Forefront for Exchange On-Premises Exchange Deployment Planning Services Agenda • • • • Forefront Protection [for Office] Overview Forefront Online Protection for Exchange Forefront Protection 2010 for Exchange Exchange.
Download ReportTranscript Forefront for Exchange On-Premises Exchange Deployment Planning Services Agenda • • • • Forefront Protection [for Office] Overview Forefront Online Protection for Exchange Forefront Protection 2010 for Exchange Exchange.
Forefront for Exchange On-Premises Exchange Deployment Planning Services Agenda • • • • Forefront Protection [for Office] Overview Forefront Online Protection for Exchange Forefront Protection 2010 for Exchange Exchange Hosted Encryption Forefront Protection [for Office] Overview The Need For Cost-Effective Email Protection Protection against spam, viruses, and phishing attacks Reducing IT costs More than 95% of all email is spam; spam hinders worker productivity Spam increases bandwidth costs and administrative overhead Email viruses and malware are constantly evolving Organizations want business-class protection at an affordable price Spear-phishing attacks are becoming increasingly more sophisticated Constrained budgets force organizations to do more with existing hardware and software Loss of customer or employee data results in legal and reputational issues Cost-effective email protection is a necessity Forefront Products for Exchange Microsoft offers three security products that work seamlessly with Exchange Forefront Online Protection for Exchange (FOPE) A cloud-based protection service that helps stop email threats before they reach the network with no hardware or software to install or maintain Exchange Hosted Encryption (EHE) An add-on service for FOPE that provides convenient, easy-to-use e-mail encryption to help safely deliver sensitive business communications Forefront Protection 2010 for Exchange Server (FPE) An on-premises solution designed to provide inbound, outbound, and internal protection against spam, viruses, phishing attacks, and to help secure sensitive business communications Gartner Magic Quadrant for Secure Email Gateways -- Gartner, Inc. Magic Quadrant for Secure Email Gateways, Peter Firstbrook, Eric Ouellet, August, 2011. • • The Gartner Magic Quadrant is copyrighted by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Microsoft. Benefits Microsoft Forefront products for Exchange help safeguard your inbound, outbound, and internal business email from spam, viruses, and phishing attacks; secure your sensitive business information; and help you manage costs and complexity. Secure Messaging Manage IT Costs Multi-layered / multi-engine protection against email threats FOPE helps reduces bandwidth costs by eliminating email threats before they reach your network Email encryption to secure sensitive business communication 24x7 technical support at no additional cost Five financially backed SLAs Intuitive self-service tools for end users Microsoft is a recognized leader in email and email security FOPE filters 1B messages for 10M users, worldwide, everyday Delivered through cost-effective licensing suites Monthly subscription-based payment model Optimized for Exchange Optimize detection without compromising performance Works with Active Directory to provide RMS capabilities Single console to simplify multiproduct administration Protect against internal threats by deploying FPE on-premises Multi-Layered Anti-Spam Protection Filtering based on connection, sender, recipient and content for best results 1 Connection Filtering Blocks up to 80% of all spam based on IP block/allow lists. Connection Filtering 2 Sender-Recipient Filtering Blocks up to 15% of all spam based on internal lists and sender reputation. 3 Content Filtering Blocks up to 5% of all spam based on internal lists and heuristics. Sender-Recipient Filtering Content Filtering Administrator Quarantine User Junk Email Folder User Inbox Multiple, market-leading anti-malware engines • • FOPE & FPE each run multiple engines simultaneously on any scan job Most up-to-date engine automatically selected for optimal performance A B Internet C Exchange Server & Exchange Online The Multiple Engine Advantage Response time1 (in hours) WildList Number • Rapid response to new threats • Fail-safe protection through redundancy • Diversity of antivirus engines and heuristics Less than 5 hours 5 to 24 hours More than 24 hours 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 1/2011 Malware Name agent!itw162.ex_ autoit!itw155.ex_ autoit!itw156.ex_ autoit!itw157.ex_ autoit!itw158.ex_ autorun!itw708.ex_ autorun!itw794.ex_ autorun!itw799.ex_ autorun!itw946.ex_ autorun!itw947.ex_ autorun!itw948.ex_ autorun!itw949.ex_ autorun!itw950.ex_ autorun!itw951.ex_ autorun!itw952.ex_ autorun!itw953.ex_ autorun!itw954.ex_ autorun!itw955.ex_ bybz!itw25.ex_ conficker!itw1.dl_ cossta!itw2.ex_ cossta!itw3.ex_ cycbot!itw18.ex_ dogrobot!itw17.ex_ gamania!itw33.ex_ hakaglan!itw1.ex_ ircbot!itw633.ex_ ** 0.00 denotes proactive detection 1 Source: AV-Test.org January 2011 (www.av-test.org) Single-engine solutions Forefront Engines 4.68 4.27 0.43 4.68 0.43 0.43 0.43 0.43 4.68 89.43 0.43 4.68 125.43 4.68 4.68 4.68 0.43 4.68 810.52 0.43 0.43 4.68 0.10 0.43 0.43 0.43 0.43 Vendor A 39.52 182.93 39.52 3599.10 39.52 39.52 39.52 39.52 3599.10 255.68 39.52 39.52 199.85 39.52 3599.10 39.52 39.52 39.52 927.77 39.52 39.52 39.52 55.68 39.52 39.52 39.52 39.52 Vendor B 3599.10 3598.68 2.60 721.18 2.60 2.60 2.60 2.60 3599.10 146.85 2.60 2.60 3135.52 2.60 3599.10 3599.10 2.60 3599.10 1010.18 2.60 2.60 3599.10 257.43 2.60 2.60 2.60 2.60 Vendor C 91.35 3598.68 5.43 5.43 5.43 5.43 5.43 5.43 5.43 173.10 5.43 5.43 3135.52 5.43 5.43 5.43 5.43 3599.10 796.60 5.43 5.43 5.43 123.77 5.43 5.43 5.43 5.43 Customer Testimonials International Speedway Corporation – Reduced spam incidents by 25% and avoided costs of more than $120,000 Clifford Chance – one of the largest law firms in the world saw a 59% reduction in infrastructure costs; 20–30 mail gateways down to 4 Johnstons of Elgin – stopping over one million messages a day and reducing bandwidth by 1.5 gigabytes (GBs) Edinburgh Napier University – 93% reduction in administration burden; 85% spam reduction over the previous solution Sunbelt Rentals – reduced help-desk calls, saved IT management time, improved productivity, and reduced costs over the previous solution Forefront Online Protection for Exchange Forefront Online Protection for Exchange Multilayer spam and virus protection and policy enforcement External Senders/ Recipients Corporate Network Legitimate Email Junk Email Exchange Server Outbound Filtered Email Edge Blocking Antivirus Policy * Encryption Anti-spam Inbound Filtered Email Active FOPE Directory Directory Synchronization Tool Automatic Spooling Messaging Administrator Administrator Console About 90% of Email is junk * Requires additional Exchange Hosted Encryption License Employees End User Quarantine Also incorporates technology from… FOPE Core Product Capabilities Connection Filtering • Connection Analysis (IP-based edge blocks) • Reputation Analysis AntiVirus • Protect businesses from receiving email–borne viruses and other malicious code with scan engines and heuristic detection • Multiple engine support Anti-Spam • Anti-spam filter can detect all types of spam before they reach the corporate network • NDR Backscatter Support Policy • Policy rules to regulate email flow for compliance • Policy-based encryption (for EHE subscribers) • Enhanced RegEx support FOPE Implementation Scenarios Office 365 Standalone • Every Exchange Online (BPOS)/Office 365 customer is a FOPE customer! • Protect on-premises or hosted email implementations • Is server agnostic • Protect on-premises Exchange Hybrid Protection servers and integrates FPE/FOPE policies (On-prem/Cloud Policies) FOPE Service Level Agreement (SLAs) • Five financially backed SLAs attest to a high quality of service Spam and Virus Filtering Effectiveness Filtering Network Performance 100% Known Virus Protection Network Uptime > 99.999% > 98% Spam Detection < 1:250,000 False Positive Ratio Rapid Email Delivery (Average delivery commitment of less than 1 minute) FOPE Admin Center • • Run real-time reports on: • • • Customize spam settings • • • Spam filtering Virus detection Email traffic Org-level safe/blocked senders Configure policy filtering Perform message tracking FOPE Connectors: Flexibility and control in mail routing • • • • Route outbound email through on-premises servers or DLP appliances Force TLS for secure B2B communication Bypass spam filters for trusted partners And much, much more… Forced TLS DLP appliance FOPE Connector Architecture Inbound Connector Source IP Source Domain Reject non Source IP Destination domain (controls email sent to your domain) Opportunistic TLS Opportunistic TLS Forced TLS Connection Forced TLS Smart host Spam MX Policy Outbound Smart Host scenario INTERNET contoso.com FOPE From: [email protected] To: [email protected] • • FOPE routes outbound email to smart host for custom mail process or delivery Virus scanning is performed by FPE for Exchange Online mailboxes Value Proposition EXCHANGE ONLINE • • • service.contoso.com Use DLP or encryption appliances from third parties Perform custom processing or address rewrite Maintain “total mail control” during coexistence (inbound and outbound mail is all routed through on-prem server Forced TLS Business Partner FOPE Opportunistic TLS is on by default for Office 365 customers (no action is required to enable it) woodgrovebank.com • • • • TLS can be forced for inbound connections, outbound connections, or both FOPE attempts to set up a TLS connection If TLS cannot be established, email is not sent/received Virus scanning is performed by FPE for Exchange Online mailboxes Forced TLS can be configured using the methods shown here Value Proposition • Maintain secure and EXCHANGE ONLINE • contoso.com trusted communication channel with partners Avoid email interception/ eavesdropping Inbound Safe Listing scenario Safe-listed Partner fabrikam.com FOPE From: [email protected] To: [email protected] • • • • Inbound mail is filtered by FOPE IP filtering is skipped for trusted domains Optionally, also skip spam and policy filtering Virus scanning is performed by FPE for Exchange Online mailboxes Value Proposition • EXCHANGE ONLINE contoso.com Reduce the chance of false positives (legitimate email from trusted partner being flagged as spam) Controlling Email Flow with FOPE Policies Policy Enforcement Scope Match Take Action … Apply the policy to one or all domains Words and phrases in the subject and body Reject message Indicate when a rule is to expire, if at all Apply to Inbound or Outbound messages Message size Allow message Create text or HTML e-mail disclaimers or footers Attachment types Quarantine message for review Add a description Number of recipients Redirect message to an alternate recipient Notify sender, recipient, or administrator Sender and recipient addresses and domains Deliver message with BCC IP address or domain name Force TLS Encrypt message (requires EHE) FOPE Directory Synchronization Tool • • • • Communicates with your Active Directory and Exchange Server to build an address list for FOPE Collects and shares safe senders, as defined by end users Reduce the risk of false positives Free download: http://go.microsoft.com/fwlink/?LinkId=153911 My Reports tab 4 Available Reports • Email Traffic Report • Top Viruses Report • Deferral Report • Top Users Report Enable scheduled report delivery: emails the report on a one time, weekly, or monthly basis Message Trace subtab Search for specific messages by: • Sender • Recipient • Date • Message ID Results will tell you: • • • • If and when the message was received by FOPE Whether the message was scanned, blocked, or deleted Whether the message was delivered successfully Whether the message hit a policy rule Audit Trail subtab Sort events by • Email address of logged on user • Company • Domain • Activity • Date and time Filter results and search for events to narrow your search Junk Mail Management (cont.) • • Traditional FOPE quarantine can be used instead of the integrated Outlook experience Admins will have SSO access to Quarantine, but users do not Professional Support • • • • • • • Premier Support customers should go thru Premier Support channels 24x7 Support included in FOPE contract Phone: 1-866-291-7726 Web Portal: https://admin.messaging.microsoft.com/Support.mvc/OaspLink FOPE Support Service Description: http://www.microsoft.com/download/en/details.aspx?id=26803 “Get Help Now” link in Admin Center − New ticket creation with a Severity C − Ability to view incident history from portal directly Localized support available in 5 languages − English, French, German, Japanese, and Spanish Forefront Protection 2010 for Exchange Server FPE: Industry-Leading Performance • • West Coast Labs: − Spam Catch Rate above 99% − Premium Anti-spam certification Virus Bulletin: Continuous Live Spam Catch Rate above 99%: − 99.77% (September 2009) − 99.46% (November 2009) − 99.32% (January 2010) − 99.86% (March 2010) − 99.93% (May 2010) − 99.96% (July 2010) Forefront Protection 2010 for Exchange Server Enterprise Network Edge Transport Hub Transport Routing & Policy External Mail Mailbox Storage of mailbox items Protection Availability: • Exchange 2010 • Exchange 2007 SP1 Unified Messaging Voice mail & voice access Mobile phone Client Access Web browser Client connectivity Web services Outlook (remote user) Phone system (PBX or VOIP) Line of business applications Outlook (local user) Scanning Capabilities • • • • Transport scan − Scans email messages that are inbound or outbound from an Exchange Transport stack and all internal mail Realtime scan − Scans email messages and attachments that are accessed in mailboxes and public folders on your Exchange server Scheduled scan − Similar to Realtime scanning, scanning occurs in the Exchange information store. Scheduled scans are typically used to scan the entire information store On-demand scan − Typically used to immediately scan specific mailboxes to localize a known issue Scanning & Architecture Strategy • • For maximum protection, deploy FPE on all Exchange Server roles To optimize server performance, implement a scanning strategy using one or more of the following tips: − Antimalware stamp ensures a message is scanned only once − Enable anti-spam scanning on the Edge Transport servers and disable on Hub Transport and Mailbox servers − Use different scan engines on different servers − Deploy both Edge Transport and Hub Transport servers − FPE will scan and stamp inbound mail on the Edge server − FPE will scan and stamp outbound mail on the Hub Transport server − Internal mail is scanned and stamped on the Hub Transport server FPE Anti-spam Functional Highlights Exchange 2010 Connection Filtering Protocol Filtering Content Filtering + FPE Benefits Forefront DNS Block List • Aggregated RBL data from multiple external and internal vendors • No configuration required Unified Management • Consolidated Connection/Sender/Recipient/Sender ID filtering for simplified management Backscatter Filter • Blocks NDR (backscatter) spam Cloudmark CMAE Engine • Option of alternative 3rd party content filter • Above 99% detection rate • No configuration required (installs with smart defaults) Forefront True Type File Filtering • Real file type inspection (not just extension) • Actionable scanning of nested files/within ZIP Global Exception Lists • Single access point to sender and recipient exception lists (allow and block actions) Streamlined SCL • Less ambiguous ratings for less false positives end to end Hybrid Model • Integration with Forefront Online Protection for Exchange Keyword Filtering • • • • • Searches the message body for matches to keywords in selected lists Can be imported from an existing file Can filter phrases Supports operators: AND, OR, NOT Actions: SkipDetect, Delete, Suspend File Filtering • Filter by name, type, or size − *.exe, *.doc, *>10mb • Filters can be combinations of size, name, and type − <photo1.jpg>10mb, *.mp3>5mb, *>10mb • • Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM, and BAT Actions: SkipDetect, Suspend (Realtime), Delete (Scheduled/OnDemand) Container behavior (zip, rar, etc.) • Forefront scans within ZIP and other compressed formats and deletes only the offending file Custom deletion text EXE DOC BMP JPG Container file before scan Filter Rules: Delete *.exe Quarantine EXE Quarantine TXT DOC BMP JPG Container file after scan Exchange Hosted Encryption Exchange Hosted Services Encryption GLOBAL DATA CENTER NETWORK SECURE REPLY VIA ZDM TLS ENCRYPTED EMAIL • • • Send encrypted email to any recipient without prior setup Encryption is performed via policy rules and enforced in the FOPE cloud Identity-Based Encryption (IBE) uses email address as ID for public key − • • • EHE saves public keys so users should use strong passwords as their credentials No cost for recipient non-licensed user All replies and forwards remain encrypted for any mail recipient Encrypted emails are not saved by EHE Zero Download Manager • • • • Recipients use a secure, web-based decryption provided by the Zero Download Manager (ZDM) ZDM is an HTML attachment that contains encrypted messages in encoded form When a user clicks to access the message, the encrypted message is sent back to EHE via POST method No software installed on sender/recipient machines FOPE Encryption Prerequisites • • • • • Requires FOPE EHE is purchased separately from FOPE Administrator of domain is expected to set policy rules for encryption Policy rules can trigger based on • • • • • • Specific Header values Keywords in Subject Keywords in body Sender address Recipient address Attachment type Email encryption can be triggered by information workers • Specify keyword in subject line What is Identity Based Encryption (IBE)? • • • IBE is a form of Asymmetric Encryption All Entities have a Public and Private Key Pair In IBE • • • A Key Server has a master public and private key pair Anyone can derive a user’s Public key from the email address (eliminates need for prior key establishment) and encrypt messages A Key Server decrypts messages with the user’s private key How IBE Works – Simplified Instance Send message back to EHE for Decryption Get the Public Key EHE Server 1. Requests Alice’s public key 2. Alice’s public key is returned bob@contosocorp. com Encrypt message using Public Key 3. Send Alice the encrypted mail 4. Send the message for decryption [email protected] m Mail Flow within FOPE EHE Key Servers EHE Secure Gateway Email from Customer 1. Email from Customer Standard AV/ Spam filtering Windows Mail Host Message Switch Outbound Exchange Mail Flow within FOPE (cont.) EHE Key Servers Create encrypted email 3. Create encrypted mail EHE Secure Gateway 1. Email from Customer Windows Mail Host Message Switch 2. Evaluate policy Outbound Exchange Should email be encrypted? Mail Flow within FOPE (cont.) EHE Key Servers 3. Create encrypted mail EHE Secure Gateway 1. Email from Customer Windows Mail Host Message Switch 2. Evaluate policy Outbound Exchange Route Encrypted email out