11. Multiple scan engines at multiple layers throughout the corporate infrastructure provide maximum protection against email and collaboration threats
67. Gartner Magic Quadrant for Secure E-Mail Gateways -- Gartner, Inc. Magic Quadrant for Secure E-Mail Gateways, Peter Firstbrook, Erik Ouellet, April 27, 2010. The Gartner Magic Quadrant is copyrighted by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Microsoft.
70. Single-engine vendors provided responses in 5 days, 4 days,and 6 days,respectively. On-premises or in the cloud 99% spam detection* * With premium anti-spam services
72. Forefront Protection for Exchange Server Enterprise Network Edge Transport Protection availability: Exchange 2010 Exchange 2007 SP1 Hub Transport Routing & Policy External mail Unified Messaging Voice mail & voice access Mailbox Storage of mailbox items Mobile phone Client Access Client connectivity Web services Phone system (PBX or VOIP) Web browser Outlook (remote user) Line of business applications Outlook (local user)
74. Keyword Filtering Searches the message body for matches to keywords in selected lists Can be imported from an existing file Can filter phrases Support operators: AND, OR, NOT Actions: Skip & Detect, Delete, Suspend
75. File Filtering Filter by name, type, or size: *.exe *.doc *>10 MB Filters can be combinations of size, name, and type: photo1.jpg > 10 MB *.mp3 > 5 MB *>10 MB Suggested files to block: EXE, COM, PIF, SCR, VBS, SHS, CHM, and BAT Actions: SkipDetect, Suspend (Realtime), Delete (Scheduled/OnDemand)
76. Container Behavior Forefront scans within .zip, .rar, and other compressed formats and deletes only the offending file EXE DOC TXT DOC JPG BMP JPG BMP Custom deletion text Filter Rules: Delete *.exeQuarantine Container file before scan EXE Container file after scan Quarantine
80. Forefront Online Protection for Exchange Multilayer spam and virus protection and policy enforcement Corporate network External senders/ recipients Exchange Server Legitimate email Antivirus Inbound filteredemail Policy Edge Blocking Active Directory Encryption* FOPE Directory Synchronization Tool Anti-spam Outbound filtered email Junk email Automatic spooling Messaging administrator Administrator console Employees About 90% of email is junk End-user quarantine Also incorporates technology from… *Requires additional Exchange Hosted Encryption license
81. Hybrid Messaging Protection On-premises software Online Exchange Server Internet SMTP Edge role Hub role Mailbox role Antivirus and anti-spam protection for Exchange Server 2010 and Exchange Server 2007 server roles
84. The Need for SharePoint Protection SQL back end Indexing server Management External SharePoint users Potential malware Internet Potential malware InternalSharePoint users Unified Application Gateway Web front end firewall
85. Integration with SharePoint Forefront Protection for SharePoint Antivirus scanning Antispyware scanning Keyword filtering File filtering Quarantine VSAPI Upload/ download SharePoint databases SharePoint web front-end servers
116. Reporting On-demand Incident detection, spam detection, engine and definition version Report scoped based on date range and desired servers Report includes distribution of detections, trending, and raw data Scheduled Sent via email on a daily, weekly, or monthly basis
117. FPSMC Architecture Overview Remote access Replication Backup FPSMC Primary FPSMC Add FPE and FPSP servers to FPSMC and deploy agent Upload policy to FPSMC and create jobs Run jobs to deploy policy Retrieve quarantine and reporting data periodically
120. Forefront Protection for Office Product List and Acronyms Forefront is the Microsoft brand and suite of security products: Forefront Online Protection for Exchange (FOPE) Exchange Hosted Encryption (EHE) Forefront Protection 2010 for Exchange Server (FPE) Forefront Protection 2010 for SharePoint (FPSP) Forefront Security for OCS (FSOCS) Forefront Protection Server Management Console (FPSMC) Forefront Protection Server Script Kit (FPSSK)
123. Introducing Business Ready Security Demo 4.0i Microsoft Business Ready Security (BRS) 4.0i New! FPSMC RTW included New! FPSMC hands-on lab (HOL) New! FPE and FPSP update rollups End-to-end demo environment All identity and security solutions and technologies 7 GB zipped installer package Demo scripts and architecture overview documentation provided Available as download: http://go.microsoft.com/fwlink/?LinkId=190269 Distribution list: msvmtalk@microsoft.com
127. Questions and Answers Submit text questions by using the “Ask” button Don’t forget to fill out the survey For upcoming and previously live webcasts: www.microsoft.com/webcast Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781
The new FOPE 10.2 release offers Office 365 Beta customers greater flexibility in configuring their Anti-spam and policy filtering settings directly through the FOPE Admin center console which they will now have access to. In addition, Office 365 Beta customers will now have enhanced secure mail routing options as well as options for mail flow between their Exchange Online and on-premises mailboxes.
Forefront Protection 2010 for Exchange Server is the only leading email protection product that offers multiple scanning engines in a single solution. Multiple scanning engines are a critical component in protecting against viruses and other malware. For example, most business (97 percent) provide antivirus and firewall protection, yet half of them (52 percent) experience virus infections (according to the CSI/FBI 2007 Survey) anyway. That’s because most scanning engine vendors can’t release antivirus signatures quickly enough to detect new threats—in some cases it can take days or even weeks! The Forefront Protection 2010 for Exchange Server engine set has been proven (by AV-Test.org) to detect new threats faster than single-engine solutions, in fact 38 times faster than single engine providers. This is because the product is getting virus signatures from 5 different companies with different response teams, decreasing the time to get signatures. Administrators can run up to five scanning engines simultaneously and in different combinations at Edge, Hub, and Mailbox servers. By running multiple scanning engines simultaneously, Forefront Protection 2010 for Exchange Server can more effectively protect against a single point of failure. It can also manage these engines so that if one engine fails or goes offline to update, other engines continue to protect the IT environment without slowing mail delivery. Spam Talking Points Spam was once just an annoyance, but it has become the tactic of choice for online deception, fraud, and abuse. Companies are being forced to commit significant resources to protect their messaging infrastructures and their brands, and computer users must stay vigilant to protect themselves from the influx of deceptive email.Microsoft has developed a holistic strategy to battle spam that includes industry collaboration, prescriptive education, and the development of innovative technologies and services. Forefront Protection 2010 for Exchange Server protects Exchange through aggregated reputation services and SmartScreen filtering technology from Microsoft. These are enhanced with highly accurate spam-filtering technology from the industry-leading partner Cloudmark.Forefront Protection 2010 for Exchange Server offers built-in integration with Forefront Online Security for Exchange, a hosted filtering service that enables customers to block spam before it ever reaches their networks.
July:“… a stunning spam catch rate of 99.96% combined with a total lack of false positives not only wins the product its sixth consecutive VBSpam award, but also gives it the highest final score for the third time in a row.”
FPE uses several kinds of filtering in order to identify and mitigate spam email:Connection Filtering—FPE examines the IP address of the original sender. FPE has user configurable static IP block and allow lists and a dynamic DNS block list maintained by Microsoft that can filter up to 90% of spam email. Sender Filtering—FPE examines the SMTP sender information. This filter enables administrators to configure allowed and blocked senders by domains and email addresses. Sender ID Filtering—FPE uses a Sender ID framework to validate that the sender is not spoofing the identity of another sender. Recipient Filtering—FPE can also be configured to allow and block email messages to certain recipients in your organization. In addition, FPE has the capability, through Active Directory Domain Service queries, to validate that the recipient exists in the company’s Active Directory Domain Service.Content Filtering—FPE also examines the content of the message itself, including subject line and the message body. FPE uses a third-party anti-spam engine to scan all email for spam. Backscatter Filtering—FPE includes new technology that enables administrators to prevent false Non-Delivery Reports (NDR) generated from spoofed sender addresses from entering their environment.
Forefront Online Protection for Exchange reputation-based connection blocking employs a proprietary list that, based on analysis of historical data, contains the addresses of computers connected to the Internet that are responsible for the majority of spam. Through an ongoing partnership with Microsoft® Windows Live™ Hotmail®, FOPE aggregates both consumer and corporate junk email data to populate a massive and comprehensive reputation database. FOPE also utilizes Internet Protocol (IP) reputation information from other companies and ISPs in order to provide enhanced protection from questionable IP’s and botnet attacks, which come from a collection of compromised computers running software under a common infrastructure of command and control. Spammers are frequently creating malicious web sites that they use for phishing and infecting malware. FOPE leverages a variety of sources to quickly update lists of known malicious URLs and update its content filters to block these messages. FOPE employs a layered approach to offer protection from both known and unknown threats for both inbound and outbound email. FOPE uses three antivirus engines (Symantec, Kaspersky, and Authentium) to help protect against viruses and other email threats. The antivirus engines include powerful heuristic detection to provide protection even during the early stages of a virus outbreak. The multi-engine approach has been shown to provide significantly more protection than using just one antivirus engine.FOPE offers an integrated approach to message security through policy enforcement. It allows companies to automatically monitor outbound and inbound email, stop sensitive or inappropriate messages from leaving and entering the corporate network, and allow specific senders to bypass spam filtering completely.
In a Standalone implementation, FOPE can be used with ANY typeof on-premises mail server. It is not limited to only working with Exchange Server.
FPE and FOPE can be used together to provide the best possible email protection. FOPE filters out all spam and malware before those messages ever get to your mail servers. This can eliminate as much as 90% of incoming email traffic, drastically reducing the load on your mail servers. FPE provides additional scanning capabilities such as Mailbox scanning and On-demand scanning. FPE also provides additional protection for mail sent internally.FPE communicates with FOPE through the FOPE Gateway. You use the gateway to make changes to the FOPE server's policy settings and synchronize with FPE’s anti-spam configurations. An automated system manages synchronization of anti-spam configuration settings that are common to FPE and the FOPE servers by updating the settings on the FOPE servers when a change is made to the FOPE or anti-spam settings in the FPE Administrator Console and saved.
Microsoft Forefront Protection 2010 for SharePoint (FPSP) helps reduce company liability and prevents data theft by denying access to documents containing out-of-policy content, confidential information, inappropriate language, and malware. FPSP integrates multiple scanning engines from industry-leading security partners into a single solution. FPSP provides customers with an easy-to-use administration console that includes customizable configuration settings, filtering options, and monitoring features and reports.
FPSP enables you to configure the following antimalware scanning options:Realtime—Scans, in real time, files that are uploaded to or downloaded from sites on your SharePoint server. Scheduled—Scans files that already reside on the server. On-demand—Scans specific sites to localize a known issue.
You can now manage multiple FPE and FPSP servers from a single management point using either the Forefront Protection Server Script Kit (FPSSK) or the Forefront Protection Server Management Console 2010 (FPSMC).The Microsoft Forefront Protection Server Script Kit provides multi-server management for Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint. In addition to the ability to manage multiple Forefront Protection Servers from a single location, this Solution Accelerator provideseasily extensible command-line scripts that help enable server discovery, configuration deployment, and integration with existing management technologies. It also offers basic reporting capabilities to detect configuration drift and monitor server statistics.The Microsoft Forefront Protection Server Management Console (FPSMC) is a management tool that provides information technology (IT) administrators with a way to centrally manage Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint deployments within your enterprise. Using a browser-based user interface, the management console provides centralized management.
The FPSMC supports the management of Forefront Protection 2010 for Exchange Server andForefront Protection 2010 for SharePoint. You cannot use FPSMC to manage Forefront Security for Office Communications Server (FSOCS).You cannot use FPSMC to manage Forefront Security Server or earlier products. To centrally manage Forefront Security Server or earlier products, use the Microsoft Forefront Server Security Management Console (FSSMC).
Jobs in Microsoft Forefront Protection Server Management Console (FPSMC) refer to tasks that can be performed from the console to the managed Forefront Protection 2010 for Exchange Server and Forefront Protection 2010 for SharePoint servers in your environment.From the FPSMC you can create, edit, copy, and delete jobs. You can also schedule or run a job on demand as well as check the status of a job in process.
The Microsoft Forefront Protection Server Management Console (FPSMC) can collect information from the managed servers and generate reports on a variety of Forefront Protection-related topics. The four available reports are:-Incident Detection Report: The Incident Detection report collects and presents data about the number of malware incidents and filter matches over a period of time on one or more managed servers. -Spam Detection Report: The Spam Detection report collects and presents data about the number of spam messages blocked by Forefront Protection 2010 for Exchange Server.-Engine and Definition Report: The Engine and Definition Versions report is used to collect and present data about the antivirus engine versions and definitions on selected servers running Forefront Protection 2010 for Exchange Server or Forefront Protection 2010 for SharePoint. FPSMC compares the current engine versions of the managed servers with the latest versions in the FPSMC cache to determine which, if any, of your signatures are out of date.-New Servers Report:The New Servers report displays a list of any servers running Forefront Protection 2010 for Exchange Server or Forefront Protection 2010 for SharePoint that have been added in the past 30 days to the forest in which the FPSMC resides.