Canadian Colleges Update – Dec 2009 Session 11 Security MS Strategy Overview

by | December 9, 2009

Session 11 Patrick Hevesi, Enterprise Technology Architect, WW CATM Security Lead

Microsoft Forefront – Business Ready Security Solutions

Evolving Threats

  • 2 axes – threat and person
  • Threats = Curiosity, Personal Fame, Personal Gain, National Interest
  • Person = Script-Kiddy, Undergraduate, Expert, Specialist
  • Results: Vandal (largest area by volume), Author, Trespasser, Thief (largest area by $ lost and fastest growing segment), Spy(largest amount of gov’t IT security $ spent)

Evolving Threat Landscape

  • huge improvements in bandwidth of networks
  • botnets leveraging peer to peer
  • 88% of attacks are on applications – top 3 applications attacked: #1 Adobe Reader, #2 iTunes, #3 Quicktime
  • the explosion of social networks introduce hugely naive users to places where they voluntarily give up their personal data
  • Malware sites #1 Game Cheats #2 Pornography #3 Music Lyric #4 Gossip sites
  • – security intelligence report (free report – updated every 6 months)

Core Infrastructure Optimization Solutions (optimized desktop, optimized datacenter, business ready security)

  • best protection is to run Windows NOT as administrator especially when surfing the web
  • Microsoft worked with Intel and Dell to build security into hardware and software (OS working with the hardware – 64 bit)
  • Network Access Protection – 2 certificates (IPSEC) issued – one for the machine and one for the user enforces machine health
  • – self service questions to see where your organization is on a maturity scale – Dynamic IT
  • Dynamic IT scale – basic (cost centre), standardized (cost efficiency), rationalized (business enabler), dymanic (strategic asset)

Business Ready Security – help securely enable business by managing risk and empowering people

  • Identity Protection, Identity Access, Identity Management

Forefront – Endpoint Protection, Protection for Exchange, Identity Manager, ISA Server Edge Security (client, server, mobile, cloud)

  • Defense in Depth – 64 bit hardware, 64 bit Windows 7 and Mobile, Windows Server Core, Network Access Protection (NAP)
  • Services – Forefront Online Protection for Exchange
  • Edge – Intelligent Gateway Application, Internet Security & Accleration Server
  • Server – Forefront Security for SharePoint, Security for Exchange Server, Security for OCS
  • Client and Server OS – Forefront Client Security
  • Forefront has 5 built in virus scan engines working together
  • Microsoft Security Essentials – free tool, next generation of Forefront Client Security
  • Windows Rights Management Services – BitLocker, Encryption File System (EFS), information protection
  • Identity and Access Management – Forefront Identity Manager, Windows AD, ADFS, Certificate Lifecycle Mgmt
  • Systems Management – System Center – Configuration Mgr, Operations Mgr, Data Protection Mgr, Windows Server Update Services, SQL Server 2008
  • New Products – Forefront Protection Management – see security on SharePoint, Exchange, OCS and the cloud services

This was an excellent presentation and it is great to see Microsoft taking security very seriously.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.