Microsoft Security Strategy

1
Microsoft SecurityStrategy Solutions
Nir Chinsky Security Lead Microsoft
Israel nirch_at_microsoft.com
2
Agenda

• Security Challenges
• Microsoft Security Solutions
• Demo
• Customer Story
• Looking Ahead
• Summary

3
Dynamic IT
Manage Complexity, Achieve Agility
Advance the Business with IT Solutions
Protect Information, Control Access
Amplify the Impact of Your People
Secure Interoperable Platform
4
Security Challenges
5
Network Security
6
Identity and Access Security
7
Protection
8
Forefront In the Real World

• More than 70,000 Mailboxes are protected with
  Forefront for Exchange

• More than 2000 Websites are protected with
  Forefront for SharePoint

• More than 30,000 Desktops are protected with
  Forefront client Security

• More than 800 ISA Servers are protecting
  Infrastructures

• IAG 2007

9
Interoperability
10
Security Stack Interoperability
Management System
11
Compliance

• Information Protection
• Identity Synchronization Management
• Data Encryption
• Network Protection
• Strong Authentication
• Application protection
• Secure Development

12
Compliance
13
Compliance
14
Core Infrastructure Optimization Model Security
Basic
Standardized
Rationalized
Dynamic
Technology

• Self provisioning and quarantine capable systems
  ensure compliance and high availability

• Automate identity and access management
• Automatedsystem management

• Multiple directories for authentication
• Limited automated software distribution

• Patch statusof desktopsis unknown
• No unified directory for access mgmt

Process

• Self-assessing and continuous improvement
• Easy, secure access to info from anywhereon
  Internet

• SLAs are linkedto business objectives
• Clearly defined and enforced images, security,
  best practices

• CentralAdmin and configurationof security
• Standard desktop images defined,not adopted by
  all

• IT processes undefined
• Complexity dueto localized processesand minimal
  central control

• IT Staff manages an efficient,controlled
  environment
• Users have the right tools,

• IT is astrategic asset
• Users look to ITas a valued partner to enable
  new business initiatives

• IT Staff trained in best practices such as
  MOF,ITIL, etc.
• Users expect basic services from IT

• IT staff taxed by operational challenges
• Users come up with their ownIT solutions

People
15
Mail From The Boss
16
(No Transcript)
17
(No Transcript)
18
Security Threat Landscape Evolution
19
(No Transcript)
20
Microsoft Mobile Enterprise Strategy
LOB Applications
E-Mail
Access Control
Intranet Web Applications
Managed PC
Team Workspaces
Identity Presence
Unmanaged PC (Home PC, Kiosk, etc)
Documents Files
Instant Messaging
Firewall
Mobile Devices
Web Video Conferencing
Calendaring
21
Refael
22

???? ????? ?- RMS ?????? ???? ???? ????????
5.3.2008
??????? 1212203
22
23
???"? ????? ??? ???? ????????

• ????? ??? ????? ?????? ????????
• ????? ???? ?????? Exchange 2007
• ????? ????? ?????? ???? ???? ???? ???????? ?????
  ??? ???? ISA 2006
• ????? PKI ?????? ?????? ??????????
• ????? ??????? ?????? ??????? ???? ??????? ??????
  ?? ???? ??????? Secure Client ?- eToken
• ????? ?- Outlook 2003

5.3.2008
??????? 1212203
23
24
????? ???? ??????? ?????? ????? ?????

• ???? ????? ?????? PGP ???? 7 ??????
  ????? ??????? ??????
• ?????/???????? - ?????? ???? ??? ?????
  ????? ?????? ??????? ????? ?- Office 2003
  - ????? ??????? ????? ???? ?? ?? ?????? ??????
  ??????? ???? - ???? ??????? ?????
  ???? - ????? ??????? ????? ??? ???? ???????
  ??????

5.3.2008
??????? 1212203
24
25
????? ???? ??????? ?????? ????? ?????

• ??????? ?????? ????? ?- RMS ?????? ?????
• - ????? ??????? ?? ?????? ???????? ????? ?????
  ???? ???? ?????????? ??????? ????? ????
  ??? ???????? ???????
• - ????? ???? ???????? ?? ???? ????? ????? ???
  ??????? ?? ????? ??????- ?????? ????
• - ????? ???? ????? ????? ?????? ??????
• - ?????? ?????????? ?? ?????? ????? Office
  ?????? ??????

5.3.2008
??????? 1212203
25
26
????? ???? - ??????

• ????? ????? ?? RMS ?????? ??????????
  ???????? ????? ??????
• ????? ???? Add Ins ?????? ????? ?????? ??????
  ????? - ????? ????? ????? ????? ?????
  ??????

- ????? ?? ?????? ????? ???????? ?? ????? ?-
Outlook ????? ??????? ????? ????? ?????
????? ????? ?- Offline
5.3.2008
??????? 1212203
26
27
????? ???? - ??????
- ????? ????? ????? ?????? ???? ?- Tool Bar ?-
Outlook

• ????? ?????? ???? ????? ??????? Mobile ??????
  Windows Mobile 6
• ?? ???? ????? ???? ????? ?????? ????? ??????
  ??????
• ???? ????? ????? ??????

5.3.2008
??????? 1212203
27
28
????? ???? - ??????

• ????? ?????? ?????? ?? ??? ????? ?????? ????????,
  ????? ????? ???????? ??? ???? ????????? ???????
  ???? ??? ????? ?????? ????? ?????? ?????? ?????
• ?????? ?? ?????? ????????? ?????? Office,
• ?????? ????? ????? (???? Windows Mobile)

29
Future Challenges
30
Zero Day Attack Scenario
Phone
Hours
Network Admin
Desktop Admin
DNS Reverse Lookup
Edge Protection Log
Client Security
WEB
Client Event Log
Malicious Web Site
Andy
DEMO-CLT1
31
Security The Road Ahead
Comprehensive, Integrated, Simplified
32
Summary
33
???? ???? ????!

• ??? ???????
• ???? ?? ????? ?????? ???????? ??????,
• ??? ??????
• ?????? ?? ????? ?????? ????? ??? ????? ?????
  ?????? ??????

??? ?????? ???? ???????? Windows 2008 ???? ?????
????? ???? SOA ???? ????? ??? ????? MCSE ??? ????
????? ?"? ????? ???? ?'? ???? ?????? ????? HTC
???? ?????? ??????? Bluetooth ?? ????? ?????
?????? ?? ????????? ??? ???? ?????????? ????
????? ???
34
(No Transcript)