October 19 – 21, 2011 What’s new in Forefront Endpoint Protection 2012 According to beta material Peter De Tender
Mct summit na what's new in forefront endpoint protection 2012 beta
Nov 29, 2014
This presentation discusses some topics about Forefront Endpoint Protection 2012 beta version, and my experience in deploying it
This presentation has been given at MCT SUmmit San Franciso
This presentation has been given at MCT SUmmit San Franciso
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
O c t o b e r 1 9 – 2 1 , 2 0 1 1
What’s new in Forefront Endpoint Protection 2012
According to beta material
Peter De Tender
OCT19-21
About the speaker
• Managing Partner ICTinus (Belgian IT Company)• +15 years IT Pro on Microsoft technologies• Focus on Exchange & Forefront• MCT for 3 years• Country Lead MCT Europe Belgian Chapter
• Email: [email protected]• Blogs: http://the-c-spot.org + http://trycatch.be/blogs/pdtit • LinkedIn: http://be.linkedin.com/in/pdtit• Twitter: http://twitter.com/pdtit
OCT19-21
Agenda
• About FEP• Server installation walkthrough• Client management & deployment• Update mechanism• Reporting
• Q&A
OCT19-21
Agenda
• About FEP• Server installation walkthrough• Client management & deployment• Update mechanism• Reporting
• Q&A
OCT19-21
Business Needs and IT Challenges
Increased complexity with separate workloads for endpoint protection
and desktop management
Increased complexity with separate workloads for endpoint protection
and desktop management
High cost to maintain separate infrastructure
High cost to maintain separate infrastructureReduce cost of client protectionReduce cost of client protection
Stop known and unknown threatsStop known and unknown threats
Easily secure endpoints, maintain productivity
Easily secure endpoints, maintain productivity
Constantly evolving threatsConstantly evolving threats
BUSINESS NeedsAgility and Flexibility
IT NeedsControl
OCT19-21
Convergence of Desktop Security & Management
IMPROVED PROTECTION• Security personnel have access to
desktop configuration data
• Health status and protection status in a single interface, with consolidated reporting
• Incident response (identify / update / remediate) is more targeted
IMPROVED PROTECTION• Security personnel have access to
desktop configuration data
• Health status and protection status in a single interface, with consolidated reporting
• Incident response (identify / update / remediate) is more targeted
LOWER COSTS• One server infrastructure to maintain
• A single mechanism to deploy software updates to clients
• Central policy implementation for security and management
• One set of training for administrators
• A single license to purchase (*CAL)
LOWER COSTS• One server infrastructure to maintain
• A single mechanism to deploy software updates to clients
• Central policy implementation for security and management
• One set of training for administrators
• A single license to purchase (*CAL)
Security + ManagementSecurity + Management
OCT19-21
Forefront Endpoint Protection 2012Next Generation of Forefront Client Security
• Built on distribution infrastructure of Microsoft® System Center Configuration Manager software
• Supports all System Center Configuration Manager topologies and enables enterprise-wide scalability
• Facilitates easy migration
• Able to deploy across various operating systems (including Microsoft Windows® client and Microsoft Windows Server ®)
• Protection against viruses, spyware, rootkits, and network vulnerabilities
• Productivity-oriented default configuration
• Integrated management of host firewall
• Backed by Microsoft Malware Protection Center
• Unified management interface for desktop administrators
• Timely and effective alerts
• Simple, operation-oriented policy administration
• Historical reporting for security administrators
Ease of Deployment Enhanced Protection and Productivity
Simplified Desktop Management
OCT19-21
Forefront Protection Stack: OverviewFocus• Reduce time and cost to protect• Increase cost to attack, decrease exploit
window• Operationalize new protection
technologies
Operationalizing protection• Balancing protection vs. performance• Remediation and threat management
improvements• Simplifying deployment
Firewall &Configuration Management
Anti-rootkit
Generics and Heuristics
Antimalware
Behavior Monitoring
Dynamic Signature
Service
Malware Response “MMPC”
Network Vulnerability Shielding
Browser Protection
OCT19-21
New / Updated features of FEP 2012
• Easier to deploy client• Building on top of SCCM 2012 architecture– Scalability / high availability / ...
• Network-friendly definition deployment• Simpler to setup and operate• Email subscriptions for alerting• Built-in security admin role (RBAC)
OCT19-21
New / Updated Licensing model
• Previous versions:– Part of Forefront Protection Suite CAL– Separate FEP 2007/2010 CAL– Part of E-CAL in EA
• Present version:– Part of Core-CAL in EA– (+ older possibilities still apply)
OCT19-21
Agenda
• About FEP• Server installation walkthrough• Client management & deployment• Update mechanism• Reporting
• Q&A
OCT19-21
Installing FEP Server 2012
OCT19-21
SCCM 2012 Console integration
• Software Library – Packages
OCT19-21
SCCM 2012 Console integration
• Monitoring / Overview / FEP Status
OCT19-21
SCCM 2012 Console integration
• Assets & Compliance Console
OCT19-21
Agenda
• About FEP• Server installation walkthrough• Client deployment & management• Update mechanism• Reporting
• Q&A
OCT19-21
Client Deployment
• Manual or automated scenario
OCT19-21
Protect Clients without Complexity• Simple interface
– Minimal, high-level user interactions
– Only necessary interactions
• Administration options– User configurability controls– Central policy enforcement
• Maintain high productivity– CPU throttling during scans– Faster scans through
advanced caching
OCT19-21
FEP UI – Home Tab
• Clear Statusinformation
OCT19-21
• Scan details• Scan options• Custom scan• Initiate scan
FEP UI – Home Tab
OCT19-21
• Scan details• Scan options• Custom scan• Initiate scan• Scan progress• Scan results
FEP UI – Home Tab
OCT19-21
• Update details• Initiate update
FEP UI – Update Tab
OCT19-21
• Update details• Initiate update• Update
progress
FEP UI – Update Tab
OCT19-21
• Displays all malware detections and actions
• Delete history• Display
quarantined• Display
allowed
FEP UI – History Tab
OCT19-21
• Settings can be centrally managed, or delegated to users
FEP UI – Settings Tab
OCT19-21
Agenda
• About FEP• Server installation walkthrough• Client management & deployment• Update mechanism• Reporting & alerting
• Q&A
OCT19-21
Update Mechanism
• +/- 8h update polling to Microsoft MU/WU from server – 15min polling from client to server
• Policy based, not package based as in FEP2010
• Relying on WSUS integration (= server role)• Update engine based on feedback from MMPC
and SpyNet
OCT19-21
Agenda
• About FEP• Server installation walkthrough• Client management & deployment• Update mechanism• Reporting & alerting
• Q&A
OCT19-21
Reporting & Alerting
• Built on SQL Reporting Services• It’s all in the “monitoring” space• Alerts - by mail:–Malware Detection–Malware Outbreak– Repeated Malware Detection–Multiple Detections have
OCT19-21
Agenda
• About FEP• Server installation walkthrough• Client management & deployment• Update mechanism• Reporting
• Q&A
OCT19-2131
Questions?• Email: [email protected]• Blogs: http://the-c-spot.org + http://trycatch.be/blogs/pdtit • LinkedIn: http://be.linkedin.com/in/pdtit• Twitter: http://twitter.com/pdtit
Thanks for Your Support!
MCT Summit Sponsors:
MCT Summit Partner:
Related Documents
