Source: “Messaging Security Survey: The Good, Bad, and Ugly Study,” IDC, 2009.
Download
Report
Transcript Source: “Messaging Security Survey: The Good, Bad, and Ugly Study,” IDC, 2009.
Source: “Messaging Security Survey: The Good, Bad, and Ugly Study,” IDC, 2009.
“The growth in e-mail traffic means that over the next four years, organizations will need increasingly better
defenses against all types of spam and malware… Battling spam alone is very costly – in 2009, a typical
1,000-user organization spends over $1.8 million annually to manage spam.”
— “E-mail Security Market, 2009-2013,” The Radicati Group, Inc.
… Around $8 Billion Lost to Viruses, Spyware, and Phishing… 2 million consumers have had to replace
their computers over the past two years due to software infections… 1 in 5 online consumers have been
victims of Cybercrime…
— 2009 State of the Net Survey
“As one leading financial institution told us, it routinely sees that at least 14 out of every 15 incoming emails are pure
spam”
— “Forrester Wave E-mail filtering Q2 2009,” April 2009
“Almost 60% of organizations reported spam blocking effectiveness of less than 95%”
Brian E. Burke, “Messaging Security Survey,” IDC, 2009.
—
Secure access to messaging from
virtually anywhere
Multiple locations and devices
Prevent sensitive
information from leaking
Difficulty in discovering and securing
sensitive information
Protection from
advanced threats
Financially motivated
evolving threats
Receive messaging
free of spam
Advanced spam technologies
bypassing scanners
BUSINESS Needs
Agility and Flexibility
IT Needs
Control
Help securely enable business by managing risk and empowering people
Identity
Highly Secure & Interoperable
Platform
Across on-premises & cloud
from:
Block
Cost
Siloed
to:
Enable
Value
Seamless
Business Ready Security Solutions
Secure Messaging
Secure Collaboration
Information Protection
Identity and Access Management
Secure Endpoint
Enable more secure business communication from virtually anywhere and on virtually any device, while
preventing unauthorized use of confidential information
INTEGRATE and
EXTEND security
PROTECT everywhere
ACCESS anywhere
SIMPLIFY security,
MANAGE compliance
•
Best-in-class anti-malware and antispam on-premises / in-the-cloud
•
Deep Microsoft Exchange
integration
•
Centralized Management across
on-premises and cloud
•
Protect sensitive information in email
•
Extend secure e-mail to partners
•
•
Secure, seamless access
Improved visibility across
business productivity application
security
Current Situation
Multiple Products for secure messaging
Virus threats from internal senders
Separate SMTP virus scanner to
detect and remove spam and malware
Spam Spam
Spam Spam Spam
External websites sending spam and
malware
Remote access solution w/ separate
identities
Separate gateway to detect sensitive
content
Separate gateway to enable remote
access
Internal users sending sensitive
information to partners in e-mail
Secure Messaging
Simple and easy
Internal mail protected with
Forefront Protection for Exchange
Always-on access built into platform
Malware and spam cleaning in the
cloud with FOPE
Information Protection built into the
platform
Forefront Protection 2010 for Exchange Server Summary
An easy to manage Premium Antimalware and Antispam Protection
Solution for Microsoft Exchange Server
Comprehensive
Protection
Premium Antispam protection (on
premises and in the cloud)
Integrated
Security
Intelligent engine selection
• Automated updating
Monitoring security state in real-time
• Inclusive management console with
security/protection views
Multiple Malware engine protection
against emerging threats
New:
Content and Keyword Filtering
New:
Spyware protection: MSAV
Encrypted messages scanning
Simplified
Management
Integration with Exchange 2007 and
2010/IRM
New :
Manage on premises and off premises
security policies
Fast response to security incidents
Hybrid Model
Extensibility Platform
Forefront antimalware
Forefront antispam
Transport Agent/Message API
Agent Run Time Engine (MEx)
SMTP
SMTP
Receive
Submission
Queue
Delivery
Queue
Categorizer
Recipient API
Pickup
Directory
Ex Submit
(MAPI/SMTP)
Exchange Biz Logic
AD
SMTP
Send
SMTP
Threat Management Gateway
Enterprise Network
Edge Transport
Hub Transport
Routing & Policy
External Mail
Protection Availability:
Exchange 2010
Exchange 2007 SP1
Protection 2010 for Exchange Server
Protection 2010 for Exchange Server
Mailbox
Storage of mailbox
items
Mobile phone
Unified Messaging
Voice mail &
voice access
Protection 2010 for Exchange Server
Threat Management Gateway
Web browser
Client Access
Client connectivity
Web services
Outlook (remote
user)
Phone system (PBX or
VoIP)
Line-of-business applications
Outlook (local user)
Forefront/Exchange Better Together:
Surpassing Security Expectations
Exchange 2010
Encryption
Default Intra-Org
∙
Inter-Org mTLS support
∙
IRM support
Forefront 2010
Antispam
Antivirus
Multiple Engine
Malware Detection
Premium
Unified Management
Hosted, Hybrid Protection
Functional Highlights
Exchange 2010
Connection Filtering
+ Forefront
2010
Forefront DNS Block List
Unified Management
Protocol Filtering
Backscatter Filter
Content Filtering
Benefits
• Aggregated RBL data from multiple external and internal vendors
• No configuration required
• Consolidated Connection/Sender/Recipient/Sender ID filtering for simplified
management
• Blocks NDR (backscatter) spam
Cloudmark CMAE Engine
• Option of alternative third-party content filter
• Above 99% detection rate
• No configuration required (installs with smart defaults)
Forefront True Type File
Filtering
• Real file type inspection (not just extension)
• Actionable scanning of nested files/within ZIP
Global Exception Lists
Streamlined SCL
Hybrid Model
• Single access point to sender and recipient exception lists (allow and block actions)
• Less ambiguous ratings for less false positives end to end
• Integration with Forefront™ Online Protection for Exchange
IP Block
List
DNSBL
Filter
Sender ID Filter
Sender Filter
Recipient
Filter
Backscatter Filter
Content
Filter
Junk E-mail Filter
this
Forefront Protection for Exchange Content Filter
New Content Filter:
Based on Cloudmark Authority Engine with industry-leading performance metrics
Embedded into the Forefront antispam architecture via Exchange transport agents framework
Executes in SMTP Receive pipeline
Scans MIME stream – body + headers of the message
Fingerprints-based engine
Benefits
Reduced spam and phishing penetration
Enhanced server performance
Increased IT Pro and IW productivity
Improved end user satisfaction
Protect
everywhere,
access
anywhere
Single Engine
Multiple Engines
38 times faster
An AV-Test of consumer antivirus products revealed:
Automatic
Updates
• On average,
ForefrontEngine
engine sets
provided a response in
3.1 hours or less.
• Single-engine
vendors provided
responses
On premises
or in the
cloudin 5 days, 4
days, and 6 days respectively.
99% spam detection*
* With premium antispam services
“
Source: New Solution Helps Pharmaceutical Maker Improve IT Performance and Security. Microsoft case study, June 2008. http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000002230
Forefront Protection 2010 for Exchange Server:
Multiple AV Scanning Engines Advantages
Remote Update Services
MSAV/CMAE
Directly from vendor
Redistribution
Automatic Updates
Manual Config
Forefront FPE Malware Filtering: Transport
Mail scanned only once at the Edge - saves
processing load on Hub and Mailbox
servers
I
N
T
E
R
N
E
T
Edge Server
Hub Role
Mailbox Role
SCAN and STAMP
NO SCAN
NO SCAN
Malware detected on Edge
deleted immediately
Mailbox Role
Internal mail is routed through Hub
role
Proactive scanning at the Mailbox
server (Store) is turned off by default
to save processing load on Mailbox
servers
Public Folder
Client
Forefront FPE Antimalware Scanning: Store
Forefront Antispyware Filtering
Forefront Worms Filtering
Forefront Protection 2010 for Exchange
Server: An Extension into Online Services
If server down,
E-mail queued for up to
5 days
Queue
E-mail enters the global
data center network – MX
(mail.messaging.microsoft.com)
Directory
Services
Connections from all
senders are analyzed,
Connections from
illegitimate senders are
blocked
Delivered in a flow-controlled
fashion when server is
available
Look up e-mail filtering settings for domain
Spam
SPAM prevention
Prevention
SPAM
Virus
Scanning
Policy Enforcement
Real time attack
prevention (RTAP)
Kaspersky
Custom Policy Rules
E-mail server
available?
Safe senders
Custom Spam Filter
management
Symantec
IP-based authentication
Authentium
SPAM
Protection
SPAM
Attachment and message
attribute management
Fingerprint Engines
Reputation database
Rules Based Scoring
Corporate
Network
Customer Feedback
False
+ve / -ve
SPAM
SPAM
SPAM
Content and Policy
Quarantine
SPAM Quarantine
Filtering Technique
Description
Cumulative
Effectiveness
IP addresses are added:
• thru automated feedback loops
• that identify repeat spam (30 minutes application time)
• Snowshoeing IP Address Ranges
• Manually by spam analysts, in response to observed spam
~ 95%
Community Gold Standard for IP reputation
Above 90%
Image filtering
Using Smartscreen technology
Above 99%
Fingerprinting
Using Smartscreen and fingerprint technology
• Fingerprint DB is continuously updated by spam analysts
Scoring system based on 30k active rules and a corpus of 400k rules
• Points are deducted for good mail characteristics
• Points are added for Spam characteristics
• A score of ≥ 30 qualifies as Spam
Look up e-mail filtering settings for domain
Outbound Pool
Virus
Scanning
Kaspersky
Policy Enforcement
Score < 30
Safe senders
Custom Policy Rules
NDR Pool
Custom Spam Filter
management
Symantec
Authentium
SPAM Protection
Attachment and message
attribute management
Rules Based Scoring
Score > 30
Corporate
Network
Fingerprint Engine
SEWR
Content and Policy
Quarantine
Spam Analysts
Better Together Security Summary
SIA314 |Secure Messaging: Microsoft Forefront Protection 2010 for Exchange Server
SIA316 | Behind the Spam: A Look at Botnets, Malware, and the Spammers Who Run Them
SIA04-INT |Secure Messaging: Implementing Microsoft Forefront Online Protection for Exchange Best Practices, Pitfalls and Support
SIA04-HOL | Microsoft Forefront Online Protection for Exchange Administration and Reporting
SIA10-HOL | Secure Messaging Solution: Business Ready Security with Microsoft Forefront and Active
Directory
Red SIA-1 | Microsoft Forefront Secure Messaging Solution
www.microsoft.com/teched
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn