Exchange 2010Advanced Security with ForefrontNameTitleMicrosoft Corporation

E-mail Security A Growing Concern

Spam problems continue• Spammers constantly evolving new techniques• Systems often outdated and rely only on IP filtering• Only 11% of organizations reported 99% effectiveness*

Malware attacks on the rise • Malware incidents are increasing in organizations of all sizes* • Attacks are often blended (e.g. spammed viruses) • Increasing use of attachments to transmit viruses*

Increasing need for data encryption• New regulations demand increased data privacy• Data leakage carries legal, financial risks• Encryption can be difficult to implement and manage

*IDC, 2009

Better Together Protection

Encryption Anti-Virus

Automatic

Encryption

S/MIME Support

Information Rights

Management

Support

Multiple Engine Anti-

Malware Detection

Unified ManagementHosted, Hybrid Protection

Premium

Anti-Spam

Basic

Integrated defense in depth

Perimeter Protection

• Client to Server - Secure Sockets Layer (SSL)• Server to Server - Transport Layer Security (TLS)• Perimeter to Perimeter - Opportunistic TLS

Clients

Internal Network

Perimeter Network

Internet Perimeter Network

EncryptionDefault encryption internally and externally

Encryption

• Send from Outlook, Outlook Web App, and Windows Mobile 6.0+

• AD RMS Pre-licensing improves mobile/offline experience• Automatic IRM-protection through transport rules• Transport decryption to enable AV/AS scanning • Native IRM support in OWA

Information Rights Management Support Provides persistent protection to control who can access, forward, print or copy sensitive data.

S/MIME Support Enables users to send signed and encrypted e-mail to one another from a variety of devices.

Protect sensitive data

Protected messages sent to transport server

Messages and attachments decrypted to enable content filtering, transport rules

Infected messages and spam can be filtered

Messages are re-encrypted and delivered

EncryptionEnable processing of rights protected e-mail

Journaled messages include decrypted clear-text copy

Perimeter ProtectionEnterprise Network

Externalmail

Edge Transport

Routing & AV/AS

Unified MessagingVoice mail & voice access

Client AccessClient connectivity

Web services

Hub TransportRouting & policy

Web browser

Outlook (remote

user)

Mobile phone

Outlook (local user)

MailboxStorage of

mailbox items

Overview

Perimeter Protection

MALWARESPAM

SAFE /BLOCKED SENDER LISTS

Internet Edge Server

Safe and blocked sender lists synched to Edge in seconds

Fewer false positives enables more aggressive filtering

Internal Network

EdgeSync enhances anti-spam filtering

Connection Filtering

Sender-RecipientFiltering

Content Filtering

Mailbox / Store

User Inbox

User Junk E-mail Folder

Administrator Quarantine

Basic Anti-Spam

Incoming Internet E-mail

2

3

Connection Filtering

1

1

Content Filtering3

Filters connections based on internal and third party IP block/allow lists.

Scans words and phrases based on internal lists and automated analysis.

Sender-Recipient Filtering

2Filters individual addresses based on internal lists and sender reputation.

Attachment Filtering

Three layers of protection

Premium Anti-Spam

Connection Filtering

1

Content Filtering3

Administrator configures IP block/ allow lists and DNS block lists

• Configurable content filter• Bi-weekly automatic updates • Attachments stripped per extension

Sender-Recipient Filtering

2Administrator configures sender-recipient lists separately

• Pre-configured DNS Block List• Aggregates data from multiple vendors

• Sender-recipient lists managed from one point on console

• Pre-configured content filter • Continuous minute-by-minute updates• Inspects file type, not just extension

More protection, less configuration

Internet

A

B

C

E

DExchange 2010

Forefront Anti-Malware

• Deploy single solution using multiple integrated technologies• Includes all engines in base cost• Run up to five engines simultaneously on any scan job• Most up-to-date engine automatically selected for optimal

performance

One solution, multiple anti-malware engines

• Rapid response to new threats

• Fail-safe protection through redundancy

• Diversity of antivirus engines and heuristics

Response time1 (in hours)

** 0.00 denotes proactive detection1 Source: AV-Test.org 2009 (www.av-test.org)

Single-engine solutions

Less than 5 hours

The Multiple Engine Advantage

5 to 24 hours

More than 24 hours

Proven faster, more effective

WildList Number

MalwareName

Forefront Engines Vendor A Vendor B Vendor C

01/09 autorun_itw542.ex_ 0.00 1185.47 89.83 1161.8301/09 buzus_itw3.ex_ 0.00 2.92 10.87 53.9801/09 conficker_itw5.dl_ 0.00 0.00 113.55 0.0001/09 koobface_itw18.ex_ 0.00 360.65 0.00 1050.1801/09 momibot_itw2.ex_ 0.00 0.00 0.00 982.0501/09 pinit_itw2.ex_ 42.85 205.03 0.00 873.2301/09 zbot_itw30.ex_ 0.00 0.00 0.00 0.0001/09 zbot_itw31.ex_ 0.67 990.50 1.17 53.7501/09 zbot_itw39.ex_ 0.00 946.40 0.00 0.0002/09 agent_itw94.ex_ 0.00 0.00 204.17 723.1002/09 autorun_itw580.ex_ 0.00 341.37 917.60 336.6702/09 autorun_itw585.ex_ 0.00 602.93 0.00 0.0002/09 autorun_itw594.ex_ 0.00 704.05 0.00 42.4002/09 magania_itw21.ex_ 0.00 0.00 0.00 522.6002/09 onlinegames_itw624.ex_ 0.00 386.88 22.12 0.0002/09 onlinegames_itw627.ex_ 0.00 207.33 60.88 7.4202/09 onlinegames_itw643.ex_ 0.00 22.13 6.22 32.1802/09 zbot_itw42.ex_ 0.00 1120.87 0.00 0.0003/09 autoit_itw90.ex_ 0.00 0.00 0.00 1101.6203/09 autorun_itw597.ex_ 0.00 555.12 0.00 16.8803/09 autorun_itw598.ex_ 0.00 2.88 187.27 667.8503/09 autorun_itw601.ex_ 0.00 510.32 0.00 0.0003/09 autorun_itw616.ex_ 0.00 555.12 0.00 16.8803/09 ircbot_itw485.ex_ 0.00 3.37 0.37 79.0503/09 mariof_itw2.ex_ 0.00 309.40 945.95 653.0303/09 onlinegames_itw651.ex_ 0.00 0.00 145.48 55.4703/09 zbot_itw43.ex_ 0.00 757.28 0.00 0.00

Hosted and Hybrid Protection

Antivirus and anti-spam protection for Exchange Server 2010 Server Roles

On-Premise SoftwareHosted Service

Edge Transport Hub Transport Mailbox

Internet SMTP

A choice of security options Hosted: - Stop spam and viruses before they reach your network - Reduce security management costs and maintenanceHybrid: - Protection for both external and internal threats

Forefront Online Protection for Exchange

Forefront ReportsExchange SPAM Detail Statistics

Exchange SPAM Detail Statistics

Message Blocked by connection filter

IP Block ListIP Block Providers

Message Allowed by connection filter

IP Allow List

SPAM Confidence Level distribution

SCL 0SCL 1SCL 2SCL 3SCL 4SCL 5SCL 6SCL 7SCL 8SCL 9Unknown

Message Distributed by content filter actions

ReceivedRejectedDeletedQuarantined

Report Scope:

Report Time Span:

All Computers

Start: 8/29/2007 09 :00 PST End: 8/30/2007 09 :00 PST Generated on: 8/30/2007 09 :00

All dates and times are shown in Pacific Time (GMT -8:00)

Data Scope: All

6pm6am

10000

8000

4000

6pm6am

10000

8000

4000

6pm6am

10000

8000

4000

Message Blocked by SMTP filter

SenderSender IDRecipient

6pm6am

10000

8000

4000

Central configuration for managing Exchange 2010 and Forefront on premise and hosted security settings

Dashboard for enterprise-wide visibility and

reporting

Consolidated view of filters and settings

Unified Management One console for Exchange and Forefront settings

Exchange 2010 + Forefront

Superior anti-spam and anti-virus protection

• Configurable multi-layered filtering agents • Continuous automatic content updates• Multi-engine malware for faster, more reliable filtering

Simplified management• Option of hosted and hybrid AV/AS options for lower TCO• Manage Exchange and Forefront settings from one console

Extended encryption capabilities• Automatic encryption inside and outside the organization• Broad support for S/MIME and Information Rights

Management

Better Together Security

© 2009 Microsoft Corporation. All rights reserved. Microsoft and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to

changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.