickHeal VBA32 Symantec (BETA) Symantec Norman Dr.Web Avast PC Tools Rising Trend Micro (CPR) Trend Micro CA-AV Authentium F-Prot ClamAV 200 400 600 800 1000 1200 1400 1600 1800 Single Engine Multiple Engines 38 times faster Automatic Engine Updates On premises or in the cloud 99% spam detection* * With premium anti-spam services Forefront Protection 2010 for Exchange Server (FPE) • • • • Forefront Online Protection for Exchange (FOPE) • Hosted service provided in the cloud by Microsoft to Exchange Online and standalone • Anti-spam • Antimalware • Filtering capabilities Deployed on-premises on Exchange servers Anti-spam Antimalware Filtering capabilities -- Gartner, Inc. Magic Quadrant for Secure Email Gateways, Peter Firstbrook, Eric Ouellet, April 27, 2010. The Gartner Magic Quadrant is copyrighted by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Microsoft. West Coast Labs: Spam Catch Rate above 99% Premium Anti-spam certification Virus Bulletin: Continuous Live Spam Catch Rate above 99%: 99.77% (September 2009) 99.46% (November 2009) 99.32% (January 2010) 99.86% (March 2010) 99.93% (May 2010) 99.96% (July 2010) Enterprise Network Edge Transport Hub Transport Routing & Policy External Mail Mailbox Storage of mailbox items Protection Availability: Exchange 2010 Exchange 2007 SP1 Unified Messaging Voice mail & voice access Mobile phone Client Access Web browser Client connectivity Web services Phone system (PBX or VOIP) Outlook (remote user) Line of business applications Outlook (local user) Exchange 2010 Connection Filtering + FPE Forefront DNS Block List • Aggregated RBL data from multiple external and internal vendors • No configuration required Unified Management • Consolidated Connection/Sender/Recipient/Sender ID filtering for simplified management Backscatter Filter • Blocks NDR (backscatter) spam Cloudmark CMAE Engine • Option of alternative 3rd party content filter • Above 99% detection rate • No configuration required (installs with smart defaults) Forefront True Type File Filtering • Real file type inspection (not just extension) • Actionable scanning of nested files/within ZIP Global Exception Lists • Single access point to sender and recipient exception lists (allow and block actions) Streamlined SCL • Less ambiguous ratings for less false positives end to end Hybrid Model • Integration with Forefront Online Protection for Exchange Protocol Filtering Content Filtering Benefits Forefront scans within ZIP and other compressed formats and deletes only the offending file Custom deletion text EXE DOC BMP JPG Container file before scan Filter Rules: Delete *.exe Quarantine EXE Quarantine TXT DOC BMP JPG Container file after scan Connection Filtering • Connection Analysis (IP-based edge blocks) • Reputation Analysis AntiVirus • Protect businesses from receiving email–borne viruses and other malicious code with scan engines and heuristic detection • Multiple engine support Anti-Spam • Anti-spam filter can detect all types of spam before they reach the corporate network • NDR Backscatter Support Policy • Policy rules to regulate email flow for compliance • Policy-based encryption (for EHE subscribers) • Enhanced RegEx support Office 365 • Every Exchange Online (BPOS)/Office 365 customer is a FOPE customer! Standalone • Protect on-premises or hosted email implementations • Is server agnostic Hybrid Protection • Protect on-premises Exchange servers and integrates FPE/FOPE policies (On-prem/Cloud Policies) Others • Live EDU (This CY 2011) Multilayer spam and virus protection and policy enforcement External Senders/ Recipients Corporate Network Exchange Server Legitimate Email Outbound Filtered Email Edge Blocking Antivirus Policy * Encryption Anti-spam Inbound Filtered Email Active Directory FOPE Directory Synchronization Tool Junk Email Automatic Spooling Administrator Console About 90% of Email is junk * Requires additional Exchange Hosted Encryption License Messaging Administrator Employees End User Quarantine Also incorporates technology from… On-Premises Software Online Exchange Server Internet SMTP Edge Role Hub Role Mailbox Role Antivirus and anti-spam protection for Exchange Server 2010/2007 Server Roles Anti Malware Anti-spam Management Forefront Online Protection for Exchange • Symantec • Authentium • Kaspersky • Inbound Messaging Hygiene • Stop Foreign Spam • Outbound Spam Mitigation • Anti-spam Feedback Loop • Message Tracing • IT Admin Improvements Forefront Protection 2010 for Exchange Server • • • • • • Internal mail filtering • Industry-leading 3rd party content filtering • Forefront Protection Server Management Console MS AV + AntiSpyware Kaspersky Authentium Virus Buster Norman SQL Back End External SharePoint Users Internet Indexing Server Potential Malware Potential Malware Unified Application Gateway Web Front End Firewall Management Internal SharePoint Users Forefront Protection for SharePoint • • • • • SharePoint Web Front-End Servers Antivirus Scanning Antispyware Scanning Keyword Filtering File Filtering Quarantine SharePoint Databases Standalone Management Forefront Management Console (FPE/FPSP) FPE/FPSP PowerShell New! Multi-Server Management Forefront Protection Server Script Kit (FPSSK) • Scripts for discovery, configuration, deployment, and reporting on FPE and FPSP • Free download Forefront Protection Server Management Console 2010 (FPSMC) • Multi-server management of FPE and FPSP in a single interface; additional support for FOPE. • Free download Simplified Management • Manage multi-server FPE 2010 and FPSP 2010 environments • Server Discovery and Grouping • Product FPSMC agent deployment • Deploy policies to custom-defined groups of servers • Manage cross-domain and non-domain servers from one console • Firewall friendly communication channel • Signature Redistribution for 32-bit and 64-bit engines • Online integration with FOPE Enterprise Ready Visibility & Control • • • • • • • • • • • Visibility into incidents across FPE and FPSP Real-time monitoring for security events User friendly Dashboard view Real-time and historical reports Web-based interface for easier access License distribution and activation Centralized Quarantine Enterprise ready scalability Support for SQL scenarios Business continuity for critical functionality Manage FPE on Clusters (Exchange 2007 and Exchange 2010) Built on Microsoft Infrastructure • Windows Server 2008 R2 • Hyper-V • WCF • Active Directory • SQL Server 2008 • IE 7.0, IE 8.0, IE 9.0 (In Progress) 4 types of jobs Deployment job (Policy) Signature Redistribution Job Scheduled Report Job Product Activation Job Jobs can be scheduled or run on demand Jobs can be scoped to target a specific set of servers Configured by the Administrator On-demand Incident Detection, Spam Detection, Engine and Definition Version Report scoped based on date range and desired servers Report includes distribution of detections, trending, and raw data Scheduled Sent via email on a daily, weekly, or monthly basis Remote Access Replication Backup FPSMC 1. 2. 3. 4. Primary FPSMC Add FPE and FPSP servers to FPSMC and deploy Agent Upload policy to FPSMC and create jobs Run jobs to deploy policy Retrieve Quarantine and Reporting data periodically Forefront Products Standalone (SL = Subscription License) Included in Suite Included in other CALs Forefront Online Protection for Exchange 1. Forefront Online Protection for Exchange (per user) SL 1. Enterprise CAL Suite (per user) 2. Forefront Protection Suite (per user) 3. Exchange Online 1. Exchange Server 2010 Enterprise CAL with services (per user) Exchange Hosted Encryption 1. Add-on to Forefront Online Protection for Exchange (per user) SL 1. Add on to Enterprise CAL Suite (per user) 2. Add on to Forefront Protection Suite (per user) 3. Add on to Exchange Online 1. Add on to Exchange Server 2010 Enterprise CAL (per user) Forefront Protection for SharePoint 1. Forefront Protection 2010 for SharePoint Server (per user) SL 2. Forefront Protection 2010 for SharePoint for Internet Sites Add-on SL 1. Enterprise CAL Suite (per user) 2. Forefront Protection Suite (per user) 3. SharePoint Online (*runs on internal MSFT SharePoint servers) Forefront Security for OCS 1. Forefront Security for Office Communications Server (per user) SL 2. Forefront Security for Office Communications Server External Connector Add-on SL 1. Enterprise CAL Suite (per user) 2. Forefront Protection Suite (per user) Forefront Protection for Exchange 1. Forefront Protection 2010 for Exchange Server (per user) SL 2. Forefront Protection 2010 for Exchange Server External Connector Add on SL 1. Enterprise CAL Suite (per user) 2. Forefront Protection Suite (per user) 3. Exchange Online (*runs on MSFT servers internally) Forefront Protection Server Management Console 1. Forefront Server Security Management Console Services SL 1. Free download: http://go.microsoft.com/fwlink/?LinkID=20851 4 Forefront Protection Server Script Kit 1. Forefront Server Security Management Console Services SL 1. Free download: http://go.microsoft.com/fwlink/?LinkId=19661 3 1. Exchange Server 2010 Enterprise CAL (user or Device) Blue Section http://www.microsoft.com/cloud/ http://www.microsoft.com/privatecloud/ http://www.microsoft.com/windowsserver/ http://www.microsoft.com/windowsazure/ http://www.microsoft.com/systemcenter/ http://www.microsoft.com/forefront/ http://northamerica.msteched.com www.microsoft.com/teched www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn Searches the message body for matches to keywords in selected lists Can be imported from an existing file Can filter phrases Supports operators: AND, OR, NOT Actions: Skip & Detect, Delete, Suspend Filter by name, type, or size *.exe, *.doc, *>10mb Filters can be combinations of size, name and type <photo1.jpg>10mb, *.mp3>5mb, *>10mb Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM, and BAT Actions: SkipDetect, Suspend (Realtime), Delete (Scheduled/OnDemand)