Understanding Microsoft’s Forefront™ Security Solution For BusinessesSteve LambTechnical Security AdvisorMicrosoft Ltdhttp://blogs.technet.com/steve_lambmailto://stephen.lamb@microsoft.com

Agenda

Strategy

Client Security

Server Applications

Network Edge

Windows Networking Solutions

Microsoft’s Promises To YouEnabling IT Pros & Development Teams across the IT Lifecycle

Providing Access With Security

23 million branch offices WW (IDC, 2006)

3.6 billion mobile users WW by 2010 (Infonetics, 2007)

85% of companies will have WLANs by 2010 (Infonetics, 2006)

Demand for Access

8x increase in phishing sites in past year (AWG, 2006)

One message-based Trojan attack per day in 2006 vs. one per week in 2005 (Message Labs, 2006)

Strong indication of increase in profit-motivated attacks (Multiple sources)

Escalating Threats

The Challenges

Security & Access Solution Requirements

Comprehensive Integrated Simplified

More advanced

More frequent

Profit motivated

Demand for access

Escalating threats

Many access points

Various devices

Intranet/Extranet

Difficult to manage

Multiple security consolesComplex reporting and analysisGranular policy hard to deploy

Fragmented technology

Point products Poor interoperability

Lack of integration

Security And Access OfferingsA comprehensive line of business security products that helps you

gain greater protection and secure access through deep integration and simplified management

Network EdgeServer ApplicationsClient And Server OS

Terminal ServicesScalable Networking Pack

Server & Domain IsolationNetwork Access Protection

Secure Wireless

Windows Networking Solutions

Interoperability

Developer Tools & Guidance

Systems Management

Identity Management

Windows Client and Server Operating Systems

Forefront and the Broader Security Story

Windows Networking Solutions

Client And Server OS

Server Applications Network Edge

Let’s take a closer look at…

Security SummarySecurity Summary

Simplified AdministrationClient And Server OS

Malware Summary

Alerts Summary

Computer Summary

Security State Assessment Summary

FCS Architecture

Let’s take a closer look at…

Integrated Security

Exchange Mailbox Server

Internet

Client MachinesMicrosoft AV

Multi-engineManager

Server Applications

Exchange Mailbox Server

Exchange Front End

Response Time (hours)Forefront

Set 1Forefront

Set 2Forefront

Set 3Vendor A Vendor B Vendor C

Mytob.NQ@mm 1.5 1.0 3.1 9.9 17.4 2.1

Mytob.NQ@mm 1.0 1.0 1.0 28.1 11.6 3.5

Nugache.a 1.0 1.0 1.0 34.1 12.9 48.1

Numuen.F 0.0 0.0 0.0 1.0 10.3 15.0

Numuen.H 1.0 1.0 1.0 103.8 251.9 114.8

Numuen.G 3.2 3.2 3.2 1.0 151.8 469.0

Rbot!E905 0.0 0.0 0.0 1,141.8 217.6 1.0

Bagle.EG 0.0 0.0 0.0 0.0 7.3 0.0

Bagle.EH@mm 0.0 0.0 0.0 0.0 18.4 0.0

Bagle.EG@mm 0.0 0.0 1.0 0.0 26.5 0.0

Bagle.LY@mm 0.0 0.0 0.0 0.0 6.4 2.5

Feebs.gen@mm 0.0 0.0 0.0 0.0 0.0 503.8

Feebs.EU 0.0 0.0 0.0 52.3 173.2 39.0

Virut.A 0.0 0.0 0.0 0.0 0.0 1,317.0

Spybot!04C2 23.0 23.0 1.0 0.0 29.9 39.0

Banwarum.B@mm 12.1 1.8 1.0 116.7 22.5 32.9

Banwarum.C@mm 87.5 87.5 1.0 116.7 73.0 129.3

> 24 hrs

4 to 24 hrs< 4 hrs

1AVTest.org, 2006

Benefit of Multiple Malware Engines1

Let’s take a closer look at…

Comprehensive Security and AccessEnd-point

devicesProtocols Policy Definitions Applications

Edge

Email(Messaging

Servers)

Unmanaged PC(Home PC, Kiosk, etc)

Intranet Apps(Internal Web

Servers)

Work PCs(Remote Desktop)

Internet

Managed PC(corporate owned,

domain-joined)

Files/Documents(Portal or

File Servers)

Exchange ActiveSync

Handhelds

SSL-VPN

IPSec VPN

HTTP/HTTPS

RPC over HTTP

RDP over HTTP

SSL Tunneling

SSL Socket Forwarding

Net

wo

rk A

cces

s P

rote

ctio

nIntelligent Application Gateway 2007

Intelligent Application Gateway Context-Based Access Matrix

Who (Identity)

Where (endpoint)

What

(Ap

plic

ati

on)

Traditional firewall

Traditional firewall

WebSrv/ OWA

WebSrv/ OWA

clientclient

Web server prompts for authentication — any Internet user can

access this prompt

SSLSSL

SSL tunnels through traditional firewalls

because it is encrypted…

…which allows viruses and worms to

pass through undetected…

…and infect internal servers!

ISA Server 2006 with HTTP

Filter

ISA Server 2006 with HTTP

Filter

Basic and Forms authentication delegation

ISA Server pre-authenticates users, with Single Sign-on and

only allows auth’d users – it also issues forms cookies, timeouts,

and Attachment Blocking for OWA

ISA Server HTTP Filter

SSL or HTTP

SSL or HTTP

SSLSSL

ISA Server can decrypt and inspect SSL traffic

and only passes authenticated traffic-no

worms as they are anonymous

inspected traffic can be sent to the internal server re-encrypted or in the

clear.

URLScan for ISA Server

HTTP filter for ISA Server can stop Web attacks at the network edge, even over encrypted inbound SSL

InternetInternet

ISA 2006's Authn Delegation

Let’s take a closer look at...

Windows Networking Solutions- Core infrastructure

Simple NPS Authentication Workflow

User requests access to port

Network device asks user for credentials

Device forwards NPS credentials and connection details

RADIUS evaluates connection details against policy; forwards credentials to Active Directory for authentication

If policy matches, and user is authentic, access allowed

Device allows access

Anti-Virus Security Software Patch

Security Appliance

Network Device

System Integrator

100+ NAP Ecosystem Partners To Date

Security Response Organization

Multiple data sources enabling advanced threat

telemetry

Extensive Data

Dedicated team with automated

analysis and testing

Rigorous Analysis

Tight integration with MSRC and other support

processes

Integrated Response

Global Response and Service

Timely and Accurate Content

Quality

Industry Leading

Detection and Removal

NextGenerationForefront Security Products

Forefront Product RoadmapH1 2007 H2 2007

Client

Server

Edge

2008+

“Microsoft is poised to become the de facto leader in the e-mail security market.”- Gartner—Peter Firstbrook & Arabella Hallwell, Gartner, “Magic Quadrant for E-Mail Security Boundary, 2006”

"Microsoft is one of the few vendors that can truly go end-to-end (cloud-edge-server-client) to make businesses more secure."  - Enterprise Strategy Group Eric Ogren, “At the Forefront of Microsoft Security”, InternetNews.com June 15, 2006

Forefront delivers comprehensive, integrated and simplified protection and secure access for businessesNew brand but proven, award-winning productsVisit http://www.microsoft.com/forefront

Learn more about Forefront Download beta/evaluation software

Summary

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this

presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.