This document provides an overview of Secure Messaging and Forefront Online Protection for Exchange. It discusses challenges with messaging security including threats, access, and control. It then outlines Microsoft's strategy and solutions to address these challenges, including online protection, on-premises protection, and a hybrid model. Key capabilities of Forefront Online Protection for Exchange and Forefront Server Security solutions are summarized.
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Microsoft Forefront - Secure Messaging & Online Protection for Exchange Overview Presentation
1. Secure Messaging & Forefront Online
Protection for Exchange Overview
Name
Title
Group
Microsoft Corporation
2. Business Ready Security
Help securely enable business by managing risk and empowering people
Protect everywhere, Identity
Simplify the security
access anywhere experience,
manage compliance
Highly Secure & Interoperable Platform
Integrate and extend
security across the
enterprise
from: to:
Block Enable
Cost Value
Siloed Seamless
3. Agenda
Secure Messaging Challenges
The Microsoft Solution
Strategy for Messaging Security
Online Protection
On-Premises Protection
Hybrid Protection
4. Messaging and Collaboration
Security Challenges
Threats: Security threats continue to grow
• Spam, viruses and phishing still plague users
• Network attacks still prevalent
Access: Growing Mobility
• Need uninterrupted access to e-mail, IM and team sites
• Mobile and remote access are critical for productivity
• Security measures sometimes add hassle
Control: Increasing regulations and compliance
• Varying levels of compliance across organization
• Concern for loss of sensitive information
• Need to restrict inappropriate content
*2005 Electronic Monitoring & Surveillance Survey from American Management Association (AMA) and the ePolicy Institute
5. Strategy for Securing Messaging
and Collaboration Systems
Microsoft Identity
Challenges Responses & Security Solutions
Threats
Stop malicious software and spam from
Protect entering into the messaging environment
Access Publish Provide secure access to users outside the corporate
network from managed and unmanaged endpoints
Establish policies that determine secure remote access to
Policy users, partners, and customers depending on their role
Prevent leakage of confidential information in e-mail,
Control Prevent documents and IM conversations internally and externally
Quickly provision and de-provision user accounts
Provision and synchronize across the environment.
Understand the health and security status of your entire
Manage environment in real-time and report on key trends.
6. Gartner Magic Quadrant for Secure E-Mail
Gateways
This Magic Quadrant graphic was published by Gartner, Inc.
as part of a larger research note and should be evaluated in
the context of the entire report. The Gartner report is
available upon request from Microsoft.
The Gartner Magic Quadrant is copyrighted by Gartner, Inc.,
and is reused with permission. The Magic Quadrant is a
graphical representation of a marketplace at and for a
specific time period. It depicts Gartner’s analysis of how
certain vendors measure against criteria for that
marketplace, defined by Gartner. Gartner does not endorse
any vendor, product or service depicted in the Magic
Quadrant, and does not advise technology users to select
only those vendors placed in the “Leaders” quadrant. The
Magic Quadrant is intended solely as a research tool, and is
not meant to be a specific guide to action. Gartner disclaims
all warranties, express or implied, with respect to this
research, including any warranties of merchantability or
fitness for a particular purpose.
-- Gartner, Inc. Magic Quadrant for Secure E-Mail
Gateways, Peter Firstbrook, Eric Ouellet, April 27, 2010.
8. Forefront Online Protection for Exchange
Multilayer spam and virus protection and policy enforcement
External Senders/ Corporate Network
Recipients
Exchange Server
Legitimate Antivirus
E-mail
Edge Blocking
Inbound Filtered
Policy E-mail
* Encryption Active
FOPE Directory Directory
Outbound Anti-spam Synchronization Tool
Junk E-mail Filtered E-mail
Disaster Recovery
Messaging
Administrator
Administrator
Console
About 90% of Employees
E-mail is junk End User
Quarantine
Also incorporates
* Requires additional Exchange technology from…
Hosted Encryption License
9. FOPE SLAs
FOPE provides a comprehensive set of SLAs covering network
performance and spam and virus filtering effectiveness
Each SLA is backed by a financial commitment from Microsoft
100% > 98% < 1:250,000
Spam and Virus
Filtering Effectiveness Known Virus Spam False Positive
Protection Detection Ratio
Filtering Network Rapid E-mail Delivery
Network Uptime
Performance (Average delivery commitment
> 99.999% of less than 1 minute)
Terms and conditions apply. Please visit the Admin Center Resource Center at http://admin.global.frontbridge.com
You may have to login to the system to view the service level agreement. Please contact your reseller or Microsoft
Account Manager if you wish to view these prior to signing up for the service.
10. FOPE Datacenters
NOT Geo-proximity
Mail latency: seconds, not milliseconds
Washington Dublin
Backup, Utility 191 Hosts
Virginia Amsterdam
191 Hosts
California Texas 220 Hosts
Utility 200 Hosts
Singapore
140 Hosts
11. Disaster Capacity
6,000,000,000
5 Billion
5,000,000,000
4,000,000,000
Recipients
3,000,000,000 Design goal: 7.5Bil, with Post-Edge
2,000,000,000
one DC out Delivery
1,000,000,000 0.5 Billion
0
12/29/2004 2/2/2006 3/9/2007 4/12/2008 5/17/2009
12. Additional safety and availability with multiple
copies
Every server caches every customer’s settings
No DC relies on another to process mail
Each Datacenter
Customer
Config
PrimaryDB
Each Filtering
Each Filtering
Server
Each Filtering
Server
Server
Config
Customer Config
Config Config
BackupDB
13. Proactive health checking
Pushback
Servers automatically leave rotation if they are
having trouble meeting SLA
Invisible to customer – different from Exchange
“backpressure”
Central “Brain” prevents the entire service from
going out of rotation at once
I
N
T
E
R
N
E
T
14. Outbound Risk Mitigation to protect your
company’s email reputation
Customer’s Outbound Non-
Mail Server Delivery Pool Customer
Mail Server
Higher-Risk
Delivery Pool
16. Forefront server security solutions help businesses protect their messaging and
collaboration servers against viruses, worms, spam and inappropriate content.
Multiple scan engines at multiple layers throughout
Comprehensive
the corporate infrastructure provide maximum
Protection
protection against e-mail and collaboration threats
Tight integration with Microsoft Exchange,
Optimized
SharePoint and Office Communications Servers
Performance
maximizes availability and performance
Easy-to-use management console provides central configuration
Simplified
and operation, automated scan engine signature updates and
Management
reporting at the server and enterprise level
17. Protecting Exchange Environments
Enterprise Network
Edge Transport Hub Transport
PBX or VoIP
Other SMTP Routing Hygiene Routing Policy
Servers
Applications: Unified
OWA Messaging
Internet
Protocols:
ActiveSync, POP, Voice Messaging
IMAP, RPC / HTTP …
Mailbox Fax
Programmability:
Web services,
Web parts Public Folders
Client
Access
18. Multiple Engine Management
Deploy single solution using multiple integrated technologies
All engines included in base cost
Up to 5 engines can be run simultaneously on any scan job
A
B
C
Messaging and D
Collaboration Servers
E
20. File Filtering
Filter by name, direction, type, or size
Wildcards supported, e.g., “*resume*.doc”
<in>*.exe, <out>*.doc
Filters can be combinations of size, name, type & direction
<in>photo1.jpg>10mb, <out>*.mp3>5mb, <in>*>10mb
Suggested files to block: EXE, COM, PIF, SCR, VBS,
SHS, CHM and BAT (match files blocked by Outlook)
Actions
Skip: Detect only
logs the event but does not block
Delete: Remove contents
removes the attachment only and replaces
with the customized deletion text
Purge: Eliminate message
deletes both the attachment and the message body
21. Zip File Behavior
Forefront scans within ZIP and other compressed formats
(up to 5 deep) and deletes only the offending file.
Custom deletion text
Filter Rules:
EXE DOC Delete *.exe TXT DOC
Quarantine
BMP JPG BMP JPG
Container file EXE Container file
before scan after scan
Quarantine
22. Keyword Filtering
Filters message body and subject based on content criteria
Filter lists can enable search for words, phrases, and sentences
with basic lexicon
Includes pre-populated lists in 11 languages to scan for
Profanity
Discriminatory words
23. Forefront Anti-spam Flow
Incoming
Internet
1 E-mail
Connection filtering
1 Connection Filtering
SMTP Filtering
2 2
Protocol filtering Content
3 Filtering
Administrator
Quarantine
Mailbox / Store
3
Content filtering User Inbox
User Junk
E-mail Folder
25. Hybrid Messaging Security
Online On-Premise Software
Exchange Server
Firewall
Internet SMTP
Edge Role Hub Role Mailbox Role
Antivirus and anti-spam protection for Exchange
Server 2007 Server Roles
Anti Malware Anti Spam Management
Forefront Online • Symantec • Inbound Messaging Hygiene • Anti Spam Feedback Loop
Protection for Exchange • Authentium • Stop Foreign Spam • Message Tracing
• Kaspersky • Outbound Spam Mitigation • IT Admin Improvements
Forefront Protection • MS AV + AntiSpyware • Internal mail filtering • Forefront Server Security
2010 for Exchange • Kaspersky • Industry-leading 3rd party content Management Console
Server • Authentium filtering
• Virus Buster
• Norman
26. Hybrid Anti-Spam Benefits
Stops junk e-mail and malware before they reach your network
Active
Provides always-available e-mail with user-based Quarantine
Protection
Meets most compliance requirements
High-availability global network backed by SLAs
Enterprise-Class
Secure operations process that meets audit standards
Reliability
Reduces complexity of IT environment
Quickly activates with simple MX record change
Reduced Cost
Saves time on anti-spam management; frees up resources
of Administration
Deployed quickly without additional Capital Expenditures
27. Hybrid Anti-Spam Monitoring
Incidents
JetBlue database with aggregated statistics
Quarantine database
Agent Log
Used for all FPE Premium anti-spam agents
Compatible with Exchange agent log schema
Performance counters
Messages Per spam Confidence Levels (SCLs)
Total Messages sent to Quarantine, Deleted, Rejected
Aggregated in SCOM pack
Reports (aggregated statistics)
Hit Rate for DNSBL with granularity to action
Top spam sender domain
Top spam-sending IP
Top targeted domain
Top targeted recipient
28. Microsoft is Your Technology Partner
Covers functions needed to optimize your infrastructure: operating
Unified and systems, virtualization, management, security, identity and access
Comprehensive Spans the breadth of your infrastructure: desktop, server,
mobile devices, application platform, and security
Interoperable Our products have always worked well together
by Design Compliant with industry standards by design
Trusted Reduces IT Support and end user training costs
and Familiar Maximizes productivity