Microsoft System Center 2012 Endpoint Protection Overview 11/18/2018 6:39 AM MGT310 Microsoft System Center 2012 Endpoint Protection Overview Mark Florida Principal Program Manager Lead Microsoft Corporation Adwait Joshi (AJ) Product Marketing Manager Microsoft Corporation © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Session Objectives And Takeaways TechReady 14 11/18/2018 Session Objectives And Takeaways Session Objectives: The evolution of malware Overview of System Center 2012 Endpoint Protection Demos on EP client installation and management+security Overview of the Endpoint Protection client © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
The Evolution Of Malware In 1991, 1000 known threats, in 2001 there were 60,000 Today there are millions, and it’s growing every day Sophistication and production rates continue to evolve Anybody can do it—full malware suites available online Your stuff is worth money, and they want it!
Nefarious Personas National Interest Personal Gain Personal Fame Curiosity Spy Fastest growing segment Thief Tools created by experts now used by less skilled attackers and criminals Trespasser Vandal Author Script-Kiddy Hobbyist Hacker Expert Specialist
Unified Infrastructure Simplified Administration System Center 2012 Endpoint Protection Next generation of Forefront Endpoint Protection 2010 Unified Infrastructure Reduce the cost of maintaining secure endpoints with unified management and security infrastructure Simplified Administration Single administrator experience for simplified endpoint protection and management Enhanced Protection Protect against known and unknown threats with endpoint inspection at behavior, application, and network levels
Mgmt + Security In Configuration Manager 2012 OSD Exchange Connector Settings Management Software Updates + SCUP Endpoint Protection SWD
System Center 2012 Endpoint Protection Unified Infrastructure Reduce the cost of maintaining secure endpoints with unified management and security infrastructure Easy to setup and operate the management infrastructure Simplified deployment of antimalware policies Automated deployment of updates using ConfigMgr infrastructure Easy client install and migration
Infrastructure Changes from FEP 2010 CONFIGURATION MANAGER 2007 FOREFRONT ENDPOINT PROTECTION 2010 CONFIGURATION MANAGER 2012 ENDPOINT PROTECTION 2012 Definition Catalogs FEP SERVICE EP CLIENT on ConfigMgr Server EP SITE ROLE SERVER CLIENT MANAGEMENT POINT CM CLIENT FEP DW FEP DB CM DB EP DEPLOYMENT EP OPERATIONS EP POLICY Pre-Packaged EP CLIENT CONFIGURATION MANAGER SITE SERVER FEP EXTENSIONS FEP DEPLOYMENT FEP OPERATIONS FEP POLICY DISTRIBUTION POINT EP CLIENT EXCEL TEMPLATE REPORTS
Simplified Deployment of AM Policies Centralized management for AM and Firewall Policy AM and FW policy delivered as ConfigMgr policy – no package/program dependency Out of box templates Import, Export, Merge Prioritization of policies by collection Simplified UI for customizing policy
Signature Update Distribution Easier distribution process Automatic deployment rules within ConfigMgr software updates Minimizes WAN impact Uses distribution points and reduced definition size Ensures always up-to-date security regardless of the client location Multiple update sources (ConfigMgr, WSUS, Microsoft Update, Windows File Share) Corporate Network MICROSOFT UPDATE Delta update size: 50-2048 KB Update Frequency: 3 times/day Updates distributed through ConfigMgr, WSUS or Windows File Share ON THE ROAD Fallback to online update
Simplified Client Setup Ease of client setup and deployment No separate deployment needed for endpoint protection client Endpoint Protection agent installer deployed with Configuration Manager client setup Endpoint Protection client and definitions easily integrated with OSD Flexible administrative control Administrator can force or suppress any required reboots Configurable option for automatic removal of existing AV client Easy migration from existing solutions and automatic removal of existing clients Symantec McAfee TrendMicro Forefront Client Security or Forefront Endpoint Protection Client Installation Flow EP agent installer deployed with ConfigMgr Client EP enabled in the console- EP installation starts on the device Signature update Configure Policy EP client install Silent removal of third-party products
Client Deployment
System Center 2012 Endpoint Protection Simplified Administration Single administrator experience for simplified endpoint protection and management Single interface for client management and security Improved alerting, client to admin within 5 minutes, and reporting, with real-time and user-centric data views
Single Interface For Management And Security Single interface for client management and security Dashboard integrated with ConfigMgr console Simplified cross-feature integration Quick identification and remediation of client security issues Dashboard focused on actionable events Flexibility to separate security admin role Role-based administration Access to only relevant security information
Monitoring Client Security Quick alerts and event notification in the console Uses high speed data channel to notify events in real time High speed data channel prioritizes EP messages in state system, and no client “wait” to send messages up Integrated monitoring for client health and antimalware status Email subscription for alerts
Rich Reporting And Analysis Rich reporting on client security SQL Reporting Services-based reports on many categories User-centric reports enable identification of commonly impacted users Customizable reports simplified through database integration
Management and Real-time Monitoring
System Center 2012 Endpoint Protection SP1 What’s new in SP1 System Center 2012 Endpoint Protection SP1 Automatically deploy definition update 3 times per day Category based scan from client to WSUS Delta syncs between SUP and WSUS Real-time administrative actions: Run Definition Updates Run Quick Scan Run Full Scan Allow threats Exclude paths and/or files Restore files quarantined by threat Client side merge of antimalware policies
Real-time Administrative Actions What’s new in SP1 Real-time Administrative Actions Task = “Run Full Scan” A task is created MP is told that new urgent task has been requested 3 2 In administrative console selects “Run Full Scan” on a collection Administrator Site Server and MP “Dial tone” Active TCP Session with the MP Client Checking for urgent tasks 1 “Call is placed” Client via this TCP connection is told there are urgent tasks to run Client then connects to the MP to get policy Client runs the Full Scan Task 4 All this happens within seconds Client
Real-time Administrative Actions in Endpoint Protection SP1
System Center 2012 Endpoint Protection Enhanced Protection Protect against known and unknown threats with endpoint inspection at behavior, application, and network levels Comprehensive protection stack building on Windows Security Proactive protection against known and unknown threats Reduced complexity while protecting clients
Comprehensive Protection Stack Building on Windows Platform security Reactive Techniques (Against Known Threats) Proactive Techniques (Against Unknown Threats) DYNAMIC CLOUD UPDATES Behavior Monitoring APPLICATION Data Execution Prevention Address Space Layout Randomization User Account Control Windows Resource Protection Antimalware Dynamic Translation and Emulation FILE SYSTEM Internet Explorer® 8 SmartScreen Microsoft AppLocker Microsoft BitLocker Dynamic Signature Service Microsoft Malware Protection Center Vulnerability Shielding (Network Inspection System) NETWORK Windows Firewall Centralized Management System Center Endpoint Protection Windows 7
Dynamic Translation With Heuristics Industry-leading proactive detection Emulation based detection helps provide better protection Safe translation in a virtual environment for analysis Enables faster scanning and response to threats Heuristics enable one signature to detect thousands of variants Potential Malware Execution attempt on the system Real Time Protection Driver Intercepts Safe Translation Using DT Malware Detected Malicious File Blocked VIRTUALIZED RESOURCES
Behavior Monitoring And Dynamic Signatures Live system monitoring identifies new threats Tracks behavior of unknown processes and known bad processes Multiple sensors to detect OS anomaly Updates for new threats delivered through the cloud in real time Real time signature delivery with Microsoft Active Protection Service Immediate protection against new threats without waiting for scheduled updates RESEARCHERS REAL-TIME SIGNATURE DELIVERY BEHAVIOR CLASSIFIERS REPUTATION Microsoft Active Protection Service Properties/ Behavior Sample request Sample submit Real-time signature 1 2 3 4
Best Usability 2011 – AV Test
Protect Clients With Reduced Complexity Simple interface Minimal, high-level user interactions Administrative Control User configurability options Central policy enforcement Maintains high productivity CPU throttling during scans Faster scans through advanced caching
Heterogeneous Antimalware Clients What’s new in SP1 Heterogeneous Antimalware Clients Features: Anti-virus and Anti-malware support Machines connect directly to internet service for security content Client UI for user visibility and control SCOM monitoring pack for Linux with management control Platforms: Apple Mac (10.6-10.7). Linux Server: Redhat Enterprise 6 SuSE Linux 11
Summary Key Scenarios Forefront Endpoint Protection 2010 System Center 2012 Endpoint Protection Unified infrastructure System Center Configuration Manager 2007 System Center 2012 Configuration Manager Server setup Separate install Unified setup Client deployment ConfigMgr distribution process Integrated Signature updates Multiple sources (WSUS, File Share, Microsoft Update) Multiple sources with automatic deployment rules from ConfigMgr console Proactive protection Firewall management Role based administration New Alerts and monitoring Real time alerts Reports Additional user centric reports Unify Protect Simplify
Online Resources Launching a Windows Defender Offline Scan with Configuration Manager 2012 OSD Operating System Deployment and Endpoint Protection Client Installation Software Update Content Cleanup in System Center 2012 Configuration Manager Building Custom Endpoint Protection Reports in System Center 2012 Configuration Manager Managing Software Updates in Configuration Manager 2012 How-to-Videos Product Documentation Security and Compliance Manager – Configuration Packs
Related Content Breakout Sessions MGT309 | Microsoft System Center 2012 Configuration Manager Overview MGT311 | Microsoft System Center 2012 Configuration Manager Deployment and Infrastructure Technical Overview MGT312 | Deep Application Management with Microsoft System Center 2012 Configuration Manager MGT313 | Microsoft System Center 2012 Configuration Manager: Plan, Deploy, and Migrate from Configuration Manager 2007 to 2012 MGT318 | Patch and Settings Management in Microsoft System Center 2012 Configuration Manager WCL388 | Client Management Scenarios in the Windows 8 Timeframe
Related Content Hands-on Labs: MGT23-HOL | Deploying Windows 7 to Bare Metal Systems with Microsoft System Center 2012 Configuration Manager MGT24-HOL | Implementing Endpoint Protection 2012 in Microsoft System Center 2012 Configuration Manager MGT12-HOL | Compliance and Settings Management in Microsoft System Center 2012 Configuration Manager MGT25-HOL | Deep Dive: Microsoft System Center 2012 Configuration Manager SQL Replication Labs MGT21-HOL | Basic Software Distribution in Microsoft System Center 2012 Configuration Manager MGT16-HOL | Migrating from Microsoft System Center Configuration Manager 2007 to System Center 2012 Configuration Manager MGT14-HOL | Implementing Role Based Administration in Microsoft System Center 2012 Configuration Manager MGT15-HOL | Deploying a Microsoft System Center 2012 Configuration Manager Hierarchy MGT11-HOL | Introduction to Microsoft System Center 2012 Configuration Manager
MGT Track Resources DOWNLOAD System Center 2012 Evaluation #TEMGT310 Talk to our Experts at the TLC Hands-On Labs DOWNLOAD System Center 2012 Evaluation microsoft.com/systemcenter DOWNLOAD System Center 2012 SP1 CTP microsoft.com/systemcenter
Resources Learning TechNet http://europe.msteched.com Connect. Share. Discuss. http://europe.msteched.com Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn
Submit your evals online 11/18/2018 6:39 AM Evaluations Submit your evals online http://europe.msteched.com/sessions © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
11/18/2018 6:39 AM © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
11/18/2018 6:39 AM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.