1. Plataforma de seguridad integrada de Microsoft Paulo Dias IT Pro Evangelist Microsoft [email_address] Fernando Guillot IT Pro Evangelist Microsoft [email_address]
2. “ Es imposible tener un ordenador, sin anti-virus, conectado a Internet por más de 6 meses sin que este se infecte!” Anónimo
3.
4. Remove most prevalent viruses Remove all known viruses Real-time antivirus Remove all known spyware Real-time antispyware Central reporting and alerting Customization Microsoft Forefront Client Security MSRT Windows Defender Windows Live Safety Scanner Windows Live OneCare IT Infrastructure Integration Usuarios Empresas
13. Escenario del día Cero Hoy en día DNS Reverse Lookup Client Event Log Edge Protection Log Network Admin Client Security Horas? Días? DEMO-CLT1 Andy Desktop Admin Malicious Web Site Phone Edge Protection Manual: Launch a scan WEB
14. Escenario del día Cero Con Dynamic Response en Stirling Minutos Security Admin Network Admin DEMO-CLT1 Andy Desktop Admin Malicious Web Site Client Security Stirling Core NAP Active Directory Forefront Server for: Exchange, SharePoint OCS Block Email Block IM Reset Account Quarantine TMG identifies malware on DEMO-CLT1 computer attempting to propagate (Port Scan) WEB Forefront TMG Compromised Computer DEMO-CLT1 High Fidelity High Severity Expire: Wed Compromised User: Andy Low Fidelity High Severity Expire: Wed FCS identifies Andy has logged on to DEMO-CLT1 Alert Scan Computer
15. NAP + IPsec, Paso a Paso Accessing the network X DHCP Remediation Server IAS May I have a DHCP address? Here you go. Health Registration Authority May I have a health certificate? Here’s my SoH. Client ok? No. Needs update. You don’t get a health certificate. Go update. I need updates. Here you go. Yes. Issue health certificate. Here’s your health certificate. Client Quarantine Zone Boundary Zone Protected Zone
17. Escalabilidad Stirling Console (NORMALMENTE YA EXISTE ANTES DE STIRLING) Stirling Core Stirling SQL DB SCOM Root Management Server (RMS) SCOM SQL DB SQL Reporting Server SQL Reporting DB Roles de los servidores Stirling Software/Signature Deployment e.g. WSUS or SCCM Hasta 2,500 Ordenadores 1 Hasta 25,000 Ordenadores Stirling Console Stirling Core SCOM (RMS) SQL Reporting Server Stirling SQL DB SCOM SQL DB SQL Reporting DB WSUS 4 1 2 1 Escalando hacia arriba… Stirling Console Stirling Core SQL Reporting Server SCOM RMS SCOM SQL DB + Per 25,000 Assets Per 20,000 Assets 1 1 WSUS 1 1 Stirling SQL DB SQL Reporting DB 1
18. Roadmap de producto H2 2008 Cliente y Servidor Servidores de Applicaciones Red Perimetral Sistema de Seguridad Integrado Codename “Stirling” H1 2008 H1 2009 NEXT NEW NEW NEXT NEW NEXT NEW BETA 1 BETA 1 BETA 1 BETA 1 BETA 2 BETA 2 BETA 2 BETA 2
19. Antivirus – Antispyware AVComparatives (Feb 2008) Prueba realizada con productos anti-virus enfocados al mecado de consumo, con una muestra de malware que cubre aproximadamente los últimos 3 años. Received AVComparatives Advanced Certification FCS Awards & Certifications En pruebas realizadas recientemente, Microsoft sale valorada entre los líderes en protección antivirus Prueba basada en más de 1 millón de muestras de malware AVTest.org (Marzo 2008) Prueba basada en más de 1 millón de muestras de malware AVTest.org (Sept 2008) Kaspersky 98.3% Symantec 97.7% McAfee 94.9% Microsoft 93.9% VBA32 87.7% AVK (G Data) 99.9% Trend Micro 98.7% Sophos 98.1% Microsoft 97.8% Kaspersky 97.2% F-Secure 96.8% Norton (Symantec) 95.7% McAfee 95.6% eTrust / VET (CA) 72.1% AVK 2009 (G Data) 99.8% F-Secure 99.2% Norton (Symantec) 98.7% Kaspersky 98.4% Microsoft 97.7% Sophos 97.5% McAfee 93.6% Trend Micro 91.3% CA - VET 65.5%
20.
21. Referencias Descarga del entorno virtual de Forefront "Stirling" https:// profile.microsoft.com/RegSysProfileCenter/wizard.aspx?wizid=eaf5fda5-3adf-4b09-86e6-16f5a5e8c6d6&lcid=1033 Descarga del software de Forefront "Stirling" https://profile.microsoft.com/RegSysProfileCenter/wizard.aspx?wizid=eaf5fda5-3adf-4b09-86e6-16f5a5e8c6d6&lcid=1033&FU=https:// www.microsoft.com/betaexperience/scripts/gcs.aspx?Product=tn-stirling-vhd&Lcid=1033 Sitio web de Forefront http:// www.microsoft.com/forefront Centro de Seguridad TechNet http:// www.microsoft.com/spain/technet/security/default.mspx