Panagiotis Korologos Account Technology Secialist Enterprise & Partner Group Microsoft Hellas SA Evolving Security Threat Landscape Methods to Addressing Security Threats Microsoft Trustworthy Computing Initiative Addressing Security Threats with Microsoft Local Area Networks First PC virus Boot sector viruses Create notoriety or cause havoc Slow propagation 16-bit DOS Internet Era Macro viruses Script viruses Create notoriety or cause havoc Faster propagation 32-bit Windows Broadband prevalent Spyware, Spam Phishing Botnets Rootkits Financial motivation Internet wide impact 32-bit Windows Hyper jacking Peer to Peer Social engineering Application attacks Financial motivation Targeted attacks 64-bit Windows Largest segment by $ spent on defense National Interest Spy Largest area by $ lost Personal Gain Largest area by volume Personal Fame Curiosity Fastest growing segment Thief Trespasser •Vandal Script-Kiddy Author Undergraduate Expert Specialist The most common way for viruses to enter an organization is through e-mail •“…antivirus experts at SoftScan said that 89.5 per cent of all viruses scanned were classified as phishing malware” • - Clement James, “Virus Levels Soar in August,” IT News.com.au, September 5, 2006 Spam volume continues to trend upward over time •“Spammers now generate an estimated 55 billion messages per day... A year ago that number was 30billion..” • - Robert McMillian, “Spam’s New Image,” CIO.com, August 15, 2006 Phishing scams have become more sophisticated and successful in a short period of time Technology Helps turn IT into a business asset not a cost center Supports your day to day security processes Is the Enabler to running your business successfully Process Data privacy processes to manage data effectively IT security processes to implement, manage, and govern security Financial reporting processes that include security of the business People Company understands the importance of security in the workplace Individuals know their role with security governance and compliance IT staff has the security skills and knowledge to support your business Product Inception Design Threat Modeling Standards, best Security Push practices, and tools Final Security Review RTM and Deployment Signoff Security Response Engineering Excellence Excellence Engineering SecurityDevelopment Development Lifecycle Security Lifecycle Corporate Edge, server and client protection “Point to Point” Solutions Security of data at rest and in transit Mobile workforce Manageability “Edge” Protection Server Protection OS Protection •Leader in Gartner Email Security Boundary Magic Quadrant •Visionary in Gartner SSL VPN Magic Quadrant •Leader in Forrester SSL VPN Wave •Leader •Visionary in Gartner in E-mail •Leader in Forrester Gartner Security SSL Boundary VPN Magic SSL VPN Wave Magic Quadrant Quadrant •+ Microsoft Forefront provides greater protection and control over the security of your business’ network infrastructure Edge •Server Applications Client and Server Operating System Choice: Hosted e-mail security •On-Premise Software •Firewall •+ •Internet •SMTP •Hub Transport Server •Mailbox Server •Client Access Server Choices for Network Edge Protection Internet-based services protect against spam and viruses before they penetrate the network Comprehensive Enterprise-class Hosted Services for E-mail Security and Management Service for e-mail security with performance backed by SLAs Simplify E-mail Administration Offloading e-mail security allows IT to focus on other initiatives •Attached Services •On-Premise or Hosted •Multi-headed Client Choice: On-premise protection •On-Premise Software •+ •Firewall •Internet •SMTP •Edge Transport Server •Hub Transport Server •Mailbox Server •Client Access Server Choices for Network Edge Protection On-premise software protects against spam and viruses before they penetrate the network Local Control of Data Antivirus, anti-spam and security policies can be customized to meet the needs of the organization Built-in Protection Protection for your data and your network that can expand as the organization grows Native Scanning Infrastructure Multiple third-party antivirus vendors support Exchange Server 2007 Symantec Trend Micro Kasperksy Lab GFI Software McAfee VSAPI to enable scanning messages in the store Antivirus Stamp to minimize unnecessary rescanning Internet Distributed protection Performance tuning Content filtering Central management •Exchange Server/ Windows-based SMTP Server A B C D E Gartner Magic Quadrant: E-Mail Security Boundary -Leader- •Internet •Viruses •Worms •Spam •ISA Server •A •Potential Single Point of Failure •SMTP Server •A •A •A •Exchang e •A •Exchang e •A •A •A •SharePoint •Single Vendor Single Engine Response Time (hours) AV lab response times were tested for 82 “In the Wild” viruses and variants that appeared from AprilJuly 2006. Tested sets of five randomly chosen Forefront engines vs three single-engine vendors Results 26 viruses were proactively detected by all labs 39 more detected by most labs or engine sets Results for remaining 17 viruses demonstrated the following…. •> 24 hrs •4 to 24 hrs •< 4 hrs Forefront Set 1 Forefron t Set 2 Forefron t Set 3 Vendor A Vendor B Vendor C 0406 Mytob.NQ@mm 1.5 1.0 3.1 9.9 17.4 2.1 0406 Mytob.NQ@mm 1.0 1.0 1.0 28.1 11.6 3.5 0406 Spybot!04C2 23.0 23.0 1.0 0.0 29.9 39.0 0406 Nugache.a 1.0 1.0 1.0 34.1 12.9 48.1 0506 Numuen.F 0.0 0.0 0.0 1.0 10.3 15.0 0506 Numuen.H 1.0 1.0 1.0 103.8 251.9 114.8 0506 Numuen.G 3.2 3.2 3.2 1.0 151.8 469.0 0506 Banwarum.C@mm 87.5 87.5 1.0 116.7 73.0 129.3 0506 Banwarum.B@mm 12.1 1.8 1.0 116.7 22.5 32.9 0506 Rbot!E905 0.0 0.0 0.0 1,141.8 217.6 1.0 0606 Bagle.EG 0.0 0.0 0.0 0.0 7.3 0.0 0606 Bagle.EH@mm 0.0 0.0 0.0 0.0 18.4 0.0 0606 Bagle.EG@mm 0.0 0.0 1.0 0.0 26.5 0.0 0606 Bagle.LY@mm 0.0 0.0 0.0 0.0 6.4 2.5 0706 Feebs.gen@mm 0.0 0.0 0.0 0.0 0.0 503.8 0706 Feebs.EU 0.0 0.0 0.0 52.3 173.2 39.0 0706 Virut.A 0.0 0.0 0.0 0.0 0.0 1,317.0 •1AVTest.org, 2006 Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from Each scan job in a Forefront Server Security product can run up to five engines simultaneously •Internal Messaging and Collaboration Servers •A •B •C •D •E •Enterprise network •Other SMTP Servers •Hub •Transport •Edge •Transport •I •N •T •E •R •N •E •T •Routing •Hygiene •Routing •Policy •PBX or VoIP •Unified Messaging •Applications: •Voice Messaging •OWA •Protocols: •ActiveSync, POP, IMAP, RPC / HTTP … •Mailbox •Programmability: •Web services, •Web parts •Client Access •Mailbox •Public •Folder s •Fax •Integrated Security LDAP authentication for Active Directory •Fast, Secure Access •NEW •NEW Customized logon forms for most devices & apps •NEW •NEW •NEW •NEW •NEW •NEW •NEW •NEW Smartcards & one-time password support •Efficient Management Web publishing load balancing Exchange & SharePoint publishing tools Single sign-on for multiple resource access Automatic translation of embedded internal links Enhanced certificate administration Authentication delegation (NTLM, Kerberos) Improved idle-based timeouts for session mgmt •External •User Web Server •DMZ •ISA 2006 •Internet •Exchang e •Intranet Web Server •Interna Appliance l Network• •HEAD QUARTERS •Administrat or Active Director y •SharePoint •Other SMTP Servers •Enterprise Network •I •N •T •E •R •N •E •T •Hub •Transport •Edge •Transport •Routing Hygiene •Routing Policy •PBX or VoIP •Unified Messaging •Applications •OWA •Voice Messaging •Protocols •ActiveSync, POP, IMAP, RPC / HTTP … •Mailbox •Programmability •Web services, •Web parts •Mailbox •Public Folders •Client Access •Fax © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.