Forefront Security Exchange. Problem Meddelande system och sammarbetsprodukter är underbarar mål för elak kod och “distrubition” av äkta dynga… Viruses.

Forefront SecurityExchange

Problem

Meddelande system och sammarbetsprodukter är underbarar mål för elak kod och “distrubition” av äkta dynga…

Viruses

Worms

Bot-nets

Trojans

Spam

Phishing

Profanity / offensive content

ExchangeExchange ExchangeExchangeExchangeExchange

VirusesVirusesWormsWormsSpamSpam

E-mail Antivirus Approaches

ISA ServersISA Servers Windows SMTP ServersWindows SMTP Servers

InternetInternet

AVAV

AVAVAVAVAVAV

AVAV

AVAVAVAV

AVAV

Single Vendor SolutionSingle Vendor Solution• Same scan engine, heuristicsSame scan engine, heuristics technology and signature files on technology and signature files on all server and client platforms all server and client platforms

• Dependent on one AV lab Dependent on one AV lab for scan engine updates for scan engine updates during virus or worm during virus or worm outbreaks outbreaks • Queuing and delay during Queuing and delay during engine updates on mission engine updates on mission critical servers (i.e. critical servers (i.e. Exchange) Exchange)

Problem:Problem: Single Point of FailureSingle Point of Failure

AVAV

AVAVAVAVAVAV

AVAV

AVAV

AVAV

AVAV

Multi-vendor SolutionMulti-vendor Solution• Different scan engines, heuristicsDifferent scan engines, heuristics technologies and signature files on technologies and signature files on server and client platforms server and client platforms

• High acquisition and High acquisition and maintenance cost maintenance cost • Added filtering complexityAdded filtering complexity• Added signature update Added signature update complexity complexity • Risk of failure and queuing still Risk of failure and queuing still

exists on mission-critical exists on mission-critical servers servers

Problem:Problem: Management/CostManagement/Cost

Defense-in-Depth for Exchange Server

ISA Server

Eliminate spam and viruses Eliminate spam and viruses before they reach your before they reach your networknetwork

Rapid identification and Rapid identification and quickest response to latest quickest response to latest threats threats

Unparalleled reliability and Unparalleled reliability and scalabilityscalability

Exchange

Protect against internal Protect against internal threatsthreats

Enforce content policies in Enforce content policies in e-maile-mail

Provide additional layer of Provide additional layer of defense against the latest defense against the latest viruses, worms and spamviruses, worms and spam

Mail flow

EHS ServiceEHS Service Antigen On-Premise Antigen On-Premise SoftwareSoftware

Securely enable remote Securely enable remote access to Exchange e-mailaccess to Exchange e-mail

Enhance server protection Enhance server protection with pre-authentication of with pre-authentication of usersusers

Improve security of OWA Improve security of OWA sessions from unmanaged sessions from unmanaged clientsclients

ISA Server 2004/6ISA Server 2004/6

Internet

EHS

The Ideal Solution

Use a single vendor solution that integrates antivirus engines from top worldwide virus labs and provides all updates from a single source

Manages multiple antivirus scan engines on all mission critical messaging and collaboration servers

Includes anti-spam, policy and content filtering for complete protection and hygiene

AVAV

AVAV

AV

AVAnti-spamAnti-spam

AntivirusAntivirus

Policy MgtPolicy MgtCen

tral

Cen

tral

Mg

tM

gt

Exchange Server/Exchange Server/Windows SMTP ServerWindows SMTP Server

Demo

Forefront för Exchange

VirusesWormsInapp. Content

Management

VirusesWormsSpam

Live Communications Server

Users

Internet

SMTP Server

ISA Server

SharePoint

Exchange Server

EdgeE-mail

Collaboration

Microsoft Operations Manager w/ Antigen Management Pack

E-mail and Collaboration Server SecurityE-mail and Collaboration Server Security

Antigen Enterprise Manager

Demo

Forefront för SharePoint

Layered Defenses

Protection at multiple points in the networkEdge: Antigen for SMTP, Advanced Spam Manager

E-Mail server: Antigen for Exchange, Advanced Spam Manager

Microsoft SharePoint® Portal Server (SPS): Antigen for SharePoint

Live Communication Server: Antigen for Instant Messaging

Multiple engine managementUp to eight engines available

Advanced Spam Manager integration with Microsoft® Intelligent Message Filter

Content and Document filtering Block mail according to file type

Scan file names, text within documents, and e-mail subject and body for administrator-defined keywords

ASM & IMF Together

On the same server, IMF scans before ASM

Each applies an SCL rating – the higher the rating always wins (i.e. has more confidence)

Mail that is rejected , deleted or archived by IFM will NOT make it to ASM

Example: IMF archived SCL 7,8 & 9

ASM Spam set to 9IMF SCL of 0-6

IMF Scan

ASM Scan

Archive Folder

Pickup Folder

If Admin moves

message

If SCL is 7,8,9

Inbox

Junk E-Mail

Mail Store

MOM MP for Antigen

Over 100 Events, Performance Counters and Services Monitored

Monitors the state of Antigen and its key components

Collects statistical data on scanning, detection and removal of messages and attachments

5 Antigen Services Polled - Provides timed events to poll systems for critical process health

Key Tasks:Trigger Scan Engine updates

Centralized storage and deployment of License files

Import, export and deploy changes for key settings

Immediate and/or scheduling of Manual Scan Jobs.

Start/Stop control of Antigen services

Forefront Management med MOM

Competitive Advantages

Key Points:

Single Points of FailureOne Engine throughout antivirus suite on all platform

Single Layer of Scanning on Exchange Server

Different products for different version of Exchangepoor migration support

Limited Notifications

No disclaimers

Limited File and Content Filtering

PSS Support