SIM334: Microsoft Forefront Online Protection for Exchange Deep Dive
Download
Report
Transcript SIM334: Microsoft Forefront Online Protection for Exchange Deep Dive
SIM334
Internet
FOPE is the largest
commercial Online service at
Microsoft with >8M deployed
seats
Comprehensive
Protection
Enterprise
Class Reliability
• Multi-Engine Antivirus and
Multi layered continuously
evolving Anti-spam
• Scales to meet the needs of
virtually any enterprise via
globally load-balanced
datacenters
• In the Leader’s quadrant in
the 2010 Gartner MQ for
Secure Email Gateways
• Helps ensure that no email is
lost or bounced with
automatic spooling
• ISO 27001 certified
• 24x7 phone support; Free 90
day IPM support for >1000
seats
Reduced Costs
• Saves time on anti-spam
management, freeing up
network and server resources
• Saves costly bandwidth by
delivering only clean mail to
your corporate network
• Reduces up-front capital
investment via a predictable,
subscription-based payment
Financially
backed SLAs
• Filtering Accuracy
• 100% Known Virus
Protection
• 98% Spam Email Detection
• <1 in 250,000 Emails False
Positive Ratio
• Filtering Network
Performance
• 99.999% Network Uptime
• Rapid Email Delivery
(Average delivery commitment
of less than 1 minute)
5
International Speedway Corporation – Reduced spam incidents
by 25% and avoided costs of more than $120,000
Clifford Chance – one of the largest law firms in the world saw a
59% reduction in infrastructure costs; 20–30 mail gateways down
to 4
Johnstons of Elgin – stopping over one million messages a day
and reducing bandwidth by 1.5 gigabytes (GBs)
Edinburgh Napier University – 93% reduction in administration
burden; 85% spam reduction over the previous solution
Sunbelt Rentals – reduced help-desk calls, saved IT management
time, improved productivity, and reduced costs over the previous
solution
[email protected]
Connection Filtering
Connection
Management and
Routing
AntiVirus
Anti-Spam
Policy
• Connection Analysis (IP-based edge blocks)
• Reputation Analysis and Protection
• Load balanced delivery with multi-SMTP Profiles
• Control over routing and transport level security using new FOPE
Connectors
• Protect businesses from receiving and sending email–borne viruses
• Multiple engine support
• Heuristics support
• Detect and act on spam before it reaches the corporate network
• NDR Backscatter Support
• Outbound spam detection and mitigation
• Custom policy rules to regulate email flow based on business need
• Policy-based encryption (for EHE subscribers)
• RegEx pattern matching and custom dictionary support
Spam and Virus
Filtering Effectiveness
100%
Known Virus
Protection
< 1:250,000
False Positive Ratio
> 98%
Spam
Detection
Actual Performance vs. SLA
Spam effectiveness: >99% of spam caught
Around 1 in 480,000 false positives
Filtering Network
Performance
Network Uptime
> 99.999%
Actual Performance
99.999%+ network uptime
5–15 seconds delivery
Rapid Email Delivery
(Average delivery commitment
of less than 1 minute for 95th percentile)
FOPE
Datacenters
Mail.messaging.microsoft.com
Internet
If server down,
email queued for up to 5
days
Queue
Email enters the global
data center network – MX
(mail.messaging.microsoft.com)
Spam
SPAM
prevention
IP-based edge
blocks
Prevention
Envelope blocks
Directory
Services
Look up email filtering settings for domain
Virus
Scanning
Policy
Enforcement
Kaspersky
Custom Policy Rules
SPAM Protection
Safe senders
Symantec
Authentium
Attachment and
message attribute
management
Connector settings
Additional Spam Filter
management
Fingerprint Engines
Corporate
Network
Rules Based Scoring
Customer
Feedback
SMTP Reject: 55x
SPAM
SPAM
SPAM
Delivered in a flowcontrolled fashion
when server is
available
Content and Policy
Quarantine
False +ve / -ve
SPAM Quarantine
Spam Analysts
Internet
Look up email filtering settings for domain
Virus
Scanning
Policy
Enforcement
Kaspersky
Custom Policy Rules
Symantec
Authentium
Outbound Pool
SPAM Protection
Score < 30
Safe senders
Attachment and
message attribute
management
Custom Spam
Filter management
Rules Based
Scoring
Encryption*
Fingerprint Engine
Content and Policy
Quarantine
High Risk
Delivery Pool
Score >= 30
Spam Analysts
Corporate
Network
No False Positives” a deep part of FOPE team culture
Rigorously evaluate all designs for false positive risk
“Not Junk” button in spam quarantine
~6,500 confirmed false positive submissions/week
Junk Email Reporting Add-in for Microsoft Outlook
Self-serve tools for customers
Per-customer IP Block List Exceptions
Exchange/Outlook SafeSender support
On-Premises Software
Online
Exchange Server
Internet
SMTP
Edge Role
Hub Role
Mailbox Role
Antivirus and anti-spam protection
for Exchange Server 2010/2007
Server Roles
Anti Malware
Anti-spam
Management
Forefront Online
Protection for Exchange
• Symantec
• Authentium
• Kaspersky
• Inbound Messaging Hygiene
• Stop Foreign Spam
• Outbound Spam Mitigation
• Anti-spam Feedback Loop
• Message Tracing
• IT Admin Improvements
Forefront Protection 2010
for Exchange Server
•
•
•
•
•
• Internal mail filtering
• Industry-leading 3rd party content filtering
• Forefront Protection Server Management
Console
MS AV + AntiSpyware
Kaspersky
Authentium
Virus Buster
Norman
Route outbound email through on-premises servers or
DLP appliances
Force TLS for secure B2B communication
Bypass spam filters for trusted partners
And much, much more…
Forced TLS
DLP appliance
http://www.microsoft.com/forefront/
http://technet.microsoft.com/enus/library/ff684056.aspx
http://technet.microsoft.com/enus/edge/ff832960.aspx?category=Forefront
Blue Section
http://www.microsoft.com/cloud/
http://www.microsoft.com/privatecloud/
http://www.microsoft.com/windowsserver/
http://www.microsoft.com/windowsazure/
http://www.microsoft.com/systemcenter/
http://www.microsoft.com/forefront/
http://northamerica.msteched.com
www.microsoft.com/teched
www.microsoft.com/learning
http://microsoft.com/technet
http://microsoft.com/msdn