Mark Florida Principal Program Manager Lead Microsoft Corporation Adwait Joshi (AJ) Product Marketing Manager Microsoft Corporation.
Download ReportTranscript Mark Florida Principal Program Manager Lead Microsoft Corporation Adwait Joshi (AJ) Product Marketing Manager Microsoft Corporation.
Mark Florida Principal Program Manager Lead Microsoft Corporation Adwait Joshi (AJ) Product Marketing Manager Microsoft Corporation National Interest Spy Personal Gain Thief Tools created by experts now used by less skilled attackers and criminals Trespasser Personal Fame Curiosity Fastest growing segment Vandal Script-Kiddy Author Hobbyist Hacker Expert Specialist Unified Infrastructure Reduce the cost of maintaining secure endpoints with unified management and security infrastructure Simplified Administration Single administrator experience for simplified endpoint protection and management Enhanced Protection Protect against known and unknown threats with endpoint inspection at behavior, application, and network levels Endpoint Protection Software Updates + SCUP Settings Management Exchange Connector Unified Infrastructure Easy to setup and operate the management infrastructure Simplified deployment of antimalware policies Reduce the cost of maintaining secure endpoints with unified management and security infrastructure Automated deployment of updates using ConfigMgr infrastructure Easy client install and migration CONFIGURATION MANAGER 2007 CONFIGURATION MANAGER 2012 FOREFRONT ENDPOINT PROTECTION ENDPOINT PROTECTION 2012 2010 FEP DW FEP DB EP SITE ROLE CM DB CONFIGURATION MANAGER SITE SERVER FEP EXTENSIONS EXCEL REPORTS TEMPLATE FEP DEPLOYMENT FEP OPERATIONS FEP POLICY CLIENT EP CLIENT on ConfigMgr Server FEP SERVICE SERVER Definition Catalogs MANAGEMENT POINT CM CLIENT EP DEPLOYMENT EP OPERATIONS EP POLICY Pre-Packaged EP CLIENT DISTRIBUTION POINT EP CLIENT Centralized management for AM and Firewall Policy AM and FW policy delivered as ConfigMgr policy – no package/program dependency Out of box templates Import, Export, Merge Prioritization of policies by collection Simplified UI for customizing policy Easier distribution process Automatic deployment rules within ConfigMgr software updates Minimizes WAN impact Uses distribution points and reduced definition size Ensures always up-to-date security regardless of the client location Multiple update sources (ConfigMgr, WSUS, Microsoft Update, Windows File Share) MICROSOFT UPDATE DELTA UPDATE SIZE: 50-2048 KB UPDATE FREQUENCY: 3 TIMES/DAY ON THE ROAD Fallback to online update Updates distributed through ConfigMgr, WSUS or Windows File Share Ease of client setup and deployment No separate deployment needed for endpoint protection client Endpoint Protection agent installer deployed with Configuration Manager client setup Endpoint Protection client and definitions easily integrated with OSD Flexible administrative control Administrator can force or suppress any required reboots Configurable option for automatic removal of existing AV client Easy migration from existing solutions and automatic removal of existing clients Symantec McAfee TrendMicro Forefront Client Security or Forefront Endpoint Protection Simplified Administration Single interface for client management and security Single administrator experience for simplified endpoint protection and management Improved alerting, client to admin within 5 minutes, and reporting, with real-time and user-centric data views Single interface for client management and security Dashboard integrated with ConfigMgr console Simplified cross-feature integration Quick identification and remediation of client security issues Dashboard focused on actionable events Flexibility to separate security admin role Role-based administration Access to only relevant security information Quick alerts and event notification in the console Uses high speed data channel to notify events in real time High speed data channel prioritizes EP messages in state system, and no client “wait” to send messages up Integrated monitoring for client health and antimalware status Email subscription for alerts Rich reporting on client security SQL Reporting Services-based reports on many categories User-centric reports enable identification of commonly impacted users Customizable reports simplified through database integration In administrative console selects “Run Full Scan” on a collection • • 2 A task is created MP is told that new urgent task has been requested Task = “Run Full Scan” Administrator Site Server and MP “Call is placed” • Client via this TCP connection is told there are urgent tasks to run • Client then connects to the MP to get policy • Client runs the Full Scan Task Client 1 4 “Dial tone” • Active TCP Session with the MP • Client Checking for urgent tasks All this happens within seconds 3 Enhanced Protection Comprehensive protection stack building on Windows Security Proactive protection against known and unknown threats Reduced complexity while protecting clients Protect against known and unknown threats with endpoint inspection at behavior, application, and network levels Proactive Techniques APPLICATION FILE SYSTEM Data Execution Prevention Address Space Layout Randomization Internet Explorer® 8 SmartScreen (Against Unknown Threats) User Account Control Microsoft AppLocker NETWORK System Center Endpoint Protection Windows 7 Windows Resource Protection Microsoft BitLocker DYNAMIC CLOUD UPDATES Microsoft Malware Protection Center (Against Known Threats) Dynamic Signature Service Reactive Techniques Industry-leading proactive detection Emulation based detection helps provide better protection Safe translation in a virtual environment for analysis Potential Malware Execution attempt on the system Real Time Protection Driver Intercepts Safe Translation Using DT Malware Detected Malicious File Blocked Enables faster scanning and response to threats Heuristics enable one signature to detect thousands of variants VIRTUALIZED RESOURCES Live system monitoring identifies new threats RESEARCHERS REAL-TIME SIGNATURE DELIVERY BEHAVIOR CLASSIFIERS REPUTATION Tracks behavior of unknown processes and known bad processes Multiple sensors to detect OS anomaly Microsoft Active Protection Service Updates for new threats delivered through the cloud in real time Real time signature delivery with Microsoft Active Protection Service Immediate protection against new threats without waiting for scheduled updates Properties/ Behavior 1 Sample request 2 Sample submit Real-time signature 3 4 Simple interface Minimal, high-level user interactions Administrative Control User configurability options Central policy enforcement Maintains high productivity CPU throttling during scans Faster scans through advanced caching Unify Protect Simplify Key Scenarios Forefront Endpoint Protection 2010 System Center 2012 Endpoint Protection Unified infrastructure System Center Configuration Manager 2007 System Center 2012 Configuration Manager Server setup Separate install Unified setup Client deployment ConfigMgr distribution process Integrated Signature updates Multiple sources (WSUS, File Share, Microsoft Update) Multiple sources with automatic deployment rules from ConfigMgr console Proactive protection Firewall management Role based administration New Alerts and monitoring Real time alerts Reports Additional user centric reports Launching a Windows Defender Offline Scan with Configuration Manager 2012 OSD Operating System Deployment and Endpoint Protection Client Installation Software Update Content Cleanup in System Center 2012 Configuration Manager Building Custom Endpoint Protection Reports in System Center 2012 Configuration Manager Managing Software Updates in Configuration Manager 2012 How-to-Videos Product Documentation Security and Compliance Manager – Configuration Packs http://northamerica.msteched.com www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn