1. Building an Integrated Security System Microsoft Forefront code name “Stirling”
Ravi Sankar
Technology Evangelist | Microsoft

2. Agenda Security and Access Challenges Forefront Today
Forefront Codename “Stirling”
Comprehensive Protection
Simplified Management
Critical Visibility
Demo
Q&A

3. Security And Access Challenges
Security challenges
Difficult to
Manage and Deploy
Escalating Threats
Fragmented Security
More advanced
Increased volume
Profit motivated
Many point products
Poor interoperability
Lack of integration
Multiple consoles
Uncoordinated reports
Complex and costly
Access Challenges
Traditional VPNs Inadequate
Difficult to
Enforce Policies
Growing Mobility
More users
More locations/devices
Intranet/Extranet access
Full connectivity is risky
Poor apps integration
Lack of scalability
Changing legal rules
Changing business rules
Limited granularity

4. A comprehensive line of business security products that helps you gain greater protection and secure access through deep integration and simplified management
Client And Server OS
Server Applications
Network Edge

5. Management And Visibility
An Integrated
Security System
Management And Visibility
Dynamic Response
vNext
Client And Server OS
Server Applications
Network Edge

6. Simplified Management Critical Visibility Comprehensive Protection
An Integrated Security System that delivers comprehensive, coordinated protection with simplified management and critical visibility across clients, servers, and the network edge
Comprehensive
Protection
Integrated protection across clients, server and edge
Dynamic responses to emerging threats
Next generation protection technologies
Simplified
Management
Manage from a single role-based console
Asset and policy centric model
Integrates with your existing infrastructure
Critical
Visibility
Know your security state in real-time
View insightful reports
Investigate and remediate security issues

7. Comprehensive Protection 1/3/2019 10:35 AM
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8. Comprehensive Protection Integrated security system
1/3/ :35 AM
Comprehensive Protection Integrated security system
Silo’d Best of Breed Solutions are not enough
Customers do this today and still have security issues
Manual coordination is difficult and often incomplete
Expensive and difficult to understand if “I’m secure”
Stirling and Dynamic Response are the answer
Layered Protection across the organization
Protection technologies that work together
Protection technologies that share security state information
Protection technologies that take action together
Customers need an
Integrated Security System
Stirling’s protection technologies work together to better protect customers
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9. Zero Day Scenario Today WEB Hours Desktop Network Admin Admin
Phone
Desktop
Admin
Network
Admin
Manual: Disconnect the Computer
DNS Reverse
Lookup
Edge Protection
Log
Edge
Protection
Client Security
WEB
Manual: Launch a scan
Client Event
Log
Malicious Web Site
DEMO-CLT1
Andy

10. FCS identifies Andy has logged on to DEMO-CLT1
Zero Day Scenario
With Stirling and Dynamic Response
Security Assessments Channel
2-3 min
Network
Admin
Security
Admin
Desktop
Admin
Compromised
Computer DEMO-CLT1
High Fidelity
High Severity
Expire: Wed
Compromised
User: Andy
Low Fidelity
High Severity
Expire: Wed
TMG identifies malware on DEMO-CLT1 computer attempting to propagate (Port Scan)
FCS identifies Andy has logged on to DEMO-CLT1
Alert
Forefront
TMG
Stirling Core
Client Security
Scan Computer
Forefront Server for:
Exchange,
SharePoint
OCS
WEB
NAP
Active Directory
Quarantine
Block IM
Malicious Web Site
Reset Account
Block
DEMO-CLT1
Andy

11. Enterprise Security Stirling Today Monitoring Detection Protection
Dynamic Response
Today
Monitoring
Low visibility on enterprise security
Standard channel for security information
Detection
High rates of false positive/negative
Share contextual Information
Protection
Manual enterprise wide response
Automatic response
and shield up
Investigation
Too much or
too little data
Efficient and focused investigation
Stirling delivers:
Better Protection - Faster Response - Lower Cost

12. Stirling Protection Technologies
Dynamic Response
Information Sharing
Coordinated Defense
Adaptive Investigation
vNext
vNext
NEW
Antivirus
Antispyware
Exchange Protection
Firewall
Host Firewall
Content Filtering
Web AV
NAP Integration
vNext
Remote Access
Vulnerability Assessment & Remediation
SharPoint Protection
Content Filtering
And More…

13. Simplified Management 1/3/2019 10:35 AM
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14. Security Management Today
1/3/ :35 AM
Security Management Today
Server Application Protection
Vulnerability Assessment
Endpoint Protection
Network Edge
Management Console
Management Console
Management Console
Console
Reporting Console
Reporting Console
Reporting Console
Jumping between consoles waste time
Each console has its own policy paradigm
Product’s are in silos with no integration
Lack of integration with infrastructure generate inefficiencies
Difficult to know if solutions are protecting from emerging threats
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15. Simplified Management With Stirling Protect your business with greater efficiency
One console for simplified, role-based security management
Define one security policy for your assets across protection technologies
Deploy signatures, policies and software quickly
Integrates with your existing infrastructure: SCOM, SQL, WSUS, AD, NAP, SCCM

16. Critical Visibility And Control 1/3/2019 10:35 AM
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17. Critical Visibility And Control Know where action is required
Know your security state
View insightful reports
Investigate and remediate security risks

18. DEMO
Stirling Beta 1

19. Roadmap Integrated Security System Client and Server OS Server
H1 2008
H2 2008
H1 2009
Integrated
Security System
BETA
NEW
Codename “Stirling”
Client and Server OS
NEXT
NEXT
Server
Applications
NEXT
NEW
NEW
Network Edge
NEW

20. Summary
Stirling is an Integrated Enterprise Security System that delivers comprehensive, coordinated protection with simplified management and critical visibility across clients, servers, and the network edge
Dynamic, coordinated responses to threats
Focus on protecting assets
Manage security, not security products
Coherent and meaningful reports

21. Next Steps Become experts in existing Forefront products
Install Stirling Beta
Give us feedback!

22. Q & A