Protect endpoints from advanced threats Financially motivated evolving threats Enable secure access to resources from anywhere Wide range of users and devices Protect sensitive data on endpoints Easily accessible.
Download ReportTranscript Protect endpoints from advanced threats Financially motivated evolving threats Enable secure access to resources from anywhere Wide range of users and devices Protect sensitive data on endpoints Easily accessible.
Protect endpoints from advanced threats Financially motivated evolving threats Enable secure access to resources from anywhere Wide range of users and devices Protect sensitive data on endpoints Easily accessible sensitive data on multiple devices Reduce security management costs Multiple vendors and complex management Attacks Getting More Sophisticated Crime On The Rise Traditional defenses are inadequate Financial Motivation Largest segment by $ spent on defense Largest area by $ lost National Interest Spy Fastest growing segment Thief Personal Gain Trespasser Personal Fame User GUI Applications Drivers O/S Vandal Curiosity Script-Kiddy Largest area by volume Hardware Author Examples Web based exploits Phishing/Social engineering Spyware Rootkits Application attacks Physical Amateur Expert Specialist Wide variety of malware Phishing Sites Trends in the last year Targeting social networking and financial sites 100% 80% Social Networking Sites 60% Online Services 40% E-Commerce Sites 20% Financial Sites 0% Jul-09 Aug-09 Sep-09 Oct-09 Nov-09 Dec-09 Source: Microsoft Security Intelligence Report Source: Microsoft Security Intelligence Report Help securely enable business by managing risk and empowering people Identity Highly Secure & Interoperable Platform Across on-premises & cloud from: Block Cost Siloed to: Enable Value Seamless Protect endpoints from emerging threats and information loss, while enabling more secure access from virtually anywhere INTEGRATE and EXTEND security PROTECT everywhere ACCESS anywhere • Enables multi-layered antimalware protection • Protects critical data wherever it resides • Provides more secure always-on access • Uses existing System Center Configuration Manager infrastructure • Builds on and extends Windows security SIMPLIFY security, MANAGE compliance • Provides unified administration for desktop management and protection • Increases visibility of potentially vulnerable desktops Secure Access DirectAccess Unified Access Gateway 2010 Network Access Protection (NAP) IPv6 IPsec Information Protection Active Directory Rights Management Services (RMS) Encrypting File System (EFS) BitLocker & BitLocker to go Device Control Malware Protection Protection from web based threats at the edge Forefront Threat Management Gateway 2010 Advanced anti-malware on the desktop Forefront Endpoint Protection 2010 Desktop Firewall Application Control (AppLocker) Comprehensive Web Security Next Generation of ISA Server • Enables employees to safely use the Internet without worrying about malware and other threats. • Includes and improves proven network protection technologies of ISA 2006 Malware inspection URL filtering HTTPS inspection Network Inspection System • Download scanning of files • Integrated Microsoft AV/AM engine • Inspection settings per rule • URL category sets and exclusions • Integrated with forward proxy • URL filtering, malware scanning and IPS protection • Firewall Client notification to end users • Protection against vulnerability exploits • Protocol analysis Machines without host antivirus (AV) Host AV not up to date Centralized monitoring Content policy enforcement •Content delivery methods by various content features • Detects: Malware, Scripts, etc. 2 3 7 4 1 5 Proxy Engine 6 • Integrating Microsoft AM engine • Automatic engine and signature updates • Subscription based Malware Inspection Filter Signatures DB • Source/Destination exception • Inspection options (block encrypted, nested archives, files sizes…) • Logging and reporting support Classify Evaluate Enforce Report • Categorization services provided by Microsoft Reputation Service (MRS) • 84 built-in categories • Secured communication channel • Subscription based • Customizable, per-rule, deny messages End users TMG admin • • • • • Policy editing URL Category override URL Category query Logging and Reporting support Web Access Wizard Integration iFilter Marshal 8e6 Bright Cloud What lies within this encrypted tunnel? • • • • • Deployment options (via Group Policy or via Export) Proxy certificates generation/import and customization Exclusion list, validate only option Logging Support Web Access Wizard integration Internet SIGNED BY VERISIGN SIGNED BY TMG Contoso.com Contoso.com • Client notifications about HTTPS inspection (via TMG Client) • Certificate validation (Revocation, Trusted, Expiration validation, ...) Vulnerability found Signature authoring team vulnerability-based and 21 Design Time Protocol Parsers Compiler Signatures Microsoft Update Run Time NIS Engine Telemetry & Portal Forefront Endpoint Protection 2010 provides enhanced endpoint protection and simplified management while greatly reducing infrastructure costs HELP PROTECT everywhere • Proven Microsoft Antimalware Engine • Zero Day Protection Through: • Behavior Monitoring • Emulation • Heuristics & Generics • Antimalware/Rootkit Protection • Windows Firewall Management • Performance-Oriented Defaults • Template-driven policy creation based on risk • Workload-specific policies for servers INTEGRATE and EXTEND security • Built on System Center Configuration Manager 2007 R2 • Enterprise Deployment • Upgrade from FCS v1 • Detection & removal of existing endpoint protection solutions • Large-scale client roll-out through Configuration Manager • Extended Topologies • Non-domain-joined PCs • Branch office topologies • Standalone (‘unmanaged’) SIMPLIFY security MANAGEMENT experience • Converged System Management • Simple Centralized Policy • Critical Level Alerting • Security admin-oriented Reporting • Desired Configuration Manager (DCM)-based Vulnerability Assessments DFSP DSS BHO kBTR SM AR FFR KSL RTP NIS BM ORP DS DCFG MOAC RIM Firewall & Configuration Management Real-time Protection Generics and Heuristics Browser Protection Anti-rootkit Behavior Monitoring Dynamic Signature Service Malware Response Samples Endpoint Before malware runs 1. Known malware: blocked. Some new malware: blocked by generics. GOAL: Continue to provide highquality protection & Cover more attack vectors. MMPC Signatures After malware runs 2. Remaining new malware: samples sent to MMPC for analysis. New signatures delivered to customers. GOAL: Shrink customer “window of vulnerability” by discovering new threats and delivering signatures faster Real-time Protection Anti-rootkit Malware Response Generics and Heuristic Behavior Behavior Monitoring Dynamic Signature Service Browser Protection Microsoft Confidential Real-Time Signature Delivery Behavior Classifiers Reputation Researchers Client Real-time Signature Sample Submit Sample Req Properties / Behavior SpyNet / MRS FEP Central Site Primary Site Primary Site Primary Site Configuration Manager Console FEP UI Event log Configuration Manager Software Distribution Configuration Manager Reporting Configuration Manager Server DCM Configuration Manager Agent Registry WMI FEP Reports Managed Computer Configuration Manager DB FEP Reporting DB Configuration Manager FEP Forefront Endpoint Protection 2010 Learn more & try our solutions at: www.microsoft.com/forefront SIA320 |Business Ready Security: Protecting Endpoints from Advanced Threats with Microsoft's Secure Endpoint Solution SIA301 |Secure Endpoint: DirectAccess and Microsoft Forefront Unified Access Gateway 2010, the Complete Remote Access Solution SIA308 | Secure Endpoint: Advanced Protection from Dynamic Threats, a Microsoft Forefront Threat Management Gateway 2010 Deep Dive SIA309 |Secure Endpoint: What’s in Microsoft Forefront Endpoint Protection 2010 - A Deep Dive into the Features and Protection Technologies SIA325 | Secure Endpoint: Virtualizing Microsoft Forefront Threat Management Gateway (TMG) SIA02-INT | Secure Endpoint: Planning DirectAccess Deployment with Microsoft Forefront Unified Access Gateway SIA07-INT | Secure Endpoint: Architecting Forefront Endpoint Protection 2010 on Microsoft System Center Configuration Manager SIA05-HOL | Microsoft Forefront Threat Management Gateway Overview SIA09-HOL | Secure Endpoint Solution: Business Ready Security with Microsoft Forefront and Active Directory SIA11-HOL | Microsoft Forefront Unified Access Gateway (UAG) and Direct Access: Better Together Red SIA-3 | Microsoft Forefront Secure Endpoint Solution Learn more about our solutions: http://www.microsoft.com/forefront Try our products: http://www.microsoft.com/forefront/trial www.microsoft.com/teched www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year