1 / 31

Ved Christian Stahl, Microsoft Enterprise Services

Forefront Codenname ”Stirling”. Ved Christian Stahl, Microsoft Enterprise Services. Agenda. Introduktion til Security Management Introduktion til ForeFront Codename ”Stirling” Stirling funktionalitet Stirling arkitektur. Security Management today. Server Application Protection.

mahdis
Télécharger la présentation

Ved Christian Stahl, Microsoft Enterprise Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ForefrontCodenname ”Stirling” Ved Christian Stahl, Microsoft Enterprise Services

  2. Agenda • Introduktion til Security Management • Introduktion til ForeFrontCodename ”Stirling” • Stirling funktionalitet • Stirling arkitektur

  3. Security Management today Server Application Protection Vulnerability Assessment Endpoint Protection Network Edge Management Console Management Console Management Console Console Reporting Console Reporting Console Reporting Console • Jumping between consoles waste time • Each console has its own policyparadigm • Product’s are in silos with no integration • Lack of integration with infrastructure generate inefficiencies • Difficult to know if solutions are protecting from emerging threats

  4. Simplified Management with Stirling • One console for simplified, role-based security management • Define one security policy for your assets across protection technologies • Deploy signatures, policies and software quickly • Integrates with your existing infrastructure: SCOM, SQL, WSUS, AD, NAP, SCCM

  5. Comprehensive line of business security products that helps you gain greater protection and secure access through deep integration and simplified management Server Applications Client and Server OS Network Edge

  6. Poll Hvor mange anvender: • ForeFrontClient? • ISA Server? • ForeFront for Exchange eller MOSS?

  7. Forefront codename "Stirling" • Comprehensive, coordinated protection with dynamic responses to complex threats • Unified management across client, server application, & edge security in one console • Critical visibility into overall security state including threats and vulnerabilities Next GenerationForefront Client Security Next GenerationForefront Server Security Next GenerationEdge Security and Access Antivirus / Antispyware Exchange Protection Firewall Host Firewall & NAP SharePoint Protection VPN Others – To be announced at a later date Others – To be announced at a later date Others – To be announced at a later date

  8. An Integrated Security System Management & Visibility Dynamic Response Client and Server OS Server Applications vNext Network Edge

  9. An Integrated Security System that delivers comprehensive, coordinated protection with simplified management and critical visibility across clients, servers, and the network edge Comprehensive Protection • Integrated protection across clients, server and edge • Dynamic responses to emerging threats • Next generation protection technologies Simplified Management • Manage from a single role-based console • Asset and policy centric model • Integrates with your existing infrastructure • Know your security state in real-time • View insightful reports • Investigate & remediate security issues Critical Visibility

  10. Silo'd best of breed solution are not enough • Breaches came from a combination of event: • 62% were attributed to a significant error • 59% resulted from hacking and intrusions • 31% incorporated malicious code • 22% exploited a vulnerability • 15% were due to physical threats • Time span of data breach events Source: 2008 Data Breach Investigations Report. Verizon Business http://www.verizonbusiness.com/resources/security/databreachreport.pdf

  11. Phone Example:Zero Day Scenario Network Admin Desktop Admin Manual: Disconnect the Computer DNS Reverse Lookup Edge Protection Log Client Security Edge Protection WEB Client Event Log Manual: Launch a scan Malicious Web Site Andy DEMO-CLT1

  12. Security Assessments Channel Example: Zero Day Scenario With Stirling and Dynamic Response Compromised User: Andy Low Fidelity High Severity Expire: Wed Alert Network Admin Security Admin Desktop Admin Compromised Computer DEMO-CLT1 High Fidelity High Severity Expire: Wed TMG identifies malware on DEMO-CLT1 computer attempting to propagate (Port Scan) FCS identifies Andy has logged on to DEMO-CLT1 Forefront TMG Stirling Core Client Security Forefront Server for: Exchange, SharePoint OCS WEB NAP Active Directory Scan Computer Block IM Quarantine Malicious Web Site Reset Account Block Email Andy DEMO-CLT1

  13. Shared Information… 70+ assessments across are coming with Stirling Beta 2.

  14. Console Sneak Peak

  15. Critical Visibility & Control • Know your security state • View insightful reports • Investigateand remediate security risks

  16. Risk Management Dashboard • Risk = Security State X Asset Value • Asset value via Stirling policies • Overall security risk driven by actionable rules • Single number to sort assets by • Enterprise security status reports

  17. Acitivity Reporting • Technology specific • Complementing security and health monitoring • Visibility into • Security Effectiveness • Resource consumption • Productivity Impact • Planning and measuring

  18. TMG: Connect to "Stirling" Provided by Stirling Admin

  19. Stirling: TMG connectivity state

  20. Stirling: Response Plan (Policy)

  21. TMG Assessment / Response

  22. TMG: Response Implementation

  23. Poll Hvor mange anvender: • SCOM? • WSUS?

  24. Microsoft Update Stirling Conceptual Architecture Forefront Security Assessment Channel Windows Server Update Services (WSUS) Stirling Core Server Stirling Data Analysis & Collection Servers 3rd party protection service Systems Center Operations Manager Threat Management Gateway Servers Virus &Spyware Definitions Settings Settings Settings Settings Events Events Events Events Exchange Servers Stirling Console SharePoint Servers Desktops, Laptops and Servers

  25. Stirling Server Roles • Stirling defines several roles that make up the overall system • Stirling Core – central processing • Stirling Core DB – Stirling databases • “DAC” • DAC-RMS – System Center Operations Manager – Root Management Server • DAC-MS – Management Server • DAC-DB – SCOM databases • Stirling Reporting • Stirling NPS (Network Policy Server) • Stirling Console

  26. 1-Box Configuration

  27. 2-Box Configuration

  28. Scaling Your Deployment

  29. Stirling Common Questions • Q: Can I use my existing SCOM infrastructure for Stirling? • A: Yes, but unless it’s already managing all your desktops too, you’ll have to add more servers to scale it out • Q: Can I use .. • Clusters? • Virtualization? • A: Yes

  30. Stirling Common Questions • Q: How many clients can each SCOM server support? • A: Performance testing is well underway , but I’ll cover some of our scale goals coming up

More Related