Microsoft Unified Communications - Exchange 2010 Advanced Security with Forefront Presentation
-
Upload
microsoft-private-cloud -
Category
Technology
-
view
1.048 -
download
2
Transcript of Microsoft Unified Communications - Exchange 2010 Advanced Security with Forefront Presentation
Exchange 2010Advanced Security with ForefrontNameTitleMicrosoft Corporation
E-mail Security A Growing Concern
Spam problems continue• Spammers constantly evolving new techniques• Systems often outdated and rely only on IP filtering• Only 11% of organizations reported 99% effectiveness*
Malware attacks on the rise • Malware incidents are increasing in organizations of all sizes* • Attacks are often blended (e.g. spammed viruses) • Increasing use of attachments to transmit viruses*
Increasing need for data encryption• New regulations demand increased data privacy• Data leakage carries legal, financial risks• Encryption can be difficult to implement and manage
*IDC, 2009
Better Together Protection
Encryption Anti-Virus
Automatic
Encryption
S/MIME Support
Information Rights
Management
Support
Multiple Engine Anti-
Malware Detection
Unified ManagementHosted, Hybrid Protection
Premium
Anti-Spam
Basic
Integrated defense in depth
Perimeter Protection
• Client to Server - Secure Sockets Layer (SSL)• Server to Server - Transport Layer Security (TLS)• Perimeter to Perimeter - Opportunistic TLS
Clients
Internal Network
Perimeter Network
Internet Perimeter Network
EncryptionDefault encryption internally and externally
Encryption
• Send from Outlook, Outlook Web App, and Windows Mobile 6.0+
• AD RMS Pre-licensing improves mobile/offline experience• Automatic IRM-protection through transport rules• Transport decryption to enable AV/AS scanning • Native IRM support in OWA
Information Rights Management Support Provides persistent protection to control who can access, forward, print or copy sensitive data.
S/MIME Support Enables users to send signed and encrypted e-mail to one another from a variety of devices.
Protect sensitive data
Protected messages sent to transport server
Messages and attachments decrypted to enable content filtering, transport rules
Infected messages and spam can be filtered
Messages are re-encrypted and delivered
EncryptionEnable processing of rights protected e-mail
Journaled messages include decrypted clear-text copy
Perimeter ProtectionEnterprise Network
Externalmail
Edge Transport
Routing & AV/AS
Unified MessagingVoice mail & voice access
Client AccessClient connectivity
Web services
Hub TransportRouting & policy
Web browser
Outlook (remote
user)
Mobile phone
Outlook (local user)
MailboxStorage of
mailbox items
Overview
Perimeter Protection
MALWARESPAM
SAFE /BLOCKED SENDER LISTS
Internet Edge Server
Safe and blocked sender lists synched to Edge in seconds
Fewer false positives enables more aggressive filtering
Internal Network
EdgeSync enhances anti-spam filtering
Connection Filtering
Sender-RecipientFiltering
Content Filtering
Mailbox / Store
User Inbox
User Junk E-mail Folder
Administrator Quarantine
Basic Anti-Spam
Incoming Internet E-mail
2
3
Connection Filtering
1
1
Content Filtering3
Filters connections based on internal and third party IP block/allow lists.
Scans words and phrases based on internal lists and automated analysis.
Sender-Recipient Filtering
2Filters individual addresses based on internal lists and sender reputation.
Attachment Filtering
Three layers of protection
Premium Anti-Spam
Connection Filtering
1
Content Filtering3
Administrator configures IP block/ allow lists and DNS block lists
• Configurable content filter• Bi-weekly automatic updates • Attachments stripped per extension
Sender-Recipient Filtering
2Administrator configures sender-recipient lists separately
• Pre-configured DNS Block List• Aggregates data from multiple vendors
• Sender-recipient lists managed from one point on console
• Pre-configured content filter • Continuous minute-by-minute updates• Inspects file type, not just extension
More protection, less configuration
Internet
A
B
C
E
DExchange 2010
Forefront Anti-Malware
• Deploy single solution using multiple integrated technologies• Includes all engines in base cost• Run up to five engines simultaneously on any scan job• Most up-to-date engine automatically selected for optimal
performance
One solution, multiple anti-malware engines
• Rapid response to new threats
• Fail-safe protection through redundancy
• Diversity of antivirus engines and heuristics
Response time1 (in hours)
** 0.00 denotes proactive detection1 Source: AV-Test.org 2009 (www.av-test.org)
Single-engine solutions
Less than 5 hours
The Multiple Engine Advantage
5 to 24 hours
More than 24 hours
Proven faster, more effective
WildList Number
MalwareName
Forefront Engines Vendor A Vendor B Vendor C
01/09 autorun_itw542.ex_ 0.00 1185.47 89.83 1161.8301/09 buzus_itw3.ex_ 0.00 2.92 10.87 53.9801/09 conficker_itw5.dl_ 0.00 0.00 113.55 0.0001/09 koobface_itw18.ex_ 0.00 360.65 0.00 1050.1801/09 momibot_itw2.ex_ 0.00 0.00 0.00 982.0501/09 pinit_itw2.ex_ 42.85 205.03 0.00 873.2301/09 zbot_itw30.ex_ 0.00 0.00 0.00 0.0001/09 zbot_itw31.ex_ 0.67 990.50 1.17 53.7501/09 zbot_itw39.ex_ 0.00 946.40 0.00 0.0002/09 agent_itw94.ex_ 0.00 0.00 204.17 723.1002/09 autorun_itw580.ex_ 0.00 341.37 917.60 336.6702/09 autorun_itw585.ex_ 0.00 602.93 0.00 0.0002/09 autorun_itw594.ex_ 0.00 704.05 0.00 42.4002/09 magania_itw21.ex_ 0.00 0.00 0.00 522.6002/09 onlinegames_itw624.ex_ 0.00 386.88 22.12 0.0002/09 onlinegames_itw627.ex_ 0.00 207.33 60.88 7.4202/09 onlinegames_itw643.ex_ 0.00 22.13 6.22 32.1802/09 zbot_itw42.ex_ 0.00 1120.87 0.00 0.0003/09 autoit_itw90.ex_ 0.00 0.00 0.00 1101.6203/09 autorun_itw597.ex_ 0.00 555.12 0.00 16.8803/09 autorun_itw598.ex_ 0.00 2.88 187.27 667.8503/09 autorun_itw601.ex_ 0.00 510.32 0.00 0.0003/09 autorun_itw616.ex_ 0.00 555.12 0.00 16.8803/09 ircbot_itw485.ex_ 0.00 3.37 0.37 79.0503/09 mariof_itw2.ex_ 0.00 309.40 945.95 653.0303/09 onlinegames_itw651.ex_ 0.00 0.00 145.48 55.4703/09 zbot_itw43.ex_ 0.00 757.28 0.00 0.00
Hosted and Hybrid Protection
Antivirus and anti-spam protection for Exchange Server 2010 Server Roles
On-Premise SoftwareHosted Service
Edge Transport Hub Transport Mailbox
Internet SMTP
A choice of security options Hosted: - Stop spam and viruses before they reach your network - Reduce security management costs and maintenanceHybrid: - Protection for both external and internal threats
Forefront Online Protection for Exchange
Forefront ReportsExchange SPAM Detail Statistics
Exchange SPAM Detail Statistics
Message Blocked by connection filter
IP Block ListIP Block Providers
Message Allowed by connection filter
IP Allow List
SPAM Confidence Level distribution
SCL 0SCL 1SCL 2SCL 3SCL 4SCL 5SCL 6SCL 7SCL 8SCL 9Unknown
Message Distributed by content filter actions
ReceivedRejectedDeletedQuarantined
Report Scope:
Report Time Span:
All Computers
Start: 8/29/2007 09 :00 PST End: 8/30/2007 09 :00 PST Generated on: 8/30/2007 09 :00
All dates and times are shown in Pacific Time (GMT -8:00)
Data Scope: All
6pm6am
10000
8000
4000
6pm6am
10000
8000
4000
6pm6am
10000
8000
4000
Message Blocked by SMTP filter
SenderSender IDRecipient
6pm6am
10000
8000
4000
Central configuration for managing Exchange 2010 and Forefront on premise and hosted security settings
Dashboard for enterprise-wide visibility and
reporting
Consolidated view of filters and settings
Unified Management One console for Exchange and Forefront settings
Exchange 2010 + Forefront
Superior anti-spam and anti-virus protection
• Configurable multi-layered filtering agents • Continuous automatic content updates• Multi-engine malware for faster, more reliable filtering
Simplified management• Option of hosted and hybrid AV/AS options for lower TCO• Manage Exchange and Forefront settings from one console
Extended encryption capabilities• Automatic encryption inside and outside the organization• Broad support for S/MIME and Information Rights
Management
Better Together Security
© 2009 Microsoft Corporation. All rights reserved. Microsoft and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to
changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.