David B. Cross Product Unit Manager Donny Rose Senior Program Manager Microsoft Corporation • Session Code: SIA303
Download ReportTranscript David B. Cross Product Unit Manager Donny Rose Senior Program Manager Microsoft Corporation • Session Code: SIA303
David B. Cross Product Unit Manager Donny Rose Senior Program Manager Microsoft Corporation • Session Code: SIA303 Agenda Business Ready Security TMG Value Proposition Feature Drill Down Web based malware protection URL and productivity filtering Secure web inspection Network Inspection System (NIS) Call to Action Business Ready Security Help securely enable business by managing risk and empowering people Identity Highly Secure & Interoperable Platform from: Block Cost Siloed to: Enable Value Seamless Secure Web Gateway Capabilities Web Access Protection • Edge malware protection • Malicious URL blocking • Vulnerability Protection Productivity • Blocking Non-Productive and Inappropriate web activity • Web caching and performance Network Inspection System (NIS) • Detect and block malicious attacks • Flexible vulnerability protection Management & Deployment • Reporting and Logging • System Center Integration and Monitoring • Web Access Wizard Web Access Protection Features Edge Malware Protection URL Filtering HTTPS Inspection • Scanning downloaded content • Integrated Microsoft anti-malware engine • Inspection settings per rule • URL categories and overrides • Integrated with forward proxy • URL filtering, malware scanning, NIS • End-user notifications via TMG client Edge Malware Protection Microsoft Confidential Edge Malware Protection Explained Microsoft Backend • Integrating Microsoft AM engine • Automatic engine and signature updates • Subscription based • Content delivery methods by various content features • Detects: Malware, Scripts, etc. Signatures DB Internet TMG • Source/Destination exception • Inspection options (block encrypted, nested archives, files sizes…) • Logging and reporting support Web Access Protection Features Edge Malware Protection URL Filtering HTTPS Inspection • Scanning downloaded content • Integrated Microsoft anti-malware engine • Inspection settings per rule • URL categories and overrides • Integrated with forward proxy • URL filtering, malware scanning, NIS • End-user notifications via TMG client URL Filtering Deny Access to Malicious Site Microsoft Confidential URL Filtering Explained • Categorization services provided by Microsoft Reputation Service (MRS) • 70+ built-in categories • Secured communication channel • Telemetry improves results Microsoft Data Centers MRS • Customizable deny messages, per rule • Local URL categorization cache Internet TMG End users TMG admin • • • • Policy editing URL Category override URL Category query Logging and Reporting support Web Access Protection Features Edge Malware Protection URL Filtering HTTPS Inspection • Scanning downloaded content • Integrated Microsoft anti-malware engine • Inspection settings per rule • URL categories and overrides • Integrated with forward proxy • URL filtering, malware scanning, NIS • End-user notifications via TMG client HTTPS Inspection Microsoft Confidential HTTPS Traffic Inspection • Proxy certificates generation/import and customization • Exclusion list; validate cert only option • Logging support • Deployment options (via Group Policy or via Export) Internet SIGNED BY VERISIGN SIGNED BY TMG Contoso.com Contoso.com • HTTPS client notification (via TMG Client) • Certificate validation (Revocation, Trusted, Expiration validation, ..) Network Inspection System (NIS) Closes the vulnerability window between vulnerability announcement and patch deployment Vulnerability discovered Microsoft Signature Authoring Team Signatures distribution by Microsoft Update Concurrent with security patches or in response to a 0-Day attack Granular control over deployed signatures High accuracy via telemetry System Center Management Pack Microsoft Confidential Federal State of Saxony Thomas Gutzeit Organization Profile 40,000 internal users Public sector customer Running Microsoft Proxies since Proxy2.0 participated in a few TAPs, including the TMG-TAP Usage scenarios of TMG (and UAG) Secure Web Gateway Branch Office deployments, case study for Schlösser & Gärten Several Publishing scenarios, incl. MOSS, OWA ... Based on Hardware-Appliances (SecureGuard) Topology of the Infrastructure TMG Advantages Introducing Contentfilter URL-Filtering & Edge-A/V Technically fairly easy to implement Organizational challenges (enforcing policies) UAG will replace some IAG&ISA implementations OTP-integration (using T-Systems/Telesec solution) Endpoint security for better controlled access Goal: Meeting increasing demand for mobile solutions and secure exchange with externals Summary Call-to-action Test and evaluate the new release! More than a next generation proxy: Fully integrated Web Protection solution Comprehensive Defense-in-Depth Scan, detect and mitigate malware threats Simplified Management Single console to manage policy across all technologies Comprehensive reporting and logging Resources www.microsoft.com/teched www.microsoft.com/learning Sessions On-Demand & Community Microsoft Certification & Training Resources http://microsoft.com/technet http://microsoft.com/msdn Resources for IT Professionals Resources for Developers Complete an evaluation on CommNet and enter to win an Xbox 360 Elite! © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.