1 / 36

Microsoft System Center 2012 Endpoint Protection Overview

MGT310. Microsoft System Center 2012 Endpoint Protection Overview. Mark Florida Principal Program Manager Lead Microsoft Corporation. Adwait Joshi (AJ) Product Marketing Manager Microsoft Corporation. Session Objectives And Takeaways. Session Objectives: The evolution of malware

nike
Download Presentation

Microsoft System Center 2012 Endpoint Protection Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MGT310 Microsoft System Center 2012 Endpoint Protection Overview Mark Florida Principal Program Manager Lead Microsoft Corporation AdwaitJoshi (AJ) Product Marketing Manager Microsoft Corporation

  2. Session Objectives And Takeaways • Session Objectives: • The evolution of malware • Overview of System Center 2012 Endpoint Protection • Demos on EP client installation and management+security • Overview of the Endpoint Protection client

  3. The Evolution Of Malware • In 1991, 1000 known threats, in 2001 there were 60,000 • Today there are millions, and it’s growing every day • Sophistication and production rates continue to evolve • Anybody can do it—full malware suites available online • Your stuff is worth money, and they want it!

  4. National Interest Personal Gain Personal Fame Curiosity Nefarious Personas Spy Fastest growing segment Thief Tools created by experts now used by less skilled attackers and criminals Trespasser Vandal Author HobbyistHacker Script-Kiddy Expert Specialist

  5. System Center 2012 Endpoint ProtectionNext generation of Forefront Endpoint Protection 2010 Unified Infrastructure Enhanced Protection Simplified Administration Reduce the cost of maintaining secure endpoints with unified management and security infrastructure Protect against known and unknown threats with endpoint inspection at behavior, application, and network levels Single administrator experience for simplified endpoint protection and management

  6. Mgmt + Security In Configuration Manager 2012 SWD OSD

  7. System Center 2012 Endpoint Protection Unified Infrastructure Easy to setup and operate the management infrastructure Simplified deployment of antimalware policies Automated deployment of updates using ConfigMgr infrastructure Reduce the cost of maintaining secure endpoints with unified management and security infrastructure Easy client install and migration

  8. Infrastructure Changes from FEP 2010 CONFIGURATION MANAGER 2012 ENDPOINT PROTECTION 2012 CONFIGURATION MANAGER 2007 FOREFRONT ENDPOINT PROTECTION 2010 Definition Catalogs FEP SERVICE EP CLIENT on ConfigMgr Server EP SITE ROLE SERVER CLIENT MANAGEMENTPOINT CM CLIENT FEP DW FEP DB CM DB Pre-Packaged EP CLIENT EP DEPLOYMENT EP OPERATIONS EP POLICY CONFIGURATIONMANAGER SITE SERVER FEPEXTENSIONS FEP DEPLOYMENT FEP OPERATIONS FEP POLICY DISTRIBUTIONPOINT EP CLIENT EXCELTEMPLATE REPORTS

  9. Simplified Deployment of AM Policies • Centralized management for AM and Firewall Policy • AM and FW policy delivered as ConfigMgr policy – no package/program dependency • Out of box templates • Import, Export, Merge • Prioritization of policies by collection • Simplified UI for customizing policy

  10. Signature Update Distribution • Easier distribution process • Automatic deployment rules within ConfigMgr software updates • Minimizes WAN impact • Uses distribution points and reduced definition size • Ensures always up-to-date security regardless of the client location • Multiple update sources (ConfigMgr, WSUS, Microsoft Update, Windows File Share) Corporate Network MICROSOFT UPDATE Delta update size: 50-2048 KB Update Frequency: 3 times/day Updates distributed through ConfigMgr, WSUS or Windows File Share ON THE ROAD Fallback to online update

  11. Simplified Client Setup • Ease of client setup and deployment • No separate deployment needed for endpoint protection client • Endpoint Protection agent installer deployed with Configuration Manager client setup • Endpoint Protection client and definitions easily integrated with OSD • Flexible administrative control • Administrator can force or suppress any required reboots • Configurable option for automatic removal of existing AV client • Easy migration from existing solutions and automatic removal of existing clients • Symantec • McAfee • TrendMicro • Forefront Client Security or Forefront Endpoint Protection Client Installation Flow EP agent installer deployed with ConfigMgr Client EP enabled in the console- EP installation starts on the device Silent removal of third-party products EP client install Configure Policy Signature update

  12. Client Deployment

  13. System Center 2012 Endpoint Protection Simplified Administration Single interface for client management and security Improved alerting, client to admin within 5 minutes, and reporting, with real-time and user-centric data views Single administrator experience for simplified endpoint protection and management

  14. Single Interface For Management And Security • Single interface for client management and security • Dashboard integrated with ConfigMgr console • Simplified cross-feature integration • Quick identification and remediation of client security issues • Dashboard focused on actionable events • Flexibility to separate security admin role • Role-based administration • Access to only relevant security information

  15. Monitoring Client Security • Quick alerts and event notification in the console • Uses high speed data channel to notify events in real time • High speed data channel prioritizes EP messages in state system, and no client “wait” to send messages up • Integrated monitoring for client health and antimalware status • Email subscription for alerts

  16. Rich Reporting And Analysis • Rich reporting on client security • SQL Reporting Services-based reports on many categories • User-centric reports enable identification of commonly impacted users • Customizable reports simplified through database integration

  17. Management and Real-time Monitoring

  18. What’s new in SP1 System Center 2012Endpoint Protection SP1 • Automatically deploy definition update 3 times per day • Category based scan from client to WSUS • Delta syncs between SUP and WSUS • Real-time administrative actions: • Run Definition Updates • Run Quick Scan • Run Full Scan • Allow threats • Exclude paths and/or files • Restore files quarantined by threat • Client side merge of antimalware policies

  19. What’s new in SP1 Real-time Administrative Actions 3 In administrative console selects “Run Full Scan” on a collection • A task is created • MP is told that new urgent task has been requested 2 Task = “Run Full Scan” Administrator Site Server and MP 1 • “Dial tone” • Active TCP Session with the MP • Client Checking for urgent tasks • “Call is placed” • Client via this TCP connection is told there are urgent tasks to run • Client then connects to the MP to get policy • Client runs the Full Scan Task 4 All this happens within seconds Client

  20. Real-time Administrative Actions in Endpoint Protection SP1

  21. System Center 2012 Endpoint Protection Enhanced Protection Comprehensive protection stack building on Windows Security Proactive protection against known and unknown threats Reduced complexity while protecting clients Protect against known and unknown threats with endpoint inspection at behavior, application, and network levels

  22. Comprehensive Protection Stack Building on Windows Platform security Reactive Techniques (Against Known Threats) Proactive Techniques (Against Unknown Threats) DYNAMIC CLOUD UPDATES Behavior Monitoring Data Execution Prevention Address Space Layout Randomization User Account Control Windows Resource Protection APPLICATION Antimalware Dynamic Translation and Emulation Dynamic Signature Service Microsoft Malware Protection Center Internet Explorer® 8 SmartScreen Microsoft AppLocker Microsoft BitLocker FILE SYSTEM Vulnerability Shielding (Network Inspection System) NETWORK Windows Firewall Centralized Management System Center Endpoint Protection Windows 7

  23. Dynamic Translation With Heuristics • Industry-leading proactive detection • Emulation based detection helps provide better protection • Safe translation in a virtual environment for analysis • Enables faster scanning and response to threats • Heuristics enable one signature to detect thousands of variants Real Time Protection Driver Intercepts Malware Detected Potential Malware Execution attempt on the system Safe Translation Using DT Malicious File Blocked VIRTUALIZED RESOURCES

  24. Behavior Monitoring And Dynamic Signatures RESEARCHERS REAL-TIME SIGNATURE DELIVERY BEHAVIOR CLASSIFIERS REPUTATION • Live system monitoring identifies new threats • Tracks behavior of unknown processes and known bad processes • Multiple sensors to detect OS anomaly • Updates for new threats delivered through the cloud in real time • Real time signature delivery with Microsoft Active Protection Service • Immediate protection against new threats without waiting for scheduled updates Microsoft Active Protection Service Properties/ Behavior Real-time signature Sample submit Sample request 1 2 3 4

  25. Protect Clients With Reduced Complexity • Simple interface • Minimal, high-level user interactions • Administrative Control • User configurability options • Central policy enforcement • Maintains high productivity • CPU throttling during scans • Faster scans through advanced caching

  26. Best Usability 2011 – AV Test

  27. What’s new in SP1 Heterogeneous Antimalware Clients • Mac OS X • Linux

  28. Summary Unify Protect Simplify

  29. Online Resources Launching a Windows Defender Offline Scan with Configuration Manager 2012 OSD Operating System Deployment and Endpoint Protection Client Installation Software Update Content Cleanup in System Center 2012 Configuration Manager Building Custom Endpoint Protection Reports in System Center 2012 Configuration Manager Managing Software Updates in Configuration Manager 2012 How-to-Videos Product Documentation Security and Compliance Manager – Configuration Packs

  30. Related Content • Breakout Sessions • MGT309 | Microsoft System Center 2012 Configuration Manager Overview • MGT311 | Microsoft System Center 2012 Configuration Manager Deployment and Infrastructure Technical Overview • MGT312 | Deep Application Management with Microsoft System Center 2012 Configuration Manager • MGT313 | Microsoft System Center 2012 Configuration Manager: Plan, Deploy, and Migrate from Configuration Manager 2007 to 2012 • MGT318 | Patch and Settings Management in Microsoft System Center 2012 Configuration Manager • WCL388 | Client Management Scenarios in the Windows 8 Timeframe

  31. Related Content • Hands-on Labs: • MGT23-HOL | Deploying Windows 7 to Bare Metal Systems with Microsoft System Center 2012 Configuration Manager • MGT24-HOL | Implementing Endpoint Protection 2012 in Microsoft System Center 2012 Configuration Manager • MGT12-HOL | Compliance and Settings Management in Microsoft System Center 2012 Configuration Manager • MGT25-HOL | Deep Dive: Microsoft System Center 2012 Configuration Manager SQL Replication Labs • MGT21-HOL | Basic Software Distribution in Microsoft System Center 2012 Configuration Manager • MGT16-HOL | Migrating from Microsoft System Center Configuration Manager 2007 to System Center 2012 Configuration Manager • MGT14-HOL | Implementing Role Based Administration in Microsoft System Center 2012 Configuration Manager • MGT15-HOL | Deploying a Microsoft System Center 2012 Configuration Manager Hierarchy • MGT11-HOL | Introduction to Microsoft System Center 2012 Configuration Manager

  32. Resources Learning TechNet • Connect. Share. Discuss. • Microsoft Certification & Training Resources http://northamerica.msteched.com www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers http://microsoft.com/technet http://microsoft.com/msdn

  33. Required Slide Complete an evaluation on CommNet and enter to win!

  34. MS Tag Scan the Tag to evaluate this session now on myTechEd Mobile

  35. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related