microsoft system center 2012 endpoint protection overview adwait joshi (aj) product marketing...
TRANSCRIPT
Microsoft System Center 2012 Endpoint Protection Overview
Adwait Joshi (AJ)Product Marketing ManagerMicrosoft Corporation
Mark FloridaPrincipal Program Manager LeadMicrosoft Corporation
MGT310
Session Objectives And Takeaways
Session Objectives: The evolution of malwareOverview of System Center 2012 Endpoint ProtectionDemos on EP client installation and management+securityOverview of the Endpoint Protection client
The Evolution Of Malware
In 1991, 1000 known threats, in 2001 there were 60,000Today there are millions, and it’s growing every daySophistication and production rates continue to evolveAnybody can do it—full malware suites available onlineYour stuff is worth money, and they want it!
Nefarious Personas
National Interest
Personal Gain
Personal Fame
Curiosity
Script-Kiddy HobbyistHacker
Expert Specialist
Vandal
Thief
Spy
TrespasserTools created by experts now used by less skilled attackers and criminals
Fastest growing segment
Author
Unified Infrastructure
Reduce the cost of maintaining secure
endpoints with unified management
and security infrastructure
Simplified Administration
Single administrator experience for simplified endpoint protection and
management
Enhanced Protection
Protect against known and unknown threats with
endpoint inspection at behavior, application, and
network levels
System Center 2012 Endpoint ProtectionNext generation of Forefront Endpoint Protection 2010
Mgmt + Security In Configuration Manager 2012
Exchange Connector
Settings Management
Software Updates + SCUP
Endpoint ProtectionSWDOSD
Unified Infrastructure
Reduce the cost of maintaining secure
endpoints with unified management
and security infrastructure
System Center 2012 Endpoint Protection
Easy to setup and operate the management infrastructure
Easy client install and migration
Automated deployment of updates using ConfigMgr infrastructure
Simplified deployment of antimalware policies
Infrastructure Changes from FEP 2010
EP CLIENT on
ConfigMgr Server
FEPSERVICE
FEPDW
FEPDB
CMDB
CONFIGURATION MANAGER
SITE SERVER
MANAGEMENTPOINT
CM CLIENT
DISTRIBUTIONPOINT
EP CLIENT
EXCELTEMPLATE
REPORTS
FEPEXTENSIONS
EP DEPLOYMENTEP OPERATIONS
EP POLICY
SE
RV
ER
CLI
EN
T
CONFIGURATION MANAGER 2007FOREFRONT ENDPOINT PROTECTION 2010
EP SITEROLE
CONFIGURATION MANAGER 2012ENDPOINT PROTECTION 2012
Pre-Packaged EP
CLIENT
FEP DEPLOYMENT
FEP OPERATIONSFEP POLICY
Definition Catalogs
Simplified Deployment of AM Policies
Centralized management for AM and Firewall Policy
AM and FW policy delivered as ConfigMgr policy – no package/program dependency
Out of box templates
Import, Export, Merge
Prioritization of policies by collection
Simplified UI for customizing policy
Signature Update DistributionEasier distribution process Automatic deployment rules within ConfigMgr software updates
Minimizes WAN impact Uses distribution points and reduced definition size
Ensures always up-to-date security regardless of the client location Multiple update sources (ConfigMgr, WSUS, Microsoft Update, Windows File Share)
MICROSOFT UPDATE
ON THE ROADFallback to
online update
Corporate Network
Updates distributed through ConfigMgr, WSUS
or Windows File Share
DELTA UPDATE SIZE: 50-2048 KBUPDATE FREQUENCY: 3 TIMES/DAY
Signature update
Configure Policy
EP client install
Silent removal of third-
party products
EP enabled in the console-
EP installation
starts on the device
EP agent installer deployed with
ConfigMgr Client
Simplified Client Setup
Ease of client setup and deployment No separate deployment needed for endpoint protection client Endpoint Protection agent installer deployed with Configuration Manager client setup Endpoint Protection client and definitions easily integrated with OSD
Flexible administrative control Administrator can force or suppress any required reboots Configurable option for automatic removal of existing AV client
Easy migration from existing solutions and automatic removal of existing clients Symantec McAfee TrendMicro Forefront Client Security or Forefront Endpoint Protection
Client Installation Flow
Client Deployment
System Center 2012 Endpoint Protection
Single interface for client management and security
Improved alerting, client to admin within 5 minutes, and reporting, with real-time and user-centric data views
Simplified Administration
Single administrator experience for simplified endpoint protection and
management
Single Interface For Management And Security
Single interface for client management and security Dashboard integrated with
ConfigMgr console Simplified cross-feature
integration
Quick identification and remediation of client security issues Dashboard focused
on actionable events
Flexibility to separate security admin role Role-based administration Access to only relevant
security information
Monitoring Client Security
Quick alerts and event notification in the console Uses high speed data channel
to notify events in real time High speed data channel
prioritizes EP messages in state system, and no client “wait” to send messages up
Integrated monitoring for client health and antimalware status
Email subscription for alerts
Rich Reporting And Analysis
Rich reporting on client security SQL Reporting Services-based
reports on many categories User-centric reports enable
identification of commonly impacted users
Customizable reports simplified through database integration
Management and Real-time Monitoring
System Center 2012Endpoint Protection SP1
Automatically deploy definition update 3 times per dayCategory based scan from client to WSUSDelta syncs between SUP and WSUS
Real-time administrative actions:Run Definition UpdatesRun Quick ScanRun Full ScanAllow threatsExclude paths and/or filesRestore files quarantined by threat
Client side merge of antimalware policies
What’s new in SP1
Real-time Administrative Actions
Administrator
“Dial tone”• Active TCP Session
with the MP• Client Checking for
urgent tasks
1
2
In administrative console selects “Run Full Scan” on a collection
“Call is placed”• Client via this TCP
connection is told there are urgent tasks to run
• Client then connects to the MP to get policy
• Client runs the Full Scan Task
4
Client
Task = “Run Full Scan”
• A task is created• MP is told that new
urgent task has been requested
3
Site Server and MP
All this happens within seconds
What’s new in SP1
Real-time Administrative Actions in Endpoint Protection SP1
System Center 2012 Endpoint Protection
Comprehensive protection stack building on Windows Security
Proactive protection against known and unknown threats
Reduced complexity while protecting clients
Enhanced Protection
Protect against known and unknown threats with
endpoint inspection at behavior, application, and
network levels
Comprehensive Protection Stack Building on Windows Platform security
Proactive Techniques (Against Unknown Threats)
APPLICATION
FILE SYSTEM
NETWORK
Reactive Techniques (Against Known Threats)
Behavior Monitoring
Vulnerability Shielding (Network Inspection System)
Windows Firewall Centralized Management
DYNAMIC CLOUD UPDATES
Mic
roso
ft M
alw
are
Pro
tect
ion C
ente
r
Dynam
ic S
ignatu
re S
erv
ice
System Center Endpoint Protection
Windows 7
Data Execution
Prevention
Address Space Layout
Randomization
Windows Resource Protection
User Account Control
AntimalwareDynamic Translation and
Emulation
Internet Explorer® 8 SmartScreen Microsoft BitLockerMicrosoft AppLocker
Dynamic Translation With Heuristics
Real Time Protection
Driver Intercepts
Industry-leading proactive detection Emulation based detection
helps provide better protection
Safe translation in a virtual environment for analysis
Enables faster scanning and response to threats Heuristics enable one
signature to detect thousands of variants
Potential Malware Execution attempt on the system
VIRTUALIZED RESOURCES
Safe Translation Using DT
Malware Detecte
d
Malicious File
Blocked
Behavior Monitoring And Dynamic Signatures
Live system monitoring identifies new threats Tracks behavior of unknown
processes and known bad processes
Multiple sensors to detect OS anomaly
Updates for new threats delivered through the cloud in real time Real time signature delivery with
Microsoft Active Protection Service
Immediate protection against new threats without waiting for scheduled updates
RESEARCHERS REPUTATIONREAL-TIME SIGNATURE DELIVERY
BEHAVIOR CLASSIFIERS
Microsoft Active Protection Service
Properties/Behavior
Real-time signature
Samplerequest
Samplesubmit
1 2 3 4
Protect Clients With Reduced Complexity
Simple interface Minimal, high-level
user interactions
Administrative Control User configurability options Central policy enforcement
Maintains high productivity CPU throttling during scans Faster scans through
advanced caching
Best Usability 2011 – AV Test
Heterogeneous Antimalware Clients
Mac OS XLinux
What’s new in SP1
Summary
Key Scenarios Forefront Endpoint Protection 2010
System Center 2012 Endpoint Protection
Unified infrastructure System Center Configuration Manager 2007
System Center 2012 Configuration Manager
Server setup Separate install Unified setup
Client deployment ConfigMgr distribution process Integrated
Signature updates Multiple sources (WSUS, File Share, Microsoft Update)
Multiple sources with automatic deployment rules from ConfigMgr console
Proactive protection
Firewall management
Role based administration
New
Alerts and monitoring Real time alerts
Reports Additional user centric reports
Unify
Pro
tect
Sim
plif
y
Online Resources
Launching a Windows Defender Offline Scan with Configuration Manager 2012 OSDOperating System Deployment and Endpoint Protection Client InstallationSoftware Update Content Cleanup in System Center 2012 Configuration ManagerBuilding Custom Endpoint Protection Reports in System Center 2012 Configuration ManagerManaging Software Updates in Configuration Manager 2012 How-to-Videos Product Documentation Security and Compliance Manager – Configuration Packs
Related Content
Breakout SessionsMGT309 | Microsoft System Center 2012 Configuration Manager OverviewMGT311 | Microsoft System Center 2012 Configuration Manager Deployment and Infrastructure Technical OverviewMGT312 | Deep Application Management with Microsoft System Center 2012 Configuration ManagerMGT313 | Microsoft System Center 2012 Configuration Manager: Plan, Deploy, and Migrate from Configuration Manager 2007 to 2012MGT318 | Patch and Settings Management in Microsoft System Center 2012 Configuration ManagerWCL388 | Client Management Scenarios in the Windows 8 Timeframe
Related Content
Hands-on Labs:MGT23-HOL | Deploying Windows 7 to Bare Metal Systems with Microsoft System Center 2012 Configuration ManagerMGT24-HOL | Implementing Endpoint Protection 2012 in Microsoft System Center 2012 Configuration ManagerMGT12-HOL | Compliance and Settings Management in Microsoft System Center 2012 Configuration ManagerMGT25-HOL | Deep Dive: Microsoft System Center 2012 Configuration Manager SQL Replication LabsMGT21-HOL | Basic Software Distribution in Microsoft System Center 2012 Configuration ManagerMGT16-HOL | Migrating from Microsoft System Center Configuration Manager 2007 to System Center 2012 Configuration ManagerMGT14-HOL | Implementing Role Based Administration in Microsoft System Center 2012 Configuration ManagerMGT15-HOL | Deploying a Microsoft System Center 2012 Configuration Manager HierarchyMGT11-HOL | Introduction to Microsoft System Center 2012 Configuration Manager
Resources
Connect. Share. Discuss.
http://northamerica.msteched.com
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Resources for Developers
http://microsoft.com/msdn
Complete an evaluation on CommNet and enter to win!
MS Tag
Scan the Tagto evaluate thissession now onmyTechEd Mobile
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.