Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tech Ed North America 2010 12/4/2018 8:15 AM Required Slide

Published byWilliam Sá Ferretti Modified over 6 years ago

Similar presentations

Presentation on theme: "Tech Ed North America 2010 12/4/2018 8:15 AM Required Slide"— Presentation transcript:

1 Tech Ed North America 2010 12/4/2018 8:15 AM Required Slide SESSION CODE: SIA309 Secure Endpoint: What’s in Microsoft Forefront Endpoint Protection 2010 –A Deep Dive into the Features and Protection Technologies Bill Jensen Senior Product Planner Microsoft Adwait Joshi Senior Technical Product Manager Microsoft © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda The Secure Endpoint Solution Enhanced Protection Technologies
Simplified Deployment and Management

3 Across on-premise & cloud
Business Ready Security Help securely enable business by managing risk and empowering people Protection Access Identity Protect everywhere, access anywhere Integrate and extend security across the enterprise Management Highly Secure & Interoperable Platform Simplify the security experience, manage compliance Across on-premise & cloud Block from: Enable Cost Value Siloed Seamless to:

4 Secure Endpoint Solution
Protect endpoints from emerging threats and information loss, while enabling more secure access from virtually anywhere PROTECT everywhere ACCESS anywhere INTEGRATE and EXTEND security SIMPLIFY security, MANAGE compliance Enables multi-layered anti- malware protection Protects critical data wherever it resides Provides more secure always-on access Uses existing System Center Configuration Manager infrastructure Builds on and extends Windows security Provides unified administration for desktop management and protection Increases visibility of potentially vulnerable desktops

5 Forefront Endpoint Protection 2010
Lower Cost of Deployment Built on Configuration Manager software distribution infrastructure Supports all Configuration Manager topologies including Branch Office and Non-Domain-Joined Ease of migration Deployed across various operating systems (Windows Client & Server) Be Protected and Stay Productive Protect your desktops against viruses, spyware, rootkits, and malware Productivity oriented default configuration Integrated host firewall management Backed by global Malware Research and Response Unified Desktop Management Unified management interface targeted for the desktop admin Actionable and timely alerting Simple operation-oriented policy administration Historic reporting for security administrator

6 Enhanced Protection

7 Protection Scenarios Malware Protection
Proven Microsoft Antimalware Engine Zero Day Protection Through: Behavior Monitoring Emulation Heuristics & Generics Antimalware/Rootkit Protection Windows Firewall Management Performance-Oriented Defaults Template-driven policy creation based on risk Workload-specific policies for servers I need effective yet easy experience on my PCs to protect files, information, and identity High Productivity My users just want to work w/ minimal productivity hit, in the office or on the go

8 Protect Clients Without Complexity
Simple interface Keep user interactions minimal and high-level Provide necessary interactions Admin-managed options Control user configurability Enforce central policy

9 The Protection Stack Application Layer File System Layer Network Layer
Reactive Techniques (Against Known Threats) Proactive Techniques (Against Unknown Threats) Application Layer Behavior Monitoring Behavior Monitoring Data Execution Protection Address Space Layer Randomization Windows Resource Protection File System Layer Antimalware Antimalware Dynamic Translation & Emulation Dynamic Translation & Emulation Internet Explorer 8 SmartScreen AppLocker Network Layer Windows Firewall Centralized Management Windows Firewall Centralized Management In FEP 2010 In Win7

10 Antimalware Architecture
Client UI Systray Icon WSC Integration  Real-time on-access protection Behavior Monitoring AM Engine + Sigs Rootkit Detection  System scanning and cleaning User RTP/ Minifilter  Behavior Monitoring Kernel  Reputation Services Spynet/MRS Portal Microsoft Update  Dynamic Signature Service Backend Signatures Sample Queue/ Automation  Rootkit Detection and Removal

11 Endpoint Protection Methods
New in FEP SpyNet / MRS Improved Lo-Fi Generics Behavior and Kernel Monitoring 3 2 2 Dynamic Signature Service Real-time Protection Behavior Monitoring Events 1 4 Generics / Heuristics Advanced Remediation Before Malware Runs After Malware Runs Scheduled / On Demand Scans Response Portal

12 Dynamic Translation (DT)
Potential malware Safe translation HANDLE hFile; hFile = CreateFile(L"NewVirus.exe", GENERIC_WRITE, 0, NULL, CREATE_NEW, FILE_ATTRIBUTE_HIDDEN, NULL); ... push h push offset string L"NewVirus.exe” call dword ptr cmp esi,esp call dword ptr [DT_CreateFile] DT Real Resources Virtualized Resources DT translates code that accesses real resources (unsafe) into code that accesses virtualized resources (safe). DT runs the translated program on the real CPU – very fast.

13 Dynamic Signature Service
Low-Fidelity Signatures New class of generics looks for suspicious characteristics as behavior is emulated with dynamic translation Queries reputation service about ‘interesting’ files If the file is known bad, a new signature is delivered in real-time to the client requesting it Balances signature distribution time/cost with need for real-time updates Admins must choose to opt-in to use this feature Real-Time Signature Delivery Behavior Classifiers Researchers Reputation SpyNet / MRS Properties / Behavior Sample Req Sample Submit Real-time Signature Client

14 Simplified Deployment and Management

15 Management Scenarios Keep Protected
I need to centrally monitor FEP deployment, push missing updates and fix configuration issues Converged System Management Simple Centralized Policy Critical Level Alerting Security admin-oriented Reporting Desired Configuration Manager (DCM)-based Vulnerability Assessments Report Compliance Show me last month trend of protection compliance Alert on Outbreak Alert me on emerging threats before they affect productivity

16 Building Endpoint Protection On Configuration Manager 2007
Central Site Uses existing Configuration Manager 2007 infrastructure No new servers Integrated console Supports SP2/R2 and later Simple install process Installs on root site, deploys to hierarchy Discover Configuration Manager roles and attach FEP roles and context (or allow separate installs) Automatically creates additional components (FEP distribution packages, DCM baselines) Creates new reporting database FEP Primary Site Primary Site Primary Site

17 Client Distribution and Deployment
Configuration Manager software distribution Detects and removes incompatible applications Signature Distribution Configuration Manager Software Updates Management Also supports: Microsoft Update Point to fileshare

18 Forefront Endpoint Protection & Configuration Manager Integration
Configuration Manager Console FEP UI Configuration Manager Server Configuration Manager Agent Event log Forefront Endpoint Protection 2010 Configuration Manager Software Distribution Registry Configuration Manager Reporting DCM WMI FEP Reports Managed Computer Configuration Manager DB FEP Reporting DB Configuration Manager FEP

19 Control Policy Where You Feel Comfortable
Configuration Manager Operationalized interface Provides logging, reporting, status Group Policy Allows server admins to manage directly Reporting and logging through System Center interface FEP Client FW AM Events Status, tasks Policy Update Registry Event Log WMI WSUS GP Configuration Manager

20 Check client protection status
Fix client security problems in Configuration Manager Dashboard view of status Drill down to see affected computers to remediate within Configuration Manager Receive alerts on outbreaks

21 Track Historic Security Compliance
Provides security policy compliance tracking for security organization Security-specific information store for historical reporting

22 Extending Endpoint Protection to Servers
Server-Centric View in OpsMgr Predefined settings optimized per server workload Server security and availability tasks Service Level Objectives reports integrated with OpsMgr 2007 R2 Real-Time Monitoring and Alerting for Critical Systems

23 Forefront Endpoint Protection 2010 CTP2
12/4/2018 8:15 AM Forefront Endpoint Protection 2010 CTP2 demo © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Forefront Endpoint Protection: The Road Ahead
FEP 2010 FEP vNext Deeper integration with Configuration Manager High priority information channel for security incidents Role-based and scope-based access controls for security admins Heterogeneous support for Mac and Linux Customer Technical Preview (CTP2): See demo at Forefront booth (Expo Hall) Beta: Q3 2010 RTM: H2 2010 Ops Mgr Mgmt Pack: H1 2011

25 Key Takeaways Convergence of endpoint protection and client management will: Lower deployment cost via shared infrastructure and common technologies Enhance endpoint protection through single console for configuration Increase visibility through a single pane of glass

26 Related Content Required Slide
Speakers, please list the Breakout Sessions, Interactive Sessions, Labs and Demo Stations that are related to your session. Tech Ed North America 2010 12/4/2018 8:15 AM Related Content SIA320 |Business Ready Security: Protecting Endpoints from Advanced Threats with Microsoft's Secure Endpoint Solution SIA301 |Secure Endpoint: DirectAccess and Microsoft Forefront Unified Access Gateway 2010, the Complete Remote Access Solution SIA308 | Secure Endpoint: Advanced Protection from Dynamic Threats, a Microsoft Forefront Threat Management Gateway 2010 Deep Dive SIA309 |Secure Endpoint: What’s in Microsoft Forefront Endpoint Protection A Deep Dive into the Features and Protection Technologies SIA325 | Secure Endpoint:  Virtualizing Microsoft Forefront Threat Management Gateway (TMG)  SIA02-INT | Secure Endpoint: Planning DirectAccess Deployment with Microsoft Forefront Unified Access Gateway SIA07-INT | Secure Endpoint: Architecting Forefront Endpoint Protection 2010 on Microsoft System Center Configuration Manager SIA05-HOL | Microsoft Forefront Threat Management Gateway Overview SIA09-HOL | Secure Endpoint Solution: Business Ready Security with Microsoft Forefront and Active Directory SIA11-HOL | Microsoft Forefront Unified Access Gateway (UAG) and Direct Access: Better Together Red SIA-3 | Microsoft Forefront Secure Endpoint Solution © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Track Resources Learn more about our solutions: Try our products:
Try our products:

28 Resources Learning Required Slide www.microsoft.com/teched
Tech Ed North America 2010 12/4/2018 8:15 AM Required Slide Resources Learning Sessions On-Demand & Community Microsoft Certification & Training Resources Resources for IT Professionals Resources for Developers © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Complete an evaluation on CommNet and enter to win!
Tech Ed North America 2010 12/4/2018 8:15 AM Required Slide Complete an evaluation on CommNet and enter to win! © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st
You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year

31 Tech Ed North America 2010 12/4/2018 8:15 AM
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Required Slide Tech Ed North America 2010 12/4/2018 8:15 AM
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Tech Ed North America 2010 12/4/2018 8:15 AM Required Slide"

Similar presentations

SIM317 Built on top of Microsoft ® System Center Configuration ManagerBuilt on top of Microsoft ® System Center Configuration Manager Supports all.

SIM317 Built on top of Microsoft ® System Center Configuration ManagerBuilt on top of Microsoft ® System Center Configuration Manager Supports all.
Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.

Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.
Tech·Ed North America /19/2017 7:21 AM

Tech·Ed North America /19/2017 7:21 AM
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.

MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.
John “JG” Chirapurath Director, Identity & Security BG Microsoft SIA-205 Business Ready Security.

John “JG” Chirapurath Director, Identity & Security BG Microsoft SIA-205 Business Ready Security.
Jim Harrison Program Manager, Forefront TMG Microsoft Corporation SESSION CODE: SIA325.

Jim Harrison Program Manager, Forefront TMG Microsoft Corporation SESSION CODE: SIA325.
Tim Rains Group Product Manager Microsoft Session Code: SIA101.

Tim Rains Group Product Manager Microsoft Session Code: SIA101.
Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.

Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA303 Donny Rose Senior Program Manager.

David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA303 Donny Rose Senior Program Manager.
Microsoft Virtual Academy. Microsoft Virtual Academy First HalfSecond Half (01) Introduction to Microsoft Virtualization(05) Hyper-V Management (02) Hyper-V.

Microsoft Virtual Academy. Microsoft Virtual Academy First HalfSecond Half (01) Introduction to Microsoft Virtualization(05) Hyper-V Management (02) Hyper-V.
Tech Ed North America 2010 5/18/2018 1:18 PM Required Slide

Tech Ed North America /18/2018 1:18 PM Required Slide
Microsoft Virtual Academy

Microsoft Virtual Academy
Deployment Internals: Mastering Windows Deployment Services

Deployment Internals: Mastering Windows Deployment Services
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Tech·Ed  North America 2009 6/11/ :01 AM SESSION CODE: DEV405

Tech·Ed  North America /11/ :01 AM SESSION CODE: DEV405
Microsoft Ignite /31/ :08 AM

Microsoft Ignite /31/ :08 AM
TechReady12 8/1/2018 SIM337 Integrating the Microsoft System Center Stack for Process Compliance and Automation Shitanshu Verma Lead Operations Manager.

TechReady12 8/1/2018 SIM337 Integrating the Microsoft System Center Stack for Process Compliance and Automation Shitanshu Verma Lead Operations Manager.
Threat Management Gateway

Threat Management Gateway
Opalis and Service Manager: IT Automation & Compliance

Opalis and Service Manager: IT Automation & Compliance

Similar presentations

Ads by Google