Presentation is loading. Please wait.

Presentation is loading. Please wait.

Alex Nikolayev Program Manager Identity and Security Division Microsoft Corporation SESSION CODE: SIA324 Cristian Mora Product Manager Identity and Security.

Published byEaster Cunningham Modified over 9 years ago

Similar presentations

Presentation on theme: "Alex Nikolayev Program Manager Identity and Security Division Microsoft Corporation SESSION CODE: SIA324 Cristian Mora Product Manager Identity and Security."— Presentation transcript:

1 Alex Nikolayev Program Manager Identity and Security Division Microsoft Corporation SESSION CODE: SIA324 Cristian Mora Product Manager Identity and Security Division Microsoft Corporation

2

3 Source: “Messaging Security Survey: The Good, Bad, and Ugly Study,” IDC, 2009.

4 “The growth in e-mail traffic means that over the next four years, organizations will need increasingly better defenses against all types of spam and malware… Battling spam alone is very costly – in 2009, a typical 1,000-user organization spends over $1.8 million annually to manage spam.” … Around $8 Billion Lost to Viruses, Spyware, and Phishing… 2 million consumers have had to replace their computers over the past two years due to software infections… 1 in 5 online consumers have been victims of Cybercrime… — “E-mail Security Market, 2009-2013,” The Radicati Group, Inc. — 2009 State of the Net Survey “As one leading financial institution told us, it routinely sees that at least 14 out of every 15 incoming emails are pure spam” — “Forrester Wave E-mail filtering Q2 2009,” April 2009 “Almost 60% of organizations reported spam blocking effectiveness of less than 95%” — Brian E. Burke, “Messaging Security Survey,” IDC, 2009.

5 Multiple locations and devices Difficulty in discovering and securing sensitive information Financially motivated evolving threats Advanced spam technologies bypassing scanners Control BUSINESS NeedsIT Needs Prevent sensitive information from leaking Protection from advanced threats Secure access to messaging from virtually anywhere Receive messaging free of spam

6 Across on-premises & cloud Integrate and extend security across the enterprise Block from: Enable CostValue SiloedSeamless to: Simplify the security experience, manage compliance Protect everywhere, access anywhere Highly Secure & Interoperable Platform

7 Secure Messaging Secure Collaboration Information Protection Identity and Access Management Secure Endpoint Business Ready Security Solutions

8 PROTECT everywhere ACCESS anywhere SIMPLIFY security, MANAGE compliance Enable more secure business communication from virtually anywhere and on virtually any device, while preventing unauthorized use of confidential information INTEGRATE and EXTEND security Best-in-class anti-malware and anti- spam on-premises / in-the-cloud Protect sensitive information in e- mail Secure, seamless access Deep Microsoft Exchange integration Extend secure e-mail to partners Centralized Management across on-premises and cloud Improved visibility across business productivity application security

9 Separate gateway to detect sensitive content External websites sending spam and malware Virus threats from internal senders Remote access solution w/ separate identities Internal users sending sensitive information to partners in e-mail Separate SMTP virus scanner to detect and remove spam and malware Separate gateway to enable remote access Spam Current Situation Multiple Products for secure messaging

10 Always-on access built into platform Internal mail protected with Forefront Protection for Exchange Information Protection built into the platform Malware and spam cleaning in the cloud with FOPE Secure Messaging Simple and easy

11 Integrated Security An easy to manage Premium Antimalware and Antispam Protection Solution for Microsoft Exchange Server Simplified Management  Intelligent engine selection  Monitoring security state in real-time New:  Integration with Exchange 2007 and 2010/IRM  Hybrid Model Automated updating Inclusive management console with security/protection views New :  Manage on premises and off premises security policies  Fast response to security incidents Forefront Protection 2010 for Exchange Server Summary  Premium Antispam protection (on premises and in the cloud)  Multiple Malware engine protection against emerging threats  Content and Keyword Filtering New:  Spyware protection: MSAV  Encrypted messages scanning Comprehensive Protection

12 Pickup Directory Submission Queue Categorizer Recipient API Delivery Queue SMTP Send SMTP AD Forefront antispam Transport Agent/Message API Forefront antimalware Exchange Biz Logic Ex Submit (MAPI/SMTP) SMTP Receive Agent Run Time Engine (MEx) Extensibility Platform

13 Enterprise Network External Mail Unified Messaging Voice mail & voice access Hub Transport Routing & Policy Web browser Outlook (remote user) Mobile phone Outlook (local user) Line-of-business applications Mailbox Storage of mailbox items Protection 2010 for Exchange Server Phone system (PBX or VoIP) Protection 2010 for Exchange Server Threat Management Gateway Edge Transport Threat Management Gateway Protection Availability: Exchange 2010 Exchange 2007 SP1 Client Access Client connectivity Web services

14 Surpassing Security Expectations Exchange 2010Forefront 2010 EncryptionAntivirus Default Intra-Org ∙ Inter-Org mTLS support ∙ IRM support Multiple Engine Malware Detection Unified Management Hosted, Hybrid Protection Premium Antispam Forefront/Exchange Better Together:

15 Exchange 2010 + Forefront 2010 Benefits Connection Filtering Forefront DNS Block List Aggregated RBL data from multiple external and internal vendors No configuration required Protocol Filtering Unified Management Consolidated Connection/Sender/Recipient/Sender ID filtering for simplified management Backscatter Filter Blocks NDR (backscatter) spam Content Filtering Cloudmark CMAE Engine Option of alternative third-party content filter Above 99% detection rate No configuration required (installs with smart defaults) Forefront True Type File Filtering Real file type inspection (not just extension) Actionable scanning of nested files/within ZIP Global Exception Lists Single access point to sender and recipient exception lists (allow and block actions) Streamlined SCL Less ambiguous ratings for less false positives end to end Hybrid Model Integration with Forefront™ Online Protection for Exchange

16 IP Block List Sender ID Filter DNSBLFilter Sender Filter Backscatter Filter Junk E-mail Filter RecipientFilter ContentFilter

17

18 New Content Filter:  Based on Cloudmark Authority Engine with industry-leading performance metrics  Embedded into the Forefront antispam architecture via Exchange transport agents framework  Executes in SMTP Receive pipeline  Scans MIME stream – body + headers of the message  Fingerprints-based engine Forefront Protection for Exchange Content Filter Benefits  Reduced spam and phishing penetration  Enhanced server performance  Increased IT Pro and IW productivity  Improved end user satisfaction

19

20

21 On premises or in the cloud Automatic Engine Updates Single Engine Multiple Engines 99% spam detection* * With premium antispam services 38 times faster An AV-Test of consumer antivirus products revealed: On average, Forefront engine sets provided a response in 3.1 hours or less. Single-engine vendors provided responses in 5 days, 4 days, and 6 days respectively. Source: New Solution Helps Pharmaceutical Maker Improve IT Performance and Security. Microsoft case study, June 2008. http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000002230 http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000002230 “ “

22 Forefront Protection 2010 for Exchange Server: Multiple AV Scanning Engines Advantages

23 Remote Update Services Remote Update Services Automatic Updates Directly from vendor Manual Config Redistribution MSAV/CMAE

24 Edge Server Hub Role Mailbox Role Public Folder Client SCAN and STAMP NO SCAN INTERNETINTERNET Mail scanned only once at the Edge - saves processing load on Hub and Mailbox servers Malware detected on Edge deleted immediately Internal mail is routed through Hub role Proactive scanning at the Mailbox server (Store) is turned off by default to save processing load on Mailbox servers Internal mail is routed through Hub role Proactive scanning at the Mailbox server (Store) is turned off by default to save processing load on Mailbox servers Forefront FPE Malware Filtering: Transport

25 Forefront FPE Antimalware Scanning: Store

26 Forefront Antispyware Filtering

27 Forefront Worms Filtering

28

29 Forefront Protection 2010 for Exchange Server: An Extension into Online Services

30 SPAM Protection Safe senders Spam Prevention If server down, E-mail queued for up to 5 days E-mail enters the global data center network – MX (mail.messaging.microsoft.com) Directory Services SPAM prevention Real time attack prevention (RTAP) IP-based authentication Reputation database Connections from all senders are analyzed, Connections from illegitimate senders are blocked Look up e-mail filtering settings for domain Virus Scanning KasperskyKaspersky SymantecSymantec Authentium Policy Enforcement Custom Policy Rules Attachment and message attribute management Custom Spam Filter management Rules Based Scoring Fingerprint Engines Content and Policy Quarantine SPAM Quarantine SPAM E-mail server available? Delivered in a flow-controlled fashion when server is available Queue Corporate Network SPAM Customer Feedback False +ve / -ve Customer Feedback False +ve / -ve

31 Filtering TechniqueDescriptionCumulative Effectiveness IP addresses are added: thru automated feedback loops that identify repeat spam (30 minutes application time) Snowshoeing IP Address Ranges Manually by spam analysts, in response to observed spam ~ 95% Community Gold Standard for IP reputationAbove 90% Image filteringUsing Smartscreen technologyAbove 99% Fingerprinting Using Smartscreen and fingerprint technology Fingerprint DB is continuously updated by spam analysts Scoring system based on 30k active rules and a corpus of 400k rules Points are deducted for good mail characteristics Points are added for Spam characteristics A score of ≥ 30 qualifies as Spam

32 Look up e-mail filtering settings for domain Virus Scanning KasperskyKaspersky SymantecSymantec AuthentiumAuthentium Policy Enforcement Custom Policy Rules Attachment and message attribute management SPAM Protection Custom Spam Filter management Rules Based Scoring Fingerprint Engine Content and Policy Quarantine Corporate Network Spam Analysts NDR Pool Score > 30 Outbound Pool Score < 30 SEWRSEWR Safe senders

33

34

35 SIA314 |Secure Messaging: Microsoft Forefront Protection 2010 for Exchange Server SIA316 | Behind the Spam: A Look at Botnets, Malware, and the Spammers Who Run Them SIA04-INT |Secure Messaging: Implementing Microsoft Forefront Online Protection for Exchange - Best Practices, Pitfalls and Support SIA04-HOL | Microsoft Forefront Online Protection for Exchange Administration and Reporting SIA10-HOL | Secure Messaging Solution: Business Ready Security with Microsoft Forefront and Active Directory Red SIA-1 | Microsoft Forefront Secure Messaging Solution

36 www.microsoft.com/teched www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn

37

38

39

Download ppt "Alex Nikolayev Program Manager Identity and Security Division Microsoft Corporation SESSION CODE: SIA324 Cristian Mora Product Manager Identity and Security."

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.

Microsoft ® Exchange Online Advanced Security Name Title Microsoft Corporation.
Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of emails a day Using Thousands of servers Across dozens of.

Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of s a day Using Thousands of servers Across dozens of.
On-premises Exchange Online Protection Office 365 Directory Sync ADFS (optional) Single sign on Secure mail flow Existing email environment.

On-premises Exchange Online Protection Office 365 Directory Sync ADFS (optional) Single sign on Secure mail flow Existing environment.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Curtis Parker | December 2010 | Microsoft Corporation.

Curtis Parker | December 2010 | Microsoft Corporation.
Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.

Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.
Security and Organizational Governance Anand Lakshminarayanan Senior Product Manager Microsoft Corporation.

Security and Organizational Governance Anand Lakshminarayanan Senior Product Manager Microsoft Corporation.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.

Adwait JoshiJim Harrison Sr. Product ManagerProgram Manager Microsoft Corporation SESSION CODE: SIA308.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
Lisa Farmer, Cedo Vicente, Eric Ahlm

Lisa Farmer, Cedo Vicente, Eric Ahlm
Forefront Online Protection for Exchange Renato Francesco Giorgini Evangelist IT Pro

Forefront Online Protection for Exchange Renato Francesco Giorgini Evangelist IT Pro
Understanding Microsoft Forefront Online Protection for Exchange Robert Gillies Solution Architect Microsoft Corporation EXL201.

Understanding Microsoft Forefront Online Protection for Exchange Robert Gillies Solution Architect Microsoft Corporation EXL201.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Security challenges Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of emails a day Using Thousands of.

Security challenges Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of s a day Using Thousands of.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Agenda Next Generation Antispam Protection Forefront Overview Forefront Security for Exchange Server Forefront Online Security for Exchange Hybrid Software.

Agenda Next Generation Antispam Protection Forefront Overview Forefront Security for Exchange Server Forefront Online Security for Exchange Hybrid Software.

Similar presentations

Ads by Google