Gary Verster

1

• Gary Verster
• Microsoft Corporation
• gverster_at_microsoft.com

2

• The Security Environment
• Tenets of Microsoft Security Product Line
• Microsoft Forefront
• Microsoft Forefront Client Security
• Three Dimensions to Securing Clients

3

• More advanced
• More frequent
• Profit motivated
• Application-oriented

• Too many point products
• Poor interoperability
• Lack of integration

• Multiple consoles
• Uncoordinated event reporting analysis
• Cost and complexity

4
(No Transcript)
5
A comprehensive line of business security
products that helps you gain greater protection
through deep integration and simplified management
6
(No Transcript)
7
FOR INDIVIDUAL USERS
FOR BUSINESSES
Windows Live OneCare Safety Scanner
Microsoft Forefront Client Security
Windows Defender
Windows Live OneCare
MSRT
Remove most prevalent viruses
Remove all known viruses
Real-time antivirus
Remove all known spyware
Real-time antispyware
Central reporting and alerting
Customization
IT Infrastructure Integration
8
Unified malware protection for business desktops,
laptops and server operating systems that is easy
to manage and control

• One solution for spyware and virus protection
• State Assessment
• Built on protection technology used by millions
  worldwide
• Effective threat response

• One console for simplified security
  administration
• Define one policy to manage client protection
  agent settings
• Integrates with your existing infrastructure

• One dashboard for visibility into threats and
  vulnerabilities
• View insightful reports
• Stay informed with state assessment scans and
  security alerts

9
(No Transcript)
10

• One engine for virus and spyware protection
• Used in Windows Defender, OneCare, Forefront
  Server Security, etc.
• Compatible with NAP through Windows Security
  Center
• Engine detection and removal capabilities
  include
• Real-time, scheduled or on-demand detection
  removal
• Real-time detection uses Windows Filter Manager
  technology
• Checks to ensure system is fully functional after
  cleaning
• Scanning dozens of archives and packers
• Scans for rootkits
• Behavior analysis and polymorphic viruses
• Heuristic detections for new malware and variants

11
Dedicated team with automated analysis and
testing
Tight integration with MSRC and other support
processes
Multiple data sources enabling advanced threat
telemetry

• Deliver malware definition updates for
• Forefront Client Security, Forefront Server
  Security
• Windows Live OneCare, Windows Defender
• Develop core anti-malware engine in Forefront and
  OneCare
• Develop Windows Malicious Software Removal Tool

12

• Define security steady state
• Specify the ongoing security behavior of my
  clients
• Keep systems up-to-date
• Ensure that clients have the latest signatures
• View reports
• Determine the security state, now and over time
• Respond to alerts
• What critical security events require my
  attention?

13

• One console for simplified security
  administration
• One policy to manage client protection agent
  settings, e.g.
• Choice of 3 integrated policy profile deployment
  methods
• Microsoft Forefront Client Security Console (uses
  AD/GP)
• ADM file (uses AD/GP)
• Export to a file then use existing software
  distribution system

• Anti-spyware unknown action
• Alert level
• Event and logging settings
• SpyNet reporting on/off
• Level of end-user UI shown

• Scan schedule
• Real time protection on/off
• Signature update frequency
• Anti-spyware signature overrides
• Security state assessment settings

14
Existing SW Dist System
Client Security Console
GPMC
Infrastructure used
SW dist system
AD/GP
AD/GP
GPMC, using ADM file
Exported files
Console
Policy distribution via
OU-level
Single machine
Targeting granularity
Single machine
Policy exceptions
Security Groups
Unlimited
Unlimited
Policy compliance report
Yes
No
No
Agents deployed via existing software
distribution system
15
Microsoft Update
Malware Research

• Signature deployment optimized for Windows Server
  Update Services (WSUS)
• Can use any software distribution system
• Auto and manual approval of definitions
• Client Security installs an Update Assistant
  service to
• Increase sync frequency between WSUS and
  Microsoft Update (MU) for definitions
• Support for roaming users
• Failover from WSUS to Microsoft Update

Sync
WSUS Update Assistant
Sync
16

• One dashboard for visibility into threats and
  vulnerabilities
• View insightful reports
• Stay informed with state assessment scans and
  security alerts

17

• Enables focus on threats and possible
  vulnerabilities
• State assessment scans determine which machines
• Need to be patched
• Are configured insecurely
• Report categories include
• Built on MOM 2005 technology
• Uses SQL Reporting Services

18
(No Transcript)
19
(No Transcript)
20

• Alert configuration is policy specific
• Alerts notify admin of high-value incidents,
  including

• Alert levels control type volume of alerts
  generated

Rich Data, High Value Assets
Critical Issues Only, Low Value Assets
1
5
4
3
2
Outbreak
Malware removal failed
Signature update failed
Malware detected and removed
Signature update failed (per min)
21

• Public beta available now!
• Download at http//www.microsoft.com/clientsecurit
  y
• Community-based support at http//www.microsoft.co
  m/technet/clientsecurity
• Release To Manufacture planned for Q2 CY2007
• Will be available through Microsofts volume
  licensing programs

22
Server and Domain Isolation (SDI)
Combined Solution
Forefront Client Security
Windows Vista
23

• Unified Virus Spyware Protection
• Simplified Administration
• Critical Visibility Control
• An integral part of Microsoft Forefront
• Better together with Windows Vista and SDI

Download now! http//www.microsoft.com/clientsecur
ity
24
(No Transcript)
25
Thank you to our Partners for their support of
TechDays 2007