slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security Management and Protection: What's in Microsoft Forefront Client Security Version 2 PowerPoint Presentation
Download Presentation
Security Management and Protection: What's in Microsoft Forefront Client Security Version 2

Loading in 2 Seconds...

play fullscreen
1 / 31

Security Management and Protection: What's in Microsoft Forefront Client Security Version 2 - PowerPoint PPT Presentation


  • 231 Views
  • Uploaded on

Security Management and Protection: What's in Microsoft Forefront Client Security Version 2. Jayesh Mowjee Security Consultant Microsoft Session Code: SIA203. Session Objectives And Takeaways. Session Objectives: Understand the capabilities of FCSv2

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security Management and Protection: What's in Microsoft Forefront Client Security Version 2' - Jimmy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security management and protection what s in microsoft forefront client security version 2

Security Management and Protection: What's in Microsoft Forefront Client Security Version 2

Jayesh Mowjee

Security Consultant

Microsoft

Session Code: SIA203

session objectives and takeaways
Session Objectives And Takeaways
  • Session Objectives:
    • Understand the capabilities of FCSv2
    • Know how FCSv2 protects endpoints against threats
    • Plan an FCSv2 deployment
  • Key Takeaways:
    • FCSv2 provides comprehensive endpoint protection
    • FCSv2 is part of Forefront codename: “Stirling”
agenda
Agenda
  • Forefront Today
  • Forefront Client Security v2
    • Unified Protection
    • Simplified Administration
    • Visibility and Control
    • Enterprise Ready
  • Question and Answer
business ready security help securely enable business by managing risk and empowering people
Business Ready SecurityHelp securely enable business by managing risk and empowering people

Integrate and extend

security across

the enterprise

Protect everywhere,

access anywhere

Protection

Access

Identity

Management

Highly Secure & Interoperable Platform

Simplify the security experience,

manage compliance

from:

to:

Block

Enable

Cost

Value

Siloed

Seamless

slide6

Comprehensive line of business security products that helps you gain greater protection and secure access through deep integration and simplified management

Server Applications

Client & Server OS

Network Edge

slide7

Comprehensive protection for business desktops, laptops and server operating systems that is easier to manage and control

Comprehensive

Protection

Unified endpoint security that integrates anti-malware, host firewall and more

Coordinated protection with Forefront codename: “Stirling”

Inspection, threat mitigation and remediation

Simplified

Administration

Manage from a single role-based console

Integrates with existing Microsoft infrastructure

Easy discovery and deployment of protection for endpoints

Visibility and

Control

One dashboard for visibility into threats, vulnerabilities, and configuration risks

Increased visibility into endpoint security with vulnerability assessment scanning

comprehensive protection forefront client security v2
Comprehensive ProtectionForefront Client Security v2

Vulnerability Remediation

Proactive

Reduce attack surface of vulnerabilities

Network Access

Protection

  • Limit exposure from vulnerable clients

Host Firewall

Restrict what applications can do

Vulnerability

Assessment

Scan for vulnerabilities and configuration exposures

Behavior

Monitoring

  • Monitor suspicious processes

Antivirus/

Antispyware

Block, remove and clean malicious software

Reactive

antivirus antispyware building on fcs v1
Antivirus – AntispywareBuilding on FCS v1

In recent tests, Microsoft rated among the leaders in anti-virus protection

AVTest.org

(Sept 2008)

AVTest.org

(March 2008)

AVComparatives

(Feb 2008)

Received AVComparatives Advanced Certification

Test of consumer anti-virus products using a malware sample covering approximately the last three years.

Test based on more than 1 million malware samples

Test based on more than 1 million malware samples

FCS Awards and Certifications

antivirus antispyware building on fcs v111
Integrated anti-virus/anti-spyware agent delivering real-time protection

Uses Windows Filter Manager

Maintains stable operation

Scans viruses and spyware in real-time

Dynamic Translation

Unique to Microsoft agent

Maximizes scanning speed: Decryption and code emulation of malware with speed of native code execution

Other protection features:

Tunneling signatures for detecting and removing rootkits

Advanced system cleaning: Customized remediation (recreating registry entries, restoring settings)

Event Flood Protection: Shields reporting infrastructure during outbreak from infected clients

Heuristics for classifying programs based on behavior

Antivirus – AntispywareBuilding on FCS v1
  • Better malware detection
  • Multiple technologies for malware protection
  • Greater stability of client environment
  • Faster malware scanning conducted in real-time
antivirus antispyware building on fcs v112

The FCS agent efficiently uses system resources, scans quickly, and detects malware effectively

Antivirus – AntispywareBuilding on FCS v1

60%+ less CPU usage

7% less CPU

14x faster at boot time

2x faster

2x faster in quick scans

5x faster in full scans

Sources: West Coast Labs, AVTest.org, Performance benchmarking study conducted by West Coast Labs.

vulnerability management proactively reduce the surface area
Vulnerability ManagementProactively reduce the surface area

Detect common vulnerabilities and missing security updates

Discover misconfiguration exposures

Configure security checks parameter

New checks include: IE Security Setting, DEP, IIS Setting, and more…

  • Compare system configuration against security best practices
  • Assign score based on associated risk
  • Surface issues found across the enterprise in real time
  • Automatically remediate based on policy
  • Integrate with NAP for compliance enforcement
  • Remotely remediate from the management console

NEW

network access protection
Network Access Protection
  • Up-to-date Protection: ensures that all clients have the latest definitions & host protection policy
  • Compliance Enforcement: enables administrators to enforce their corporate security policy and protect the network from non-compliant and vulnerable clients
  • Outbreak Containment: protects the network from clients with active malware infections
  • Network Eviction: enables administrators to protect the network from suspicious and potentially compromised clients
host firewall
Host Firewall

Firewall Management: centralized management of the Windows Firewall

  • Windows XP/2003, Windows Vista/2008, and Windows 7
  • Support Inbound and Outbound Filtering
  • Configure Firewall Exceptions for Ports, Applications, and Services
  • Configure Network Location Profiles for Roaming Users

Centralized Visibility: Firewall State in the Enterprise

  • Sensors for Security Incident Detection
  • Activity Monitoring
  • Statistics
forefront code name stirling
Forefront Code Name "Stirling"

Anintegrated security suite that deliverscomprehensive protection across endpoint, application servers, and the edge that is easier to manage and control

Code Name “Stirling”

Central Management Server

Unified Management

In-Depth Investigation

Enterprise-Wide Visibility

Security Assessment Sharing (SAS)

Client &Server OS

Network Edge

Server Applications

Third-Party Partner

Solutions

Other Microsoft Solutions

Active Directory

NAP

simplified administration with stirling protect your business with greater efficiency
Simplified Administration With StirlingProtect your business with greater efficiency

FCSv2 is managed through “Stirling”

  • One console for simplified, role-based security management
  • Define one security policy for your assets across protection technologies
  • Deploy signatures, policies and software quickly
  • Integrates with your existing infrastructure: SQL, WSUS, AD, NAP, SCCM, SCOM (new & existing)
integration with your infrastructure
Integration With Your Infrastructure

Required Infrastructure

POLICY

POLICY

Microsoft

Update

REPORTS

(OR ALTERNATE SYSTEM)

EVENTS

GROUPS

Network Access

Protection (NAP)

(OR ALTERNATE SYSTEMS)

SIGNATURE, UPDATES

CORE INFRASTRUCTURE

Forefront Client Security, Forefront Security for Exchange Server,

Forefront Security for SharePoint, Forefront Threat Management Gateway

INTEGRATION INFRASTRUCTURE

deployment and scalability
Deployment and Scalability

250 – 2,500 Assets

An asset is a computer with one of the Stirling protection technologies (FCS, FSE, FSSP and/or TMG)

1

1

1

2

1

1

1

1

1

4

Up to 25,000 Assets

Stirling Server Roles

Stirling Core

Stirling Console

Stirling Core

SCOM (RMS)

SQL Reporting Server

WSUS

Stirling Console

Stirling SQL DB

Stirling SQL DB

SCOM SQL DB

SQL Reporting DB

SCOM Root Management Server(RMS)

SCOM SQL DB

Scaling Up…

Stirling Console

Stirling Core

SQL Reporting Server

SQL Reporting Server

Stirling SQL DB

SQL Reporting DB

SQL Reporting DB

Per 20,000 Assets

Per 25,000 Assets

Software/Signature Deploymente.g. WSUS or SCCM

SCOM RMS

WSUS

+

SCOM SQL DB

(TYPICALLY ALREADY DEPLOYED BEFORE STIRLING)

critical visibility and control know where action is required
Critical Visibility and ControlKnow where action is required
  • Know your security state
  • View insightful reports
  • Investigate and remediate security risks
critical visibility and control take action to remediate issues
Critical Visibility and ControlTake action to remediate issues
  • FCSv2 Tasks:
    • Update signatures
    • AM quick/full Scan
    • Vulnerability scan
    • Install missing updates
    • Vulnerability remediation
    • Network eviction
    • Reboot computer
  • Integrated With Dynamic Response
enhanced enterprise capabilities forefront client security
Microsoft ConfidentialEnhanced Enterprise CapabilitiesForefront Client Security
  • Scale to the largest enterprises
  • Role-based Administration
  • Virtualized Deployments
  • Clustering and High Availability Deployments
  • Support for both domain and non-domain joined assets
  • Protection for Windows Server Roles
  • Native NAP Integration
platform support
Platform Support
  • Client Agents
    • Windows XP, Windows Vista, Windows 7
    • Windows 2003, Windows 2008
    • Virtual machines (MSFT virtual machine technology only)
    • Non-domain joined machines
    • Windows Embedded, WEPOS
  • Server Infrastructure
    • Windows Server 2003, Windows 2008 (x64 only)
    • SQL Server 2008 Standard or Enterprise
    • Will support installation of server infrastructure on virtual machines (MSFT virtual machine technology only)
    • Will support clustered environments for high availability
summary
Summary

Forefront Client Security v2 provides unified protection

for endpoints (desktops, laptops and servers)

that is easier to manage and control

  • Built on FCS v1 strong foundations
  • Offers greater protection
    • Integrated with “Stirling”
      • Centralized management
      • Comprehensive, insightful reports
    • Enterprise Ready
resources
Resources
  • www.microsoft.com/teched

Sessions On-Demand & Community

  • www.microsoft.com/learning
  • Microsoft Certification & Training Resources
  • http://microsoft.com/technet
    • Resources for IT Professionals
  • http://microsoft.com/msdn

Resources for Developers

slide31

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.