/
Protection: Targeting Spam with Microsoft Forefront Protection: Targeting Spam with Microsoft Forefront

Protection: Targeting Spam with Microsoft Forefront - PowerPoint Presentation

provingintel
provingintel . @provingintel
Follow
343 views
Uploaded On 2020-08-05

Protection: Targeting Spam with Microsoft Forefront - PPT Presentation

Agenda Next Generation Antispam Protection Forefront Overview Forefront Security for Exchange Server Forefront Online Security for Exchange Hybrid Software Services Solution Summary QampA ID: 799459

fose spam server forefront spam fose forefront server mail antispam exchange microsoft security fse message protection content stirling hosted

Share:

Link:

Embed:

Download Presentation from below link

Download The PPT/PDF document "Protection: Targeting Spam with Microsof..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Slide2

Protection: Targeting Spam with Microsoft Forefront

Slide3

AgendaNext Generation Antispam Protection Forefront OverviewForefront Security for Exchange ServerForefront Online Security for ExchangeHybrid Software + Services SolutionSummary

Q&A

Slide4

Business Ready Security

Help securely enable business by managing risk and empowering people

Protection

Access

Management

Highly Secure & Interoperable Platform

Identity

Integrate and extend

security across

the enterprise

Protect everywhere,

access anywhere

Simplify the

security experience,

manage compliance

Block

from:

Enable

Cost

Value

Siloed

Seamless

to:

Slide5

Stirling

“Central Management Server

Code Name "Stirling"

Network Edge

Server Applications

Client &

Server OS

An

integrated security s

uite

that deliverscomprehensive protection across clients, servers, and the edge that is easy to manage and control.

Third-Party Partner SolutionsOther Microsoft Solutions

Active Directory

Network AccessProtection

Comprehensive Protection

Simplified Management

Critical Visibility

Slide6

An easy to manage premium Antimalware and Antispam solution for Microsoft Exchange serversComprehensive ProtectionMulti-Layer AntispamMulti engine AntimalwareFile and Keyword filteringSupports Exchange 2007 and Exchange 2010

Forefront

Security for Exchange

FSE At

a

Glance

Slide7

Antispam LandscapeForefront Online Security for Exchange filtered 97.3% of all email it received (H2 2008)90% of bounce messages generated during December 2008 were the result of backscatterMicrosoft Security Intelligence Reporthttp://www.microsoft.com/security/portal/sir.aspx

Slide8

Verified EffectivenessWest Coast Labs

Industry recognized spam testing facility

Premium

Antispam

certification

Requires 97% catch rateForefront Security for ExchangeBeta 2 Test Results99% spam catch rate False positive rate of 0.0005%

Slide9

Spam

Edge

Exchange

Edge

Internal Network

Exchange

Hub

Exchange

Mailbox

Exchange

CAS

FSE

Antispam Deployment

User

Slide10

Exchange Integration

Forefront is built on the top of Exchange’s publically documented Transport APIs

Forefront premium

antispam

agents can be deployed separately or in conjunction with basic Exchange agents (excluding Content Filter)Forefront architecture is highly adaptive, extensible, and engine independent.

Pickup

Directory

Categorizer

Recipient APIDelivery

QueueSMTPSend

SMTPSMTP

AD

Forefront

Antispam

Transport Agent/Message API

Ex Submit

(MAPI

-> SMTP)

Exchange Biz Logic

SMTP

Receive

Agent

Run Time

Engine (

MEx

)

Submission

Queue

Slide11

IP SourceSMTP / EnvelopeContentOutlook client integration

FSE

Antispam

Protection

Areas of analysis

Slide12

IP Allow / Deny ListsDNSBLMicrosoft Hosted – No additional costAggregates multiple RBL feeds

FSE

Antispam

Protection

IP Source Related

Slide13

FSE and DNSBL

How it works

FSE-protected

Exchange server

FOSE DNSBL

Servers

Connecting Client

Forefront DNSBL agent constructs and sends a specially formatted DNS query to the Microsoft hosted DNSBL server

3. Microsoft hosted DNSBL server validates and responds to the query

I

N

T

E

RNE

T1. Forefront DNSBL agent is triggered by connection request from the Internet

ResponseMatch returns 127.0.0.x code (drop)No match returns NXDOMAIN (accept)Microsoft hosted DNSBL is totally transparentThere is nothing additional to purchase or configure

Slide14

Per OrganizationBackscatter ProtectionSenderID VerificationGlobal Sender FilteringGlobal Recipient FilteringGlobal Exclusion ListPer RecipientSafe / Blocked SendersSafe / Blocked Recipients

FSE

Antispam

Protection

SMTP Envelope /

Data Related

Slide15

FSE SenderID

Filtering

How it works

FSE-protected

Exchange server

Mail Domains DNS Servers

Connecting Client

Forefront

SenderID

agent queries the sending mail domain’s DNS server

3. Mail

senders’s DNS responds to the query

I

NTERNE

T1. Forefront agent is triggered by connection request from the Internet

Support for current and legacy representation of DNS entriesSPF 1.0 and SPF 2.0DNS record types TXT and SPF (type 99)x4. Forefront

SenderID agent verifies IP of connecting client is authorized to send mail for the domain

Slide16

New content filtering agentIntegration of Cloudmark Authority ® technologyCarrier grade performance, accuracy and protectionConfigurable ranges for certain vs. suspect spam allowing for deletion or quarantine of gray-mail

Forefront Keyword Filtering

Forefront True File Type Filtering

FSE

Antispam

Protection

Content

Related

Slide17

Spam

Legit.

FSE-protected Exchange recipient

Fingerprint

Cache

Reject

Cloudmark

® Content

Fingerprinting

Message preprocessing occurs to normalize content

Relevant parts of the message are analyzed

Message components reduced to a short set of

anonymous fingerprints

Fingerprints compared to local cache of known bad fingerprints

Match :message is identified as abuse

No match: Heuristics are applied

No match & No heuristics: message is identified as legitimate

Slide18

Content Filter Spam Confidence LevelAll “good” e-mail gets assigned an SCL of -1Forefront will reassign an SCL of -1 to all mail determined to be in the range of 0 – 4 by the content analyzer.Prevents re-evaluation by Outlook E-mail within 5 to 9 is subject to the following actions:Reject

Delete

Stamp and Continue

Quarantine

SCL Value

SCL Definition

-1

Messages coming from trusted source0

Message categorized as not spam

1 – 4The likelihood of messages being spam is extremely low to

low5 - 9The likelihood of messages being spam is high to

extremely high

Slide19

No more junk mail… almostMail determined to be clean is delivered directly to the user’s inboxUser’s custom settings are evaluated on the server

FSE

Antispam

Protection

Outlook Client Related

Slide20

Forefront Security for Exchange AntispamJohn GargiuloSr. Program Manager LeadMicrosoftdemo

Slide21

Content

Related

Outlook

Connection

Related

SMTP

Related

FSE Antispam Message Flow Summary

No

IP Allow

IP Block

DNSBL

Yes

Safelisted

Mail

Guaranteed to Inbox Immediate Delivery Rich rendering

SPAM and

Bcon Reduced Delivery Rates Moved to JEF Mail not Richly Rendered

AS Processed Mail Guaranteed to Inbox Delivery after AS filtering Conditional Rendering

Message FlowGlobal ListsBackscatterPer-recipient ListsSenderIDYes

NoYes

Content Analysis

QuarantineKeywordFile Filtering

Valid

Safe IP

Maybe

Junk Mail Folder

Conditional Rendering

End User List Management

Reject

Reject

Quarantine

Filter

Bypass

Slide22

Forefront Online Security for Exchange(FOSE)

Terry Zink

Program Manager

Microsoft

Slide23

FOSE Overview

Real-time threat prevention

Layered anti-spam and

antivirus

Customized policy enforcement

Microsoft

ForefrontOnline Security for Exchange

Key Highlights

100% virus detection

98% spam detection1:250,000 false positives99.999% network uptimeRapid email delivery (< 1 minute)

Slide24

FOSE Architecture Overview

I

N

T

E

R

N

E

T

FOSE Online

Service

Customer Mail server

Spam quarantine

Internet Cloud

Slide25

Ireland

Netherlands

Singapore

Texas

Virginia

Washington

California

FOSE Global Network Infrastructure

Network infrastructure that delivers reliability and scalability

Hosted services provisioned across a global network infrastructure

Fully redundant, load-balanced architecture

Scalability to handle all message volume variations

Slide26

FOSE Antispam ImprovementsExtended Reputation ListsIP reputation listsURL reputation listsBackscatter Spam Mitigation

Outbound Spam Mitigation

Slide27

Enhanced Reputation Lists

URIBL.com

Spam Rules

Database

Spam Filter

Bad

URLs

Internet Service Providers

Non-Permitted

IPs

Clean-up

Process

Slide28

Enhanced Reputation Lists

URIBL.com

Spam Rules

Database

Spam Filter

Bad

URLs

Internet Service Providers

Non-Permitted

IPs

Clean-up

Process

Slide29

‘Backscatter spam’ gums up many e-mail inboxes

Dubbed backscatter spam, this latest fad is clogging email accounts and slowing victims’ inboxes to a crawl. Up to 3% of all email today is backscatter…

http://www.usatoday.com/tech/news/2008-10-20-backspatter-spam_N.htm

90% of FOSE bounce messages are backscatter

6 million / day

Number 2 customer complaint

Backscatter

The Problem

Slide30

FOSE Backscatter Protection

How it works – Valid NDR

The FOSE Server inserts custom tokens

3. Receiver cannot deliver, must send bounce message

I

N

T

E

R

N

E

T1. Outbound customers sends email through FOSE

5. Tokens exist, deliver NDR to user4. FOSE Inbound Server looks for tokensValid User

(you@example.com)FOSEReceiving

Mail Server

<

prvs

=12we34fnr=you@example.com>

Slide31

Receiver cannot deliver, must send bounce message

3. FOSE Inbound Server looks for tokens

I

N

T

E

R

N

E

T

1. Spammer generates an email with a forged MAIL FROM address and sends to receiving email server

<you@example.com>

4. No tokens exist! Message is backscatter spam!

FOSE Backscatter Protection

How it works – Backscatter NDR

FOSE

Receiving

Mail Server

Spammer

Valid User(you@example.com)

Slide32

Outbound Spam Mitigation

Customer 1

FOSE

Spam Filter

Customer 2

Customer 3

FOSE

Regular Outbound

FOSE

NDR Pool

Slide33

Outbound Spam Monitoring

Customer 1

FOSE

Spam Filter

Customer 3

spamloop

@...

Statistics

SEWR Report

Spam!

Statistical

Analysis

Spam!

Alert!

Spam!

Slide34

Bringing together on-premise and hosted protectionHybrid Solution

Slide35

Managed from on-premise systemsForefront Code Name Stirling consoleFSE Stand alone UISynchronizes on-premise data with FOSEActive Directory informationFSE Antispam policyCollects data from FOSE to on-premise systemsQuarantine informationStatistics

FOSE Gateway

The bridge between on-premise

e and the cloud

Slide36

FOSE Gateway – Policy

Management

How it works

I

N

T

E

R

N

E

T

Forefront Stirling Console

Forefront Edge ServerFOSE Gateway

FOSEBackend1. Antispam policy defined on Stirling Console

2. Policy assigned to asset group and pushed out to Edge Server and FOSE Gateway3. FOSE Gateway pushes policy to FOSE Backend via web service call

4. Antispam policy put into effect on FOSE Backend

Slide37

FOSE Gateway – Data Collection

How it works

I

N

T

E

R

N

E

T

Forefront Code Name Stirling Console

FOSE Gateway

FOSEBackend1. FOSE Server makes scheduled web service calls to FOSE Backend to collect quarantine and statistics information

2. FOSE Gateway sends data to the Stirling Server for centralized storage3. FOSE information available to administrator alongside on-premise data via the Stirling Console

Slide38

Forefront provides a premium antispam solution for on-premise, hosted, and hybrid environmentsSimplified management experience across on-premise and hosted environments from a single consoleInnovative, leading technology to combat spam and keep it out of your inboxMicrosoft is committed to helping you fight and win the war on spam

Summary

Slide39

Maintain the good reputation of your mail domain, reduce spam and improve mail delivery by deploying Forefront Antispam technologies

Call To Action

Slide40

question & answer

Slide41

Required Slide

A slide outlining the 2009 evaluation process and prizes will be provided closer to the event.

Slide42

©

2009 Microsoft

Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.

MICROSOFT

MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.Required Slide