Agenda Next Generation Antispam Protection Forefront Overview Forefront Security for Exchange Server Forefront Online Security for Exchange Hybrid Software Services Solution Summary QampA ID: 799459
Download The PPT/PDF document "Protection: Targeting Spam with Microsof..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Slide2Protection: Targeting Spam with Microsoft Forefront
Slide3AgendaNext Generation Antispam Protection Forefront OverviewForefront Security for Exchange ServerForefront Online Security for ExchangeHybrid Software + Services SolutionSummary
Q&A
Slide4Business Ready Security
Help securely enable business by managing risk and empowering people
Protection
Access
Management
Highly Secure & Interoperable Platform
Identity
Integrate and extend
security across
the enterprise
Protect everywhere,
access anywhere
Simplify the
security experience,
manage compliance
Block
from:
Enable
Cost
Value
Siloed
Seamless
to:
Slide5“
Stirling
“Central Management Server
Code Name "Stirling"
Network Edge
Server Applications
Client &
Server OS
An
integrated security s
uite
that deliverscomprehensive protection across clients, servers, and the edge that is easy to manage and control.
Third-Party Partner SolutionsOther Microsoft Solutions
Active Directory
Network AccessProtection
Comprehensive Protection
Simplified Management
Critical Visibility
Slide6An easy to manage premium Antimalware and Antispam solution for Microsoft Exchange serversComprehensive ProtectionMulti-Layer AntispamMulti engine AntimalwareFile and Keyword filteringSupports Exchange 2007 and Exchange 2010
Forefront
Security for Exchange
FSE At
a
Glance
Antispam LandscapeForefront Online Security for Exchange filtered 97.3% of all email it received (H2 2008)90% of bounce messages generated during December 2008 were the result of backscatterMicrosoft Security Intelligence Reporthttp://www.microsoft.com/security/portal/sir.aspx
Slide8Verified EffectivenessWest Coast Labs
Industry recognized spam testing facility
Premium
Antispam
certification
Requires 97% catch rateForefront Security for ExchangeBeta 2 Test Results99% spam catch rate False positive rate of 0.0005%
Slide9Spam
Edge
Exchange
Edge
Internal Network
Exchange
Hub
Exchange
Mailbox
Exchange
CAS
FSE
Antispam Deployment
User
Slide10Exchange Integration
Forefront is built on the top of Exchange’s publically documented Transport APIs
Forefront premium
antispam
agents can be deployed separately or in conjunction with basic Exchange agents (excluding Content Filter)Forefront architecture is highly adaptive, extensible, and engine independent.
Pickup
Directory
Categorizer
Recipient APIDelivery
QueueSMTPSend
SMTPSMTP
AD
Forefront
Antispam
Transport Agent/Message API
Ex Submit
(MAPI
-> SMTP)
Exchange Biz Logic
SMTP
Receive
Agent
Run Time
Engine (
MEx
)
Submission
Queue
Slide11IP SourceSMTP / EnvelopeContentOutlook client integration
FSE
Antispam
Protection
Areas of analysis
Slide12IP Allow / Deny ListsDNSBLMicrosoft Hosted – No additional costAggregates multiple RBL feeds
FSE
Antispam
Protection
IP Source Related
Slide13FSE and DNSBL
How it works
FSE-protected
Exchange server
FOSE DNSBL
Servers
Connecting Client
Forefront DNSBL agent constructs and sends a specially formatted DNS query to the Microsoft hosted DNSBL server
3. Microsoft hosted DNSBL server validates and responds to the query
I
N
T
E
RNE
T1. Forefront DNSBL agent is triggered by connection request from the Internet
ResponseMatch returns 127.0.0.x code (drop)No match returns NXDOMAIN (accept)Microsoft hosted DNSBL is totally transparentThere is nothing additional to purchase or configure
Slide14Per OrganizationBackscatter ProtectionSenderID VerificationGlobal Sender FilteringGlobal Recipient FilteringGlobal Exclusion ListPer RecipientSafe / Blocked SendersSafe / Blocked Recipients
FSE
Antispam
Protection
SMTP Envelope /
Data Related
Slide15FSE SenderID
Filtering
How it works
FSE-protected
Exchange server
Mail Domains DNS Servers
Connecting Client
Forefront
SenderID
agent queries the sending mail domain’s DNS server
3. Mail
senders’s DNS responds to the query
I
NTERNE
T1. Forefront agent is triggered by connection request from the Internet
Support for current and legacy representation of DNS entriesSPF 1.0 and SPF 2.0DNS record types TXT and SPF (type 99)x4. Forefront
SenderID agent verifies IP of connecting client is authorized to send mail for the domain
Slide16New content filtering agentIntegration of Cloudmark Authority ® technologyCarrier grade performance, accuracy and protectionConfigurable ranges for certain vs. suspect spam allowing for deletion or quarantine of gray-mail
Forefront Keyword Filtering
Forefront True File Type Filtering
FSE
Antispam
Protection
Content
Related
Slide17Spam
Legit.
FSE-protected Exchange recipient
Fingerprint
Cache
Reject
Cloudmark
® Content
Fingerprinting
Message preprocessing occurs to normalize content
Relevant parts of the message are analyzed
Message components reduced to a short set of
anonymous fingerprints
Fingerprints compared to local cache of known bad fingerprints
Match :message is identified as abuse
No match: Heuristics are applied
No match & No heuristics: message is identified as legitimate
Slide18Content Filter Spam Confidence LevelAll “good” e-mail gets assigned an SCL of -1Forefront will reassign an SCL of -1 to all mail determined to be in the range of 0 – 4 by the content analyzer.Prevents re-evaluation by Outlook E-mail within 5 to 9 is subject to the following actions:Reject
Delete
Stamp and Continue
Quarantine
SCL Value
SCL Definition
-1
Messages coming from trusted source0
Message categorized as not spam
1 – 4The likelihood of messages being spam is extremely low to
low5 - 9The likelihood of messages being spam is high to
extremely high
Slide19No more junk mail… almostMail determined to be clean is delivered directly to the user’s inboxUser’s custom settings are evaluated on the server
FSE
Antispam
Protection
Outlook Client Related
Slide20Forefront Security for Exchange AntispamJohn GargiuloSr. Program Manager LeadMicrosoftdemo
Slide21Content
Related
Outlook
Connection
Related
SMTP
Related
FSE Antispam Message Flow Summary
No
IP Allow
IP Block
DNSBL
Yes
Safelisted
Mail
Guaranteed to Inbox Immediate Delivery Rich rendering
SPAM and
Bcon Reduced Delivery Rates Moved to JEF Mail not Richly Rendered
AS Processed Mail Guaranteed to Inbox Delivery after AS filtering Conditional Rendering
Message FlowGlobal ListsBackscatterPer-recipient ListsSenderIDYes
NoYes
Content Analysis
QuarantineKeywordFile Filtering
Valid
Safe IP
Maybe
Junk Mail Folder
Conditional Rendering
End User List Management
Reject
Reject
Quarantine
Filter
Bypass
Slide22Forefront Online Security for Exchange(FOSE)
Terry Zink
Program Manager
Microsoft
Slide23FOSE Overview
Real-time threat prevention
Layered anti-spam and
antivirus
Customized policy enforcement
Microsoft
ForefrontOnline Security for Exchange
Key Highlights
100% virus detection
98% spam detection1:250,000 false positives99.999% network uptimeRapid email delivery (< 1 minute)
Slide24FOSE Architecture Overview
I
N
T
E
R
N
E
T
FOSE Online
Service
Customer Mail server
Spam quarantine
Internet Cloud
Slide25Ireland
Netherlands
Singapore
Texas
Virginia
Washington
California
FOSE Global Network Infrastructure
Network infrastructure that delivers reliability and scalability
Hosted services provisioned across a global network infrastructure
Fully redundant, load-balanced architecture
Scalability to handle all message volume variations
Slide26FOSE Antispam ImprovementsExtended Reputation ListsIP reputation listsURL reputation listsBackscatter Spam Mitigation
Outbound Spam Mitigation
Slide27Enhanced Reputation Lists
URIBL.com
Spam Rules
Database
Spam Filter
Bad
URLs
Internet Service Providers
Non-Permitted
IPs
Clean-up
Process
Slide28Enhanced Reputation Lists
URIBL.com
Spam Rules
Database
Spam Filter
Bad
URLs
Internet Service Providers
Non-Permitted
IPs
Clean-up
Process
Slide29‘Backscatter spam’ gums up many e-mail inboxes
Dubbed backscatter spam, this latest fad is clogging email accounts and slowing victims’ inboxes to a crawl. Up to 3% of all email today is backscatter…
http://www.usatoday.com/tech/news/2008-10-20-backspatter-spam_N.htm
90% of FOSE bounce messages are backscatter
6 million / day
Number 2 customer complaint
Backscatter
The Problem
Slide30FOSE Backscatter Protection
How it works – Valid NDR
The FOSE Server inserts custom tokens
3. Receiver cannot deliver, must send bounce message
I
N
T
E
R
N
E
T1. Outbound customers sends email through FOSE
5. Tokens exist, deliver NDR to user4. FOSE Inbound Server looks for tokensValid User
(you@example.com)FOSEReceiving
Mail Server
<
prvs
=12we34fnr=you@example.com>
Slide31Receiver cannot deliver, must send bounce message
3. FOSE Inbound Server looks for tokens
I
N
T
E
R
N
E
T
1. Spammer generates an email with a forged MAIL FROM address and sends to receiving email server
<you@example.com>
4. No tokens exist! Message is backscatter spam!
FOSE Backscatter Protection
How it works – Backscatter NDR
FOSE
Receiving
Mail Server
Spammer
Valid User(you@example.com)
Slide32Outbound Spam Mitigation
Customer 1
FOSE
Spam Filter
Customer 2
Customer 3
FOSE
Regular Outbound
FOSE
NDR Pool
Slide33Outbound Spam Monitoring
Customer 1
FOSE
Spam Filter
Customer 3
spamloop
@...
Statistics
SEWR Report
Spam!
Statistical
Analysis
Spam!
Alert!
Spam!
Slide34Bringing together on-premise and hosted protectionHybrid Solution
Slide35Managed from on-premise systemsForefront Code Name Stirling consoleFSE Stand alone UISynchronizes on-premise data with FOSEActive Directory informationFSE Antispam policyCollects data from FOSE to on-premise systemsQuarantine informationStatistics
FOSE Gateway
The bridge between on-premise
e and the cloud
Slide36FOSE Gateway – Policy
Management
How it works
I
N
T
E
R
N
E
T
Forefront Stirling Console
Forefront Edge ServerFOSE Gateway
FOSEBackend1. Antispam policy defined on Stirling Console
2. Policy assigned to asset group and pushed out to Edge Server and FOSE Gateway3. FOSE Gateway pushes policy to FOSE Backend via web service call
4. Antispam policy put into effect on FOSE Backend
Slide37FOSE Gateway – Data Collection
How it works
I
N
T
E
R
N
E
T
Forefront Code Name Stirling Console
FOSE Gateway
FOSEBackend1. FOSE Server makes scheduled web service calls to FOSE Backend to collect quarantine and statistics information
2. FOSE Gateway sends data to the Stirling Server for centralized storage3. FOSE information available to administrator alongside on-premise data via the Stirling Console
Slide38Forefront provides a premium antispam solution for on-premise, hosted, and hybrid environmentsSimplified management experience across on-premise and hosted environments from a single consoleInnovative, leading technology to combat spam and keep it out of your inboxMicrosoft is committed to helping you fight and win the war on spam
Summary
Slide39Maintain the good reputation of your mail domain, reduce spam and improve mail delivery by deploying Forefront Antispam technologies
Call To Action
Slide40question & answer
Slide41Required Slide
A slide outlining the 2009 evaluation process and prizes will be provided closer to the event.
Slide42©
2009 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT
MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.Required Slide