Mct summit na what's new in forefront endpoint protection 2012 beta

O c t o b e r 1 9 – 2 1 , 2 0 1 1

What’s new in Forefront Endpoint Protection 2012

According to beta material

Peter De Tender

OCT19-21

About the speaker

• Managing Partner ICTinus (Belgian IT Company)• +15 years IT Pro on Microsoft technologies• Focus on Exchange & Forefront• MCT for 3 years• Country Lead MCT Europe Belgian Chapter

• Email: Peter.detender@ictinus.be• Blogs: http://the-c-spot.org + http://trycatch.be/blogs/pdtit • LinkedIn: http://be.linkedin.com/in/pdtit• Twitter: http://twitter.com/pdtit

OCT19-21

Agenda

• About FEP• Server installation walkthrough• Client management & deployment• Update mechanism• Reporting

• Q&A

OCT19-21

Agenda

• About FEP• Server installation walkthrough• Client management & deployment• Update mechanism• Reporting

• Q&A

OCT19-21

Business Needs and IT Challenges

Increased complexity with separate workloads for endpoint protection

and desktop management

Increased complexity with separate workloads for endpoint protection

and desktop management

High cost to maintain separate infrastructure

High cost to maintain separate infrastructureReduce cost of client protectionReduce cost of client protection

Stop known and unknown threatsStop known and unknown threats

Easily secure endpoints, maintain productivity

Easily secure endpoints, maintain productivity

Constantly evolving threatsConstantly evolving threats

BUSINESS NeedsAgility and Flexibility

IT NeedsControl

OCT19-21

Convergence of Desktop Security & Management

IMPROVED PROTECTION• Security personnel have access to

desktop configuration data

• Health status and protection status in a single interface, with consolidated reporting

• Incident response (identify / update / remediate) is more targeted

IMPROVED PROTECTION• Security personnel have access to

desktop configuration data

• Health status and protection status in a single interface, with consolidated reporting

• Incident response (identify / update / remediate) is more targeted

LOWER COSTS• One server infrastructure to maintain

• A single mechanism to deploy software updates to clients

• Central policy implementation for security and management

• One set of training for administrators

• A single license to purchase (*CAL)

LOWER COSTS• One server infrastructure to maintain

• A single mechanism to deploy software updates to clients

• Central policy implementation for security and management

• One set of training for administrators

• A single license to purchase (*CAL)

Security + ManagementSecurity + Management

OCT19-21

Forefront Endpoint Protection 2012Next Generation of Forefront Client Security

• Built on distribution infrastructure of Microsoft® System Center Configuration Manager software

• Supports all System Center Configuration Manager topologies and enables enterprise-wide scalability

• Facilitates easy migration

• Able to deploy across various operating systems (including Microsoft Windows® client and Microsoft Windows Server ®)

• Protection against viruses, spyware, rootkits, and network vulnerabilities

• Productivity-oriented default configuration

• Integrated management of host firewall

• Backed by Microsoft Malware Protection Center

• Unified management interface for desktop administrators

• Timely and effective alerts

• Simple, operation-oriented policy administration

• Historical reporting for security administrators

Ease of Deployment Enhanced Protection and Productivity

Simplified Desktop Management

OCT19-21

Forefront Protection Stack: OverviewFocus• Reduce time and cost to protect• Increase cost to attack, decrease exploit

window• Operationalize new protection

technologies

Operationalizing protection• Balancing protection vs. performance• Remediation and threat management

improvements• Simplifying deployment

Firewall &Configuration Management

Anti-rootkit

Generics and Heuristics

Antimalware

Behavior Monitoring

Dynamic Signature

Service

Malware Response “MMPC”

Network Vulnerability Shielding

Browser Protection

OCT19-21

New / Updated features of FEP 2012

• Easier to deploy client• Building on top of SCCM 2012 architecture– Scalability / high availability / ...

• Network-friendly definition deployment• Simpler to setup and operate• Email subscriptions for alerting• Built-in security admin role (RBAC)

OCT19-21

New / Updated Licensing model

• Previous versions:– Part of Forefront Protection Suite CAL– Separate FEP 2007/2010 CAL– Part of E-CAL in EA

• Present version:– Part of Core-CAL in EA– (+ older possibilities still apply)

OCT19-21

Agenda

• About FEP• Server installation walkthrough• Client management & deployment• Update mechanism• Reporting

• Q&A

OCT19-21

Installing FEP Server 2012

OCT19-21

SCCM 2012 Console integration

• Software Library – Packages

OCT19-21

SCCM 2012 Console integration

• Monitoring / Overview / FEP Status

OCT19-21

SCCM 2012 Console integration

• Assets & Compliance Console

OCT19-21

Agenda

• About FEP• Server installation walkthrough• Client deployment & management• Update mechanism• Reporting

• Q&A

OCT19-21

Client Deployment

• Manual or automated scenario

OCT19-21

Protect Clients without Complexity• Simple interface

– Minimal, high-level user interactions

– Only necessary interactions

• Administration options– User configurability controls– Central policy enforcement

• Maintain high productivity– CPU throttling during scans– Faster scans through

advanced caching

OCT19-21

FEP UI – Home Tab

• Clear Statusinformation

OCT19-21

• Scan details• Scan options• Custom scan• Initiate scan

FEP UI – Home Tab

OCT19-21

• Scan details• Scan options• Custom scan• Initiate scan• Scan progress• Scan results

FEP UI – Home Tab

OCT19-21

• Update details• Initiate update

FEP UI – Update Tab

OCT19-21

• Update details• Initiate update• Update

progress

FEP UI – Update Tab

OCT19-21

• Displays all malware detections and actions

• Delete history• Display

quarantined• Display

allowed

FEP UI – History Tab

OCT19-21

• Settings can be centrally managed, or delegated to users

FEP UI – Settings Tab

OCT19-21

Agenda

• About FEP• Server installation walkthrough• Client management & deployment• Update mechanism• Reporting & alerting

• Q&A

OCT19-21

Update Mechanism

• +/- 8h update polling to Microsoft MU/WU from server – 15min polling from client to server

• Policy based, not package based as in FEP2010

• Relying on WSUS integration (= server role)• Update engine based on feedback from MMPC

and SpyNet

OCT19-21

Agenda

• About FEP• Server installation walkthrough• Client management & deployment• Update mechanism• Reporting & alerting

• Q&A

OCT19-21

Reporting & Alerting

• Built on SQL Reporting Services• It’s all in the “monitoring” space• Alerts - by mail:–Malware Detection–Malware Outbreak– Repeated Malware Detection–Multiple Detections have

OCT19-21

Agenda

• About FEP• Server installation walkthrough• Client management & deployment• Update mechanism• Reporting

• Q&A

OCT19-2131

Questions?• Email: Peter.detender@ictinus.be• Blogs: http://the-c-spot.org + http://trycatch.be/blogs/pdtit • LinkedIn: http://be.linkedin.com/in/pdtit• Twitter: http://twitter.com/pdtit

Thanks for Your Support!

MCT Summit Sponsors:

MCT Summit Partner: