Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual techdays INDIA │ 18-20 august 2010 Threat Management Gateway 2010 – A Deep Dive Anirudh Singh Rautela │ TSP – Security, Microsoft Corporation.

Published byColeen Short Modified over 9 years ago

Similar presentations

Presentation on theme: "Virtual techdays INDIA │ 18-20 august 2010 Threat Management Gateway 2010 – A Deep Dive Anirudh Singh Rautela │ TSP – Security, Microsoft Corporation."— Presentation transcript:

1 virtual techdays INDIA │ 18-20 august 2010 Threat Management Gateway 2010 – A Deep Dive Anirudh Singh Rautela │ TSP – Security, Microsoft Corporation

2  The Web Security Challenge  New Features Drill down  Safe Web Experience  Malware Protection  URL Filtering  Network Inspection System  Summary  6 layers & Threat Protection  Value Proposition  The last mile!  Deployment Scenarios virtual techdays INDIA │ 18-20 august 2010 S E S S I O N A G E N D A

3 virtual techdays INDIA │ 18-20 august 2010 The Web Security Challenge Internet MalwareMalware PhishingPhishing Compromised Sites Drive-by Script Employees using the Web cannot differentiate between safe and unsafe sitesEmployees using the Web cannot differentiate between safe and unsafe sites Businesses currently must purchase several non-integrated products and attempt to integrate them to protect the endpoint from the WebBusinesses currently must purchase several non-integrated products and attempt to integrate them to protect the endpoint from the Web Employees using the Web cannot differentiate between safe and unsafe sitesEmployees using the Web cannot differentiate between safe and unsafe sites Businesses currently must purchase several non-integrated products and attempt to integrate them to protect the endpoint from the WebBusinesses currently must purchase several non-integrated products and attempt to integrate them to protect the endpoint from the Web Attacks Other Emerging Threats

4 virtual techdays INDIA │ 18-20 august 2010 VoIP traversal (SIP) Enhanced NAT ISP Link Redundancy Firewall HTTP Anti- virus/spyware URL Filtering HTTPS forward inspection Secure Web Access Exchange Edge/FSE integration Anti-Virus Anti-spam E-mail Protection Network Inspection System (NIS) Intrusion Prevention NAP integration with VPN role SSTP support Remote Access Array Management Scenario UI & Wizards Change tracking Enhanced reporting W2K8, native 64-bit Deployment & Management Update Center : HTTP: AV+URL Filtering Email: AV+Anti- Spam NIS signatures Subscription Services The New Features

5 virtual techdays INDIA │ 18-20 august 2010 DEMO: Peek at the new TMG UI

6 virtual techdays INDIA │ 18-20 august 2010 …a safe web experience Download scanning of files Integrated Microsoft AV/AM engine Inspection settings per rule Malware inspection URL category sets and exclusions Integrated with forward proxy URL filtering URL filtering, malware scanning and IPS protection Firewall client notification to end users HTTPS inspection Vulnerability based Signatures Zero-Day Protection GAPABased on G eneric A pplication P rotocol A nalyzer Network Inspection System

7 virtual techdays INDIA │ 18-20 august 2010 Advanced Malware Protection at the Edge Microsoft Backend Internet TMG admin

8 virtual techdays INDIA │ 18-20 august 2010 DEMO: TMG Antimalware protection UI Tour!

9 virtual techdays INDIA │ 18-20 august 2010 Microsoft Reputation Service MRS Success factors: Always available Globally scaled/ FT architecture Multi-layered dynamic caching (On-Premise + Service) Always fast 4-tier architecture Requests/ responses packaged at protocol-level Always right Inheritance logic for object and category hierarchy Objects “resolved” from multiple sources Source weighting Objects acquired based on prevalence, telemetry

10 virtual techdays INDIA │ 18-20 august 2010 Data Import Content Generation Content Delivery Logical Architecture Import Raw Data Processing Create Deliver Reputation Publish Object Resolution Data – merge, correlate, Infer Web Service Always on Always Fast URLs mapped to standard category taxonomy Sources “weighted” on import URL Data Provider TelemetryTelemetry Differentiator Partner Data Microsoft Data URL Data Provider

11 virtual techdays INDIA │ 18-20 august 2010 Category Support

12 virtual techdays INDIA │ 18-20 august 2010 DEMO: URL Filtering UI Tour!

13 virtual techdays INDIA │ 18-20 august 2010 Using NIS for IPS Detect and prevent known vulnerability-based attack attempts on Edge Same day availability of the patch and NIS signature Closes the vulnerability window which is needed for patch testing\deployment: Patches need to be tested more thoroughly Customer acceptance (similar to AV updates) Vulnerability found Signature authoring team TMG Host IPS Host /WO IPS Host IPS

14 virtual techdays INDIA │ 18-20 august 2010 Defining IPS (Intrusion Prevention System) Allow Known Good Block Known Bad Block Unknown Bad Execution Level Application Control Resource Shielding Behavioral Containment Application Level Application and System hardening AVApplication Inspection Network Level Host FirewallAttack-Facing Network Inspection Vulnerability- Facing Network Inspection NISNIS Host-Based Intrusion Prevention Systems (HIPS) – Gartner 2007

15 virtual techdays INDIA │ 18-20 august 2010 Malware exploiting MS08-067 Worm:Win32/Conficker.A Worm:Win32/Conficker.B TrojanSpy:Win32/Gimmiv.A TrojanSpy:Win32/Arpoc.A Trojan:Win32/Wecorl.A Trojan:Win32/Clort.A Trojan:Win32/Wecorl.B Backdoor:Win32/IRCbot.BH Backdoor:Win32/Mocbot.AF Many more…

16 virtual techdays INDIA │ 18-20 august 2010 DEMO: Intrusion Prevention System UI Tour!

17 virtual techdays INDIA │ 18-20 august 2010 6 Layers of Security: Forefront TMG Architecture  Unifies inspection technologies to:  Protect against multi-channel threats  Simplify deployment  Keeps security up to date with updates to:  Web antimalware  URL filtering  Network Inspection System Hardening Tools for Windows Server 2008 Application Layer Proxy Network Inspection System (IPS) Web Antimalware URL Filtering HTTPS Inspection

18 virtual techdays INDIA │ 18-20 august 2010 Advanced Threat Protection Coverage for Streaming and Content-based traffic Zero-day and Variant Protection Generic and Specific Signatures Protocol Analysis Heuristic Granular control of Web traffic Extensible as new threats appear

19 virtual techdays INDIA │ 18-20 august 2010 What does TMG bring to the table? Control Network Policy Access at the Edge (Firewall) Protect users from Web browsing threats (Web Client Protection) Protect users from E-mail threats (Email Protection) Protect desktops and servers from Intrusion attempts (NIPS) Enable Users to Remotely Access Corporate Resources (VPN, Secure Web Publishing) Simplified Management (Deployment) ComprehensiveIntegrated Simplified

20 virtual techdays INDIA │ 18-20 august 2010 …the last mile

21 virtual techdays INDIA │ 18-20 august 2010 Safest tool to browse the Internet!!! NSS Labs Q1 2010 - http://www.nsslabs.com/browser-security http://nsslabs.com/test-reports/NSSLabs_Q12010_GTRBrowserSEM_FINAL.pdf...the Last Mile…

22 virtual techdays INDIA │ 18-20 august 2010 TMG Deployment Scenarios All-in-one solution for medium businesses and for branch offices Firewall, Proxy, VPN, IPS, Email relay in a single box Unified Threat Management (UTM) Authenticating proxy with security Web Anti Virus and URL filtering Inspection of HTTP and HTTPS traffic Secure Web Gateway Dial-in VPN Site to site VPN Secure Web Publishing Remote Access Gateway Anti Spam Anti Virus Email Filtering Secure Email Relay

23 virtual techdays INDIA │ 18-20 august 2010 Forefront TMG in the Branch Web Proxy & Cache Featuring Anti-Virus Anti-Virus URL Filtering URL Filtering HTTPS Inspection HTTPS Inspection Network Intrusion Inspection Network Intrusion Inspection Web Proxy & Cache Featuring Anti-Virus Anti-Virus URL Filtering URL Filtering HTTPS Inspection HTTPS Inspection Network Intrusion Inspection Network Intrusion Inspection Site to Site VPN Windows Server 2008 R2: Single Host for TMG & BranchCache (Hosted Cache) Windows Server 2008 R2: Single Host for TMG & BranchCache (Hosted Cache)

24 virtual techdays INDIA │ 18-20 august 2010 Network firewall Application firewall Internet access protection (proxy) Basic OWA & SharePoint publishing IPSec VPN (remote & site-to-site) Web caching, HTTP compression Web anti-virus, anti malware URL filtering Email anti-malware, anti-spam Network intrusion prevention TMG Feature Summary ISA 2006 TMG 2010 New New New New Integration with codename “Stirling” New Enhanced UI, management, reporting New Exchange publishing (RPC over HTTP) Windows Server 2008, 64-Bit (only) New

25 virtual techdays THANKS │ 18-20 august 2010 anirudhr@microsoft.com

Download ppt "Virtual techdays INDIA │ 18-20 august 2010 Threat Management Gateway 2010 – A Deep Dive Anirudh Singh Rautela │ TSP – Security, Microsoft Corporation."

Similar presentations

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Forefront Threat Management Gateway 2010

Forefront Threat Management Gateway 2010
Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.

Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.
Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.

Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.
What's new in Threat Management Gateway (TMG) 2010 Ronald Beekelaar

What's new in Threat Management Gateway (TMG) 2010 Ronald Beekelaar
David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA403 Donny Rose Senior Program Manager.

David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA403 Donny Rose Senior Program Manager.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
Kako povečati varnost omrežja s Forefront TMG Jože Markič, Kompas Xnet d.o.o.

Kako povečati varnost omrežja s Forefront TMG Jože Markič, Kompas Xnet d.o.o.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Barracuda Networks Confidential 1 Barracuda Web Filter Overview 1 Barracuda Networks Confidential11 Barracuda Web Filter Overview.

Barracuda Networks Confidential 1 Barracuda Web Filter Overview 1 Barracuda Networks Confidential11 Barracuda Web Filter Overview.

Similar presentations

Ads by Google