Microsoft’s Security Strategy and Solutions Mark Gibson Solution Specialist Microsoft
Dec 20, 2015
Microsoft’s SecurityStrategy and Solutions
Mark GibsonSolution SpecialistMicrosoft
Agenda
Microsoft Trustworthy ComputingAddressing Security Threats with Microsoft Next Steps
www.microsoft.com/technet/security
Microsoft Security Strategy
SecurityTools
Educationand Training
Microsoft SecurityAssessment Toolkit
Microsoft Windows VistaSecurity Whitepapers
Microsoft SecurityIntelligence Report
Learning Paths forSecurity Professionals
SecurityReadiness
Privacy Guidance
How Microsoft Secures Microsoftwww.microsoft.com/itshowcase
Malware Removal Toolkit
Trustworthy Computing
DesignThreat Modeling
Standards, best practices, and tools
Security Push
Final Security Review RTM and Deployment
Signoff
Security Response
Product Inception
Security Development Lifecycle
Secure Platform
Secure Access
Data Protection
Rights Management Services (RMS) SharePoint, Exchange, Windows Mobile integration
Encrypting File System (EFS)Bitlocker
MalwareProtection
User Account ControlNetwork Access Protection (NAP)IPv6IPsec Windows CardSpace
Native smart card supportGINA Re-architectureCertificate ServicesCredential roaming
Security Development Lifecycle (SDL)Kernel Patch ProtectionKernel-mode Driver Signing
Secure StartupWindows Service Hardening
Windows DefenderIE Protected ModeAddress Space Layout Randomization (ASLR)Data Execution Prevention (DEP)
Bi-directional FirewallWindows Security Center
Security Development Lifecycle (SDL)Windows Server Virtualization (Hypervisor)Role Management ToolOS File Integrity
Secure Platform
Network Protection
IdentityAccess
Data Protection
Read-only Domain Controller (RODC)Active Directory Federation Srvcs. (ADFS)Administrative Role Separation
PKI Management ConsoleOnline CertificateStatus Protocol
Network Access Protection (NAP)Server and Domain Isolation with IPsecEnd-to-end Network AuthenticationWindows Firewall With Advanced Security
On By Default
Rights Management Services (RMS) Full volume encryption (Bitlocker)USB Device-connection rules with Group Policy
Improved AuditingWindows Server Backup
Core Infrastructure Optimization Model: Security
Tech
nolo
gy
Pro
cess
Peop
le
IT is astrategic assetUsers look to ITas a valued partner to enable new business initiatives
IT Staff manages an efficient,controlled environmentUsers have the right tools,availability, and access to info
IT Staff trained in best practices such as MOF,ITIL, etc.Users expect basic services from IT
IT staff taxed by operational challengesUsers come up with their ownIT solutions
Self-assessing and continuous improvementEasy, secure access to info from anywhereon Internet
SLAs are linkedto business objectivesClearly defined and enforced images, security, best practices
CentralAdmin and configurationof securityStandard desktop images defined,not adopted by all
IT processes undefinedComplexity dueto localized processesand minimal central control
Self provisioning and quarantine capable systems ensure compliance and high availability
Automate identity and access managementAutomatedsystem management
Multiple directories for authenticationLimited automated software distribution
Patch statusof desktopsis unknownNo unified directory for access mgmt
Basic StandardizedRationalized Dynamic
Impr
ove
IT M
atur
ity w
hile
Gai
ning
ROI
$1320/PC Cost
$580/PC Cost
$230/PC Cost < $100/PC Cost
Isolated
Trusted
Remediation Server
Web Server
Remote Access Gateway
Infrastructure Servers
Unmanaged DevicesMalicious
Users
Trusted Home
New Customer
Unhealthy PC
Secure Anywhere AccessEnd-to-end security with IPv6 and IPsecAccess driven by policy not topologyCertificate based multi-factor authenticationHealth checks and remediation prior to access
Policy-driven network access solutionsWindows Firewall with advanced filteringServer and Domain IsolationNetwork Access Protection (NAP)ISA Server 2006Intelligent Application Gateway (2007)Windows Filtering Platform
Network Security
Identity and Access Security
AuthorizationManager
RMSMIISADFSDomain/DirectoryServices
CertificateServices
Secure collaborationEasily managing multiple identitiesGovernment sponsored identities (eID)Hardware supported trust platformDisparate directories synchronization
Centralized ID controls and mgmt.Embedded identity into applicationsPolicy Governance / ComplianceRole Based PermissionsIdentity and Data Privacy
Consumer/ Small Business
Corporate
Client ProtectionServer Protection Edge Protection
Simple PC maintenanceAnti-Virus Anti-SpywareAnti-Phishing
FirewallPerformance TuningBackup and Restore
Protection Edge, server and client protection“Point to Point” SolutionsSecurity of data at rest and in transitMobile workforceManageability
Optimized access for employees, partners, andcustomers from virtually any device or location
SecureRemot
eAccess
Enhanced connectivity and securityfor remote sites and applications
BranchOfficeSecurit
y
Increased resiliency for IT infrastructurefrom Internet-based threats
InternetAccess
Protection
Multiple scan engines at multiple layersthroughout the corporate infrastructureprovide maximum protection against e-mailand collaboration threats
AdvancedProtection
Tight integration with Microsoft Exchange,Windows-based SMTP, SharePoint andOffice Communications Servers maximizesavailability and management control
Availabilityand
Control
Ensures organizations can eliminateinappropriate language and dangerousattachments from internal andexternal communications
SecureContent
Unified malware protection for business desktops, laptops, and server operating systems that is easy to manage and control
One spyware and virus protection solutionBuilt on protection technology based Effective threat response
UnifiedProtection
One simplified security administration consoleDefine one policy to manage client protectionagent settings Integrates with your existing infrastructure
SimplifiedAdminis-tration
One dashboard for visibility into threatsand vulnerabilitiesView insightful reportsStay informed with state assessment scansand security alerts
Visibilityand
Control
Client and Server
Operating System
• Server Applications
Edge
Microsoft ForefrontMicrosoft Forefront provides greater protection and control over the security of your business’ network infrastructure
Security Stack Interoperability
Management System System Center, Active Directory GPO
Forefront Edge and Server Security, NAP
Perimeter
Network Access Protection, IPSec
Internal Network
Forefront Client Security, Exchange MSFP
Device
SDL process, IIS, Visual Studio, and .NET
Application
BitLocker, EFS, RMS, SharePoint, SQLData
User Active Directory and Identity Lifecycle Mgr
Poor integration across the platform“Point to Point” SolutionsStandards AdoptionCompliance ReportingManageability
Management Systems Integration
Guidance
Developer Tools
SystemsManagementActive Directory
Federation Services (ADFS)
Identity
Management
Services
Information
Protection
Encrypting File System (EFS)
BitLocker™
Network Access Protection (NAP)
Client and Server OS
Server Applicatio
ns
Edge
Comprehensive Portfolio
Future Product ScheduleISA Server SP1 planned for 1st half 2008Forefront “Unified Access Gateway” planned for 1st half CY2009Forefront “Threat Management Gateway” planned for 1st half CY2009
A subset of “Threat Management Gateway” features will ship as part of “Centro”
• Subset of “TMG” shipped in
Windows Server Code Name “Centro”
•2010•2009•2008•2007
Forefront “Unified Access
Gateway”
ISA Server 2006 SP1
Forefront “Threat Management
Gateway”
Forefront Code Name “Stirling”
Next Steps Partner with your Microsoft Account Team to create or review your Security Action Plan
Talk about Infrastructure Optimization and the value it could bring to your organization
Implement a Defense-in-Depth security architecture using our advanced security technologies
Leverage Microsoft prescriptive security guidance and online security training
Stay informed through Microsoft Security Bulletins, Security Newsletters and Security Events
Security Guidance and ResourcesMicrosoft Security Home Page: www.microsoft.com/securityMicrosoft Trustworthy Computing: www.microsoft.com/security/twcMicrosoft Forefront: www.microsoft.com/forefrontInfrastructure Optimization: www.microsoft.com/ioMicrosoft Security Assessment Tool: www.microsoft.com/security/msat
General Information:Microsoft Live Safety Center: safety.live.comMicrosoft Security Response Center: www.microsoft.com/security/msrcSecurity Development Lifecycle: msdn.microsoft.com/security/sdlGet the Facts on Windows and Linux:
www.microsoft.com/windowsserver/compare
Anti-Malware:Microsoft OneCare Live: beta.windowsonecare.comMicrosoft Defender: www.microsoft.com/athome/security/spyware/softwareSpyware Criteria: www.microsoft.com/athome/security/spyware/software/isv
Guidance Centers:Security Guidance Centers: www.microsoft.com/security/guidanceSecurity Guidance for IT Professionals: www.microsoft.com/technet/securityThe Microsoft Security Developer Center: msdn.microsoft.com/securityThe Security at Home Consumer Site: www.microsoft.com/athome/security
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the
date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.