Building an Integrated Security System Microsoft Forefront code name “Stirling”

Building an Integrated Security SystemMicrosoft Forefront code name “Stirling”

Ravi SankarTechnology Evangelist | Microsofthttp://ravisankar.spaces.live.com/blog

AgendaSecurity and Access ChallengesForefront TodayForefront Codename “Stirling”

Comprehensive ProtectionSimplified ManagementCritical Visibility

DemoQ&A

Security And Access Challenges

More usersMore locations/devicesIntranet/Extranet access

Full connectivity is riskyPoor apps integration Lack of scalability

Changing legal rulesChanging business rulesLimited granularity

Growing Mobility Traditional VPNs Inadequate

Difficult to Enforce Policies

More advancedIncreased volumeProfit motivated

Many point products Poor interoperability Lack of integration

Multiple consolesUncoordinated reportsComplex and costly

Escalating Threats Fragmented Security Difficult to Manage and

Deploy

Security challenges

Access Challenges

A comprehensive line of business security products that helps you gain greater protection and secure access

through deep integration and simplified management

Network EdgeServer ApplicationsClient And Server OS

Management And VisibilityDynamic Response

Network EdgeServer Applications

Client And Server OS

vNextAn Integrated

Security System

Integrated protection across clients, server and edgeDynamic responses to emerging threatsNext generation protection technologies

Comprehensive

Protection

Manage from a single role-based consoleAsset and policy centric modelIntegrates with your existing infrastructure

SimplifiedManagemen

t

Know your security state in real-time View insightful reportsInvestigate and remediate security issues

CriticalVisibility

An Integrated Security System that delivers comprehensive, coordinated protection with simplified management and critical visibility

across clients, servers, and the network edge

ComprehensiveProtection

Comprehensive ProtectionIntegrated security systemSilo’d Best of Breed Solutions are not enough

Customers do this today and still have security issuesManual coordination is difficult and often incompleteExpensive and difficult to understand if “I’m secure”

Stirling and Dynamic Response are the answerLayered Protection across the organizationProtection technologies that work togetherProtection technologies that share security state informationProtection technologies that take action together

Customers need anIntegrated Security System

Stirling’s protection technologies work together to better protect customers

DNS Reverse Lookup

Client Event Log

Edge Protection

Log

Network Admin

Edge Protection

Client Security

Hours

DEMO-CLT1 Andy

DesktopAdmin

Manual: Launch a scan

WEB

Malicious Web Site

Phone

Manual: Disconnect the Computer

Zero Day ScenarioToday

Security Assessments Channel

2-3 min

TMG identifies malware on DEMO-CLT1 computer attempting to propagate (Port Scan)

Security Admin

Network Admin

DEMO-CLT1 Andy

DesktopAdmin

Malicious Web Site

WEB

Forefront TMG Client

Security

CompromisedComputer DEMO-CLT1High FidelityHigh SeverityExpire: Wed

CompromisedUser: AndyLow FidelityHigh SeverityExpire: Wed

Stirling Core

NAPActive

Directory

Forefront Server

for:Exchange

, SharePoi

ntOCS

FCS identifies Andy has logged on to DEMO-

CLT1

Alert

Scan Computer

Block Email

Block IM

Reset Account

Quarantine

Zero Day ScenarioWith Stirling and Dynamic Response

Enterprise Security

Too much or too little data

Efficient and focused investigation

Today

High rates of false positive/negative

Manual enterprise wide response

Monitoring Low visibility on enterprise security

Standard channel for security information

Share contextual Information

Automatic responseand shield up

Detection

ProtectionInvestigatio

n

StirlingDynamic Response

Stirling delivers:Better Protection - Faster Response - Lower Cost

Stirling Protection Technologies

vNextvNext

vNext

NEW

AntivirusAntispyware

Host Firewall

NAP IntegrationVulnerability

Assessment & Remediation

Exchange Protection

Content Filtering

SharPoint Protection

Firewall

Web AV

Remote Access

Dynamic ResponseCoordinated Defense Adaptive InvestigationInformation Sharing

Content Filtering

And More…

SimplifiedManagement

Security ManagementToday

Jumping between consoles waste timeEach console has its own policy paradigmProduct’s are in silos with no integration

Lack of integration with infrastructure generate inefficienciesDifficult to know if solutions are protecting from emerging threats

Management Console

Management Console

Management Console

Reporting Console Reporting Console Reporting Console

Console

Endpoint Protection

Server Application Protection

Network Edge Vulnerability Assessment

Simplified Management With StirlingProtect your business with greater efficiency

One console for simplified, role-based security management

Define one security policy for your assets across protection technologies

Deploy signatures, policies and software quickly

Integrates with your existing infrastructure: SCOM, SQL, WSUS, AD, NAP, SCCM

Critical Visibility And Control

Know your security state

View insightful reports

Investigate and remediate security risks

Critical Visibility And ControlKnow where action is required

Stirling Beta 1

DEMO

RoadmapH2 2008

Client andServer OS

ServerApplications

Network Edge

IntegratedSecurity System

NEW

NEW

NEX

TN

EXT

NEW

NEX

T

Codename “Stirling”

NEWBETA

H1 2008 H1 2009

SummaryStirling is an Integrated Enterprise Security System that delivers comprehensive, coordinated protection with simplified management and critical visibility across clients, servers, and the network edge Dynamic, coordinated responses to threats

Focus on protecting assetsManage security, not security productsCoherent and meaningful reports

Next StepsBecome experts in existing Forefront products

Install Stirling Beta

Give us feedback!

22

Q & A

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.