Beruflich Dokumente
Kultur Dokumente
Steve Lamb
Technical Security Advisor, Microsoft Ltd
stephen.lamb@microsoft.com
http://blogs.technet.com/steve_lamb
Introduction
Infrastructure Overview
Defining Security Steady State
Keeping Systems Up to Date
Reporting and Alerting
Summary
Threats are more Fragmentation of Difficult to use,
dangerous than ever security technology deploy and manage
Customization
IT Infrastructure
Integration
Unified malware protection for business
desktops, laptops and server operating
systems that is easier to manage and
control
One solution for spyware and virus protection
Built on protection technology used by millions
worldwide
Effective threat response
Complements other Microsoft security products
If:
Policy A Redmond OU
Policy B Marketing Security Group
Then
Marketing in the Redmond OU will get Policy B
Console creates GPO, sends to Sysvol, GP
deploys profile
Policy applied on host per AD default
Existing SW
Client GPMC Dist System
Security
Console
Infrastructure SW dist
AD/GP AD/GP
used system
Profile Security
exceptions Unlimited Unlimited
Groups
Enables profile
compliance Yes No No
report
*Agents deployed via existing software distribution system
Defining Security Steady State
Multiple data
Dedicated team, Tightly integrated
sources enabling
analysis with industry
advanced
automation and leading MSRC
telemetry on
testing response process
threats
Security Research Organization
• Identify malware and create signature definitions
• Develop Windows Defender (25+ million users) & MSRT
• Achieved VB 100% award, West Coast Labs & ICSA Certification
• With protection engine implementation in Windows Live
OneCare
• MSRT whitepaper: In-depth perspective of the malware
Signature deployment optimized for Malware
MU Research
Windows Server Update Services (WSUS)
Can
Can use any software distribution system
Auto
Auto and manual approval of definitions
Sync
Client Security installs an Update Assistant
service to:
Increase
Increase sync frequency between WSUS and WSUS +
Microsoft Update (MU) for definitions Update
Notify Assistant
Notify console when new signatures require
approval
Insightful reports
Real-time
Real-time and emerging trends
Focus
Focus on critical information
Executive
Executive reports
Drill
Drill down for detail
Deployment
Summary
Threat Summary
Alert
Summary
Security Summary
Vulnerability
Summary
Alert configuration is policy specific
Alerts notify admin of high-value incidents,
including:
Malware detected Malware outbreak
Malware failed to remove Malware protection
disabled
Alert levels control type & volume of alerts
generated Rich Data,
1 2 3 4 5 High Value Assets
Visit:
http://www.microsoft.com/clientsecurity to learn about
Forefront Client Security and register for beta
information
http://www.microsoft.com/forefront to learn more
about other Microsoft Forefront offerings