Forefront SecurityExchange
Problem
Meddelande system och sammarbetsprodukter är underbarar mål för elak kod och “distrubition” av äkta dynga…
Viruses
Worms
Bot-nets
Trojans
Spam
Phishing
Profanity / offensive content
ExchangeExchange ExchangeExchangeExchangeExchange
VirusesVirusesWormsWormsSpamSpam
E-mail Antivirus Approaches
ISA ServersISA Servers Windows SMTP ServersWindows SMTP Servers
InternetInternet
AVAV
AVAVAVAVAVAV
AVAV
AVAVAVAV
AVAV
Single Vendor SolutionSingle Vendor Solution• Same scan engine, heuristicsSame scan engine, heuristics technology and signature files on technology and signature files on all server and client platforms all server and client platforms
• Dependent on one AV lab Dependent on one AV lab for scan engine updates for scan engine updates during virus or worm during virus or worm outbreaks outbreaks • Queuing and delay during Queuing and delay during engine updates on mission engine updates on mission critical servers (i.e. critical servers (i.e. Exchange) Exchange)
Problem:Problem: Single Point of FailureSingle Point of Failure
AVAV
AVAVAVAVAVAV
AVAV
AVAV
AVAV
AVAV
Multi-vendor SolutionMulti-vendor Solution• Different scan engines, heuristicsDifferent scan engines, heuristics technologies and signature files on technologies and signature files on server and client platforms server and client platforms
• High acquisition and High acquisition and maintenance cost maintenance cost • Added filtering complexityAdded filtering complexity• Added signature update Added signature update complexity complexity • Risk of failure and queuing still Risk of failure and queuing still
exists on mission-critical exists on mission-critical servers servers
Problem:Problem: Management/CostManagement/Cost
Defense-in-Depth for Exchange Server
ISA Server
Eliminate spam and viruses Eliminate spam and viruses before they reach your before they reach your networknetwork
Rapid identification and Rapid identification and quickest response to latest quickest response to latest threats threats
Unparalleled reliability and Unparalleled reliability and scalabilityscalability
Exchange
Protect against internal Protect against internal threatsthreats
Enforce content policies in Enforce content policies in e-maile-mail
Provide additional layer of Provide additional layer of defense against the latest defense against the latest viruses, worms and spamviruses, worms and spam
Mail flow
EHS ServiceEHS Service Antigen On-Premise Antigen On-Premise SoftwareSoftware
Securely enable remote Securely enable remote access to Exchange e-mailaccess to Exchange e-mail
Enhance server protection Enhance server protection with pre-authentication of with pre-authentication of usersusers
Improve security of OWA Improve security of OWA sessions from unmanaged sessions from unmanaged clientsclients
ISA Server 2004/6ISA Server 2004/6
Internet
EHS
The Ideal Solution
Use a single vendor solution that integrates antivirus engines from top worldwide virus labs and provides all updates from a single source
Manages multiple antivirus scan engines on all mission critical messaging and collaboration servers
Includes anti-spam, policy and content filtering for complete protection and hygiene
AVAV
AVAV
AV
AVAnti-spamAnti-spam
AntivirusAntivirus
Policy MgtPolicy MgtCen
tral
Cen
tral
Mg
tM
gt
Exchange Server/Exchange Server/Windows SMTP ServerWindows SMTP Server
Demo
Forefront för Exchange
VirusesWormsInapp. Content
Management
VirusesWormsSpam
Live Communications Server
Users
Internet
SMTP Server
ISA Server
SharePoint
Exchange Server
EdgeE-mail
Collaboration
Microsoft Operations Manager w/ Antigen Management Pack
E-mail and Collaboration Server SecurityE-mail and Collaboration Server Security
Antigen Enterprise Manager
Demo
Forefront för SharePoint
Layered Defenses
Protection at multiple points in the networkEdge: Antigen for SMTP, Advanced Spam Manager
E-Mail server: Antigen for Exchange, Advanced Spam Manager
Microsoft SharePoint® Portal Server (SPS): Antigen for SharePoint
Live Communication Server: Antigen for Instant Messaging
Multiple engine managementUp to eight engines available
Advanced Spam Manager integration with Microsoft® Intelligent Message Filter
Content and Document filtering Block mail according to file type
Scan file names, text within documents, and e-mail subject and body for administrator-defined keywords
ASM & IMF Together
On the same server, IMF scans before ASM
Each applies an SCL rating – the higher the rating always wins (i.e. has more confidence)
Mail that is rejected , deleted or archived by IFM will NOT make it to ASM
Example: IMF archived SCL 7,8 & 9
ASM Spam set to 9IMF SCL of 0-6
IMF Scan
ASM Scan
Archive Folder
Pickup Folder
If Admin moves
message
If SCL is 7,8,9
Inbox
Junk E-Mail
Mail Store
MOM MP for Antigen
Over 100 Events, Performance Counters and Services Monitored
Monitors the state of Antigen and its key components
Collects statistical data on scanning, detection and removal of messages and attachments
5 Antigen Services Polled - Provides timed events to poll systems for critical process health
Key Tasks:Trigger Scan Engine updates
Centralized storage and deployment of License files
Import, export and deploy changes for key settings
Immediate and/or scheduling of Manual Scan Jobs.
Start/Stop control of Antigen services
Forefront Management med MOM
Competitive Advantages
Key Points:
Single Points of FailureOne Engine throughout antivirus suite on all platform
Single Layer of Scanning on Exchange Server
Different products for different version of Exchangepoor migration support
Limited Notifications
No disclaimers
Limited File and Content Filtering
PSS Support