Panagiotis Korologos
Account Technology Secialist
Enterprise & Partner Group
Microsoft Hellas SA




Evolving Security Threat Landscape
Methods to Addressing Security Threats
Microsoft Trustworthy Computing Initiative
Addressing Security Threats with Microsoft
Local Area
Networks
First PC virus
Boot sector
viruses
Create notoriety
or cause havoc
Slow propagation
16-bit DOS
Internet Era
Macro viruses
Script viruses
Create
notoriety
or cause havoc
Faster
propagation
32-bit Windows
Broadband
prevalent
Spyware, Spam
Phishing
Botnets
Rootkits
Financial
motivation
Internet
wide impact
32-bit Windows
Hyper jacking
Peer to Peer
Social engineering
Application
attacks
Financial
motivation
Targeted attacks
64-bit Windows
Largest segment by
$ spent on defense
National Interest
Spy
Largest area by $ lost
Personal Gain
Largest area
by volume
Personal Fame
Curiosity
Fastest
growing
segment
Thief
Trespasser
•Vandal
Script-Kiddy
Author
Undergraduate
Expert
Specialist
 The most common way for viruses to enter an
organization is through e-mail
•“…antivirus experts at SoftScan said that 89.5 per cent of all
viruses scanned were classified as phishing malware”
•

- Clement James, “Virus Levels Soar in August,” IT News.com.au,
September 5, 2006
Spam volume continues to trend upward over time
•“Spammers now generate an estimated 55 billion messages
per day... A year ago that number was 30billion..”
•

- Robert McMillian, “Spam’s New Image,” CIO.com,
August 15, 2006
Phishing scams have become more sophisticated and
successful in a short period of time
Technology
Helps turn IT into a business asset not a cost center
Supports your day to day security processes
Is the Enabler to running your business successfully
Process
Data privacy processes to manage data effectively
IT security processes to implement, manage, and govern security
Financial reporting processes that include security of the business
People
Company understands the importance of security in the workplace
Individuals know their role with security governance and compliance
IT staff has the security skills and knowledge to support your business
Product
Inception
Design
Threat
Modeling
Standards, best Security Push
practices, and
tools
Final Security
Review
RTM and
Deployment
Signoff
Security
Response
Engineering Excellence
Excellence
Engineering
SecurityDevelopment
Development Lifecycle
Security
Lifecycle
Corporate
Edge, server and client protection
“Point to Point” Solutions
Security of data at rest and in transit
Mobile workforce
Manageability
“Edge” Protection Server Protection
OS Protection
•Leader in Gartner Email Security Boundary
Magic Quadrant
•Visionary in
Gartner SSL VPN
Magic Quadrant
•Leader in Forrester
SSL VPN Wave
•Leader
•Visionary
in Gartner
in
E-mail
•Leader
in
Forrester
Gartner
Security SSL
Boundary
VPN Magic
SSL
VPN
Wave
Magic Quadrant
Quadrant
•+
Microsoft Forefront provides greater protection and control over the security of your business’
network infrastructure
Edge
•Server
Applications
Client and Server
Operating System
Choice: Hosted e-mail security
•On-Premise Software
•Firewall
•+
•Internet
•SMTP
•Hub Transport Server
•Mailbox Server
•Client Access Server
 Choices for Network Edge Protection
 Internet-based services protect against spam and viruses
before they penetrate the network
 Comprehensive Enterprise-class Hosted Services for E-mail
Security and Management
 Service for e-mail security with performance backed by SLAs
 Simplify E-mail Administration
 Offloading e-mail security allows IT to focus on other initiatives
•Attached
Services
•On-Premise or
Hosted
•Multi-headed Client
Choice: On-premise protection
•On-Premise Software
•+
•Firewall
•Internet
•SMTP
•Edge Transport
Server
•Hub Transport
Server
•Mailbox
Server
•Client Access
Server
 Choices for Network Edge Protection
 On-premise software protects against spam and viruses before they
penetrate the network
 Local Control of Data
 Antivirus, anti-spam and security policies can be customized to meet the
needs of the organization
 Built-in Protection
 Protection for your data and your network that can expand as
the organization grows
Native Scanning Infrastructure
 Multiple third-party antivirus vendors support
Exchange Server 2007





Symantec
Trend Micro
Kasperksy Lab
GFI Software
McAfee
 VSAPI to enable scanning messages in the store
 Antivirus Stamp to minimize unnecessary
rescanning
Internet
Distributed protection
Performance tuning
Content filtering
Central management
•Exchange Server/
Windows-based
SMTP Server
A
B
C
D
E
Gartner Magic Quadrant:
E-Mail Security Boundary -Leader-
•Internet
•Viruses
•Worms
•Spam
•ISA
Server
•A
•Potential Single Point of
Failure
•SMTP
Server
•A
•A
•A
•Exchang
e
•A
•Exchang
e
•A
•A
•A
•SharePoint
•Single Vendor
Single Engine
Response Time (hours)
AV lab response times
were tested for 82 “In the
Wild” viruses and variants
that appeared from AprilJuly 2006.
Tested sets of five
randomly chosen
Forefront engines vs
three single-engine
vendors
Results
26 viruses were
proactively detected by
all labs
39 more detected by
most labs or engine sets
Results for remaining 17
viruses demonstrated the
following….
•> 24 hrs
•4 to 24 hrs
•< 4 hrs
Forefront
Set 1
Forefron
t Set 2
Forefron
t Set 3
Vendor
A
Vendor
B
Vendor
C
0406 Mytob.NQ@mm
1.5
1.0
3.1
9.9
17.4
2.1
0406 Mytob.NQ@mm
1.0
1.0
1.0
28.1
11.6
3.5
0406 Spybot!04C2
23.0
23.0
1.0
0.0
29.9
39.0
0406 Nugache.a
1.0
1.0
1.0
34.1
12.9
48.1
0506 Numuen.F
0.0
0.0
0.0
1.0
10.3
15.0
0506 Numuen.H
1.0
1.0
1.0
103.8
251.9
114.8
0506 Numuen.G
3.2
3.2
3.2
1.0
151.8
469.0
0506 Banwarum.C@mm
87.5
87.5
1.0
116.7
73.0
129.3
0506 Banwarum.B@mm
12.1
1.8
1.0
116.7
22.5
32.9
0506 Rbot!E905
0.0
0.0
0.0
1,141.8
217.6
1.0
0606 Bagle.EG
0.0
0.0
0.0
0.0
7.3
0.0
0606 Bagle.EH@mm
0.0
0.0
0.0
0.0
18.4
0.0
0606 Bagle.EG@mm
0.0
0.0
1.0
0.0
26.5
0.0
0606 Bagle.LY@mm
0.0
0.0
0.0
0.0
6.4
2.5
0706 Feebs.gen@mm
0.0
0.0
0.0
0.0
0.0
503.8
0706 Feebs.EU
0.0
0.0
0.0
52.3
173.2
39.0
0706 Virut.A
0.0
0.0
0.0
0.0
0.0
1,317.0
•1AVTest.org, 2006
Forefront Server Security
products integrate and ship
with industry-leading antivirus
scan engines from
Each scan job in a Forefront
Server Security product can run
up to five engines
simultaneously
•Internal Messaging and
Collaboration Servers
•A
•B
•C
•D
•E
•Enterprise network
•Other
SMTP
Servers
•Hub
•Transport
•Edge
•Transport
•I
•N
•T
•E
•R
•N
•E
•T
•Routing •Hygiene
•Routing
•Policy
•PBX
or
VoIP
•Unified
Messaging
•Applications:
•Voice
Messaging
•OWA
•Protocols:
•ActiveSync, POP,
IMAP, RPC / HTTP …
•Mailbox
•Programmability:
•Web services,
•Web parts
•Client Access
•Mailbox
•Public
•Folder
s
•Fax
•Integrated Security
LDAP authentication for
Active Directory
•Fast, Secure Access
•NEW •NEW
Customized logon forms
for most devices & apps
•NEW •NEW •NEW
•NEW •NEW •NEW •NEW •NEW
Smartcards & one-time
password support
•Efficient Management
Web publishing load
balancing
Exchange & SharePoint
publishing tools
Single sign-on for multiple
resource access
Automatic translation of
embedded internal links
Enhanced certificate
administration
Authentication delegation
(NTLM, Kerberos)
Improved idle-based timeouts for session mgmt
•External
•User
Web
Server
•DMZ
•ISA 2006
•Internet
•Exchang
e
•Intranet Web
Server
•Interna
Appliance
l
Network•
•HEAD
QUARTERS
•Administrat
or
Active
Director
y
•SharePoint
•Other
SMTP
Servers
•Enterprise Network
•I
•N
•T
•E
•R
•N
•E
•T
•Hub
•Transport
•Edge
•Transport
•Routing Hygiene
•Routing Policy
•PBX
or
VoIP
•Unified
Messaging
•Applications
•OWA
•Voice
Messaging
•Protocols
•ActiveSync, POP,
IMAP, RPC / HTTP …
•Mailbox
•Programmability
•Web services,
•Web parts
•Mailbox
•Public Folders
•Client Access
•Fax
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not
be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.