Agenda Introduction to Forefront Server Security products
- Comprehensive Protection Features- Optimized Performance Features- Simplified Management Features
Forefront Security for Exchange Server- Exchange 2007 Role Support- Premium Anti-spam Services- File filtering
Forefront Security for SharePoint- SharePoint API- Content filtering
Summary
A A comprehensive line of business comprehensive line of business
security productssecurity products that helps you gain that helps you gain
greater greater protectionprotection through deep through deep
integrationintegration and simplified and simplified managementmanagement
Server Security Product RoadmapPrevious Versions Current 2007+
Microsoft®
AntigenMessaging Security Suite
Problem Single Point of Failure
SharePointSharePoint
ISA ISA ServerServer
SMTP SMTP ServerServer
Internet
Viruses
Anti-virus Approaches
ExchangExchangee
ExchangExchangee
Single Vendor
Single Engine
Worms
Spam
A A
A A A
A
A A
Problem Management/Cost
SharePointSharePoint
ISA ISA ServerServer
SMTP SMTP ServerServer
Internet
Viruses
Anti-virus Approaches
ExchangExchangee
ExchangExchangee
Multi-vendorMulti-engine
Worms
Spam
A B
C
A
ED
B C
Harnessing the Strength of Multiple Engines
Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from
Each scan job in a Forefront Server Security product can run up to five engines simultaneously
Internal Messaging and Collaboration Servers
A B C ED
The Multiple Engine Advantage
Rapid response to new threats
Fail-safe protection through redundancy
Diversity of anti-virus engines and heuristics
Response Time (hours)Forefront Set 1
Forefront Set 2
Forefront Set 3
Vendor A
Vendor B
Vendor C
0406 Mytob.NQ@mm 1.5 1.0 3.1 9.9 17.4 2.1
0406 Mytob.NQ@mm 1.0 1.0 1.0 28.1 11.6 3.5
0406 Spybot!04C2 23.0 23.0 1.0 0.0 29.9 39.0
0406 Nugache.a 1.0 1.0 1.0 34.1 12.9 48.1
0506 Numuen.F 0.0 0.0 0.0 1.0 10.3 15.0
0506 Numuen.H 1.0 1.0 1.0 103.8 251.9 114.8
0506 Numuen.G 3.2 3.2 3.2 1.0 151.8 469.0
0506 Banwarum.C@mm 87.5 87.5 1.0 116.7 73.0 129.3
0506 Banwarum.B@mm 12.1 1.8 1.0 116.7 22.5 32.9
0506 Rbot!E905 0.0 0.0 0.0 1,141.8 217.6 1.0
0606 Bagle.EG 0.0 0.0 0.0 0.0 7.3 0.0
0606 Bagle.EH@mm 0.0 0.0 0.0 0.0 18.4 0.0
0606 Bagle.EG@mm 0.0 0.0 1.0 0.0 26.5 0.0
0606 Bagle.LY@mm 0.0 0.0 0.0 0.0 6.4 2.5
0706 Feebs.gen@mm 0.0 0.0 0.0 0.0 0.0 503.8
0706 Feebs.EU 0.0 0.0 0.0 52.3 173.2 39.0
0706 Virut.A 0.0 0.0 0.0 0.0 0.01,317.
0
> 24 hrs
4 to 24 hrs
< 4 hrs
1AVTest.org, 2006
Optimized Performance Controls
Bias
Engines used are not always the same. They are dynamically allocated from the available pool.
A
B
C
D
Max Certainty: uses all engines (100%) Favor Certainty: uses all available engines* Neutral: uses approximately 50% of available engines*Favor Performance: uses 25% of available engines*Max Performance: uses one engine for every scan*
Optimized Performance Controls
Bias
Engines used are not always the same. They are dynamically allocated from the available pool.
A
B
Max Certainty: uses all engines (100%) Favor Certainty: uses all available engines* Neutral: uses approximately 50% of available engines*Favor Performance: uses 25% of available engines*Max Performance: uses one engine for every scan*
SharePoint Servers
Exchange Servers
Forefront Server Security Management Console Features
Central management console - Deploys and configures
Forefront/Antigen Security for Exchange and SharePoint environments
Automates signature updates across the enterprise- Scans for and pulls updates
for multiple antivirus engines
- Distributes updates to all Forefront/Antigen servers
Forefront Server Security Management Console Features
Comprehensive reporting- Detected viruses, keyword filters or file filters- Actions taken by Forefront/Antigen on
detection of a virus or content violation- Message traffic activity
Including message and files processed
- Antivirus engine versions Outbreak alerts
- SNMP and SMTP alerts sent when administrator-defined thresholds for viruses, file and content filters are exceeded
- Alerts can be forwarded to Microsoft Operations Manager
Automated Signature Updating
Internet
Engine Partner Updates
www.microsoft.com
Internet
ForefrontEngineAdaptor
Sybari Enterprise Manager
Antigen Enterprise Manager
Forefront Server
Security Management
Console
Sybari Antigen for Exchange/SMTP 8.0
Sybari Antigen for SharePoint 8.0
Sybari Antigen for Instant Messaging 8.0
Microsoft Antigen for Exchange/SMTP 9.0
Microsoft Forefront Security for Exchange Server
Microsoft Forefront Security for SharePoint
Support Matrix and History
Microsoft Operations Manager Forefront Management Pack for MOM 2005
Over 100 Events, Performance Counters, and Services Monitored- Monitors the state of Forefront.- Collects statistical data on scanning, detection,
and removal of messages and attachments- Polls Forefront Services - Provides timed events
to poll systems for critical process health Key Tasks
- Triggers scan engine updates- Centralizes storage and deployment of license
files- Imports, exports and deploys setting changes- Initiates and/or schedules manual scan jobs- Starts/Stops control of Forefront services
Includes multiple scan engines from industry-leading security firms, integrated in a single solution to help businesses protect their Exchange messaging environments from viruses, worms, and spam.
Secure Messaging
Comprehensive
Protection
Optimized Performance
Simplified Management
Ships with multiple antivirus engines Multi-layered protection in Exchange
2007 File Filtering and premium anti-spam
protection Deep integration with Exchange Server Scanning innovations & performance
controls Maintains uptime and optimizes
performance Easily manage configuration and operation
Automated signature updates Reporting, Notifications and Alerts
What’s New in This Release? Forefront Security for Exchange Server
- Support for three Exchange roles in single product- 64-bit support (32-bit support only for evaluation)- Localization into 11 languages- Support for new Exchange AV features
AV transport stamp Targeted background scanning for optimized performance
- Access to all scan engines included with license- Premium anti-spam services for Exchange 2007- Cluster Server improvements including new
Exchange 2007 CCR cluster support
Performance Optimization In-memory scanning of messages Multi-threaded Performance vs Security balance
configuration Incremental background scanning Integrates with VSAPI virus scanning
technology in Exchange
Mailbox
ClientAccess
Unified Messaging
EdgeTransport
HubTransport
Enterprise networkOtherSMTP
Servers
Mailbox
Routing
Hygiene Routing Policy
Voice Messaging
PBX or VoIP
PublicFolders
Fax
Applications:- OWA
Protocols:- ActiveSync, POP,
IMAP, RPC / HTTP …
Programmability:- Web services, - Web parts
Exchange 2007 Enterprise Topology
INTERNET
Email Transport Scanning
New intelligent scanning does not scan email that has already been scanned- By default, email scanned at Edge Transport
or Hub Transport does not get scanned again when routed or deposited into mailboxes
Minimizes AV scanning overhead to maximize mail system performance- Significantly reduces scanning impact at the
store- Can be turned off to allow scanning at all
points
INTERNET
Edge Server Hub Role Mailbox Role
Mailbox Role
Public Folder
Client
SCAN and STAMP
NO SCAN NO SCAN
• Mail scanned only once at the Edge
• Saves processing load on Hub and Mailbox servers
Transport Scanning – Inbound Mail
Edge Server Hub Role Mailbox Role
Mailbox Role
Public Folder
Client
SCAN and STAMP
NO SCAN NO SCAN
NO SCAN
Transport Scanning – Internal Mail
Internal mail is routed through Hub role
Proactive scanning at the Mailbox server (store) is turned off by default
Saves processing load on Mailbox servers
Internet
Mail Store Scanning – Multiple Options
Standard mode- Background Scan to sweep the store once each
day, scanning only the most vulnerable files- On-access protection for unscanned mail
Outbreak mode- Re-scan on-access whenever scan engines update
Ultimate security mode- Scan on submission to store- Re-scan on access whenever scan engines update- Continuous background scan with new signatures
Incremental Background Scanning
Ability to scope background scanning allows for daily “sweep” of store with latest updates
Scan only messages delivered in the past- 4, 6, 8, 12, 18 hours- 1, 2, 3, 4, 5, 7, 30 days
Combines security and performance- The most dangerous messages are scanned- The bulk of the store does not get scanned
repeatedly for no reason
Premium Anti-Spam Protection Activated and licensed by Forefront Security for
Exchange Server Deployed on Exchange Edge or Hub server role Built upon base anti-spam in Exchange 2007,
premium anti-spam protection adds:- Microsoft IP reputation filter service and
automated updates- Automated updates for Microsoft Smartscreen
spam heuristics and Intelligent Message Filter (IMF)
- Targeted spam signature data and automatic updates to identify latest spam campaigns
File Filtering
A key part of any mail protection strategy
Proactively block a specific range of potentially dangerous file types whether or not a signature exists- Suggested files to block: EXE, COM, PIF,
SCR, VBS, SHS, CHM and BAT - Some users will block the same file
types that are blocked by Outlook 2003 See Outlook online help for list
Use *.exe and All Types of files to block anything named *.exe
Use *.* and EXEFILE to block any executable file no matter what it is named
File FilteringSetting up file filters
Forefront blocks by extension and true file type- Can’t fool filter by simple change of
extension- Each is configured differently
File FilteringSetting up file filters
Search for specific files by name, e.g. “resume.doc”- Wildcards supported, e.g. “*resume*.doc”- Each * represents 250 characters
File filters can be Inbound or Outbound- <in>*.exe, <out>*.doc
Files can be blocked based on size, and size/name/type/direction combinations- <in>*.mp3>2mb- <out>*.mp3>5mb- <in>*.*>10mb
File Filtering Actions
Every filter or filter list can have a separate
action applied, offering great flexibility- Skip:Detect only – logs the event but does
not block or alter the message Not a secure setting! Useful for monitoring and discovery purposes Allows for pre-testing of new rules without end
user impact- Delete:Remove contents – removes the
attachment only and replaces with the customized deletion text
- Purge:Eliminate message – deletes both the attachment and the message body End user receives nothing
Filter Rules: Delete *.exeQuarantine
File Filtering – Zip file behavior Forefront scans within ZIP and other
compressed formats, deletes only the offending fileand then repackages the ZIP
Container file before scan
EXE DOC
JPGBMP
DOC
JPGBMP
TXT
Container file after scanEXE
Quarantine
Custom deletion text
Integrates multiple scan engines from industry-leading vendors and provides content controls to help businesses protect their Microsoft Office SharePoint 2007 and Windows SharePoint Services 3.0 collaboration environment by eliminating documents containing malicious code, confidential information, and inappropriate content.
Secure Collaboration
Ships with & manages multiple antivirus engines
File & Content Keyword Filtering Support for Open XML & IRM-protected docs Deep integration with SharePoint Server Scanning innovations and performance
controls Maintains uptime and optimizes performance. Easily manage configuration and operation Automated signature updates Reporting, Notifications and Alerts
Comprehensive
Protection
OptimizedPerformance
Simplified Management
What’s New in This Release?
Forefront Security for SharePoint- Both 32-bit and 64-bit support- Localization (11 languages)- Support for SharePoint Information
Rights Management Documents- Keyword filtering on Office XML Open
Format- Access to all scan engines included
with license
Forefront Security for SharePoint
SQL Document Library
Document
Users
Document
SharePoint Server
Virus Protection for Document Libraries- Real-time scanning of documents uploaded
and downloaded from document library- Manual and scheduled scanning of
document library
Content Policy Enforcement- File filtering to block documents
frombeing posted based on name match, file type or file extension
- Content filtering by keywords withindocuments for inappropriate words and phrases
SharePoint API integration Utilizes the SharePoint Virus API to scan
files during upload and download- Optimized for performance in a
SQL environment Files are not rescanned if engines have
not been updated Up to ten simultaneous scanning threads
to help ensure users are not delayed waiting for documents to scan
Automatic integration with SharePoint Information Rights Management (IRM) to scan protected files on the fly
Customer Testimonials
“Forefront works like a dream. We don’t have to do anything to it until we’re ready to upgrade. With a small IT staff, that’s exactly what we want.”Alexander Fischer, Chief of IT Infrastructure, Koehler Paper Group
“We looked at Forefront and it blew us away. We’re a Microsoft shop. We want to use products that will integrate well with what we have. And we’ve seen the Microsoft roadmap for the Forefront product range, so we know this is a product we can use to increasing advantage in the years to come.”
Peter Oescheger, CIO, Sasfin
“We wouldn’t put anything else for e-mail security on our Exchange Server 2007 machines. The software is well-respected. It’s been around; it’s proven. Our own experience with Microsoft Antigen is that it’s an outstanding product. Forefront Security for Exchange Server makes it even better.”
Chris Habala, Senior Architect/Analyst, Del Monte
“The integration of Forefront with Exchange is even better than the integration we saw with Antigen. It integrates proactively as part of the scanning flow. It’s not complicated to install or administer. Microsoft has taken one of the best antivirus products for Exchange and just made it better.”
Will Wilson, Director of Information Systems, Guardian Management
Summary Microsoft Forefront Server Security products:
- Comprehensive antivirus, antispam and content filtering protection for Exchange Server, SharePoint Server, Windows SharePoint Services, and Live Communications Server
- Strengthen messaging and collaboration security by integrating multiple industry-leading antivirus technologies in a single solution
- Optimize performance of messaging and collaboration servers with scanning innovations and performance bias controls
- Simplify management of messaging and collaboration security
Top Related