Microsoft Forefront Security for Office Communications Server - Evaluation Guide

Applies to: Forefront Security for Office Communications Server

Microsoft® Forefront™ Security for Office Communications Server provides fast and effective protection against instant message–based malware by including multiple scanning engines from industry-leading security partners. It also helps reduce corporate liability by blocking instant messages (IM) that contain out-of-policy files, unauthorized corporate confidential information, or offensive language.

This evaluation guide will help you explore how Forefront Security for Office Communications Server can help protect your Office Communications Server IM environment. Follow along and learn how to configure scan engines, keep them up to date, and protect data using file and keyword filters.

Overview

This guide will help you evaluate how Forefront Security for Office Communications Server can help you better protect your Office Communications Server 2007 instant messaging environment against malware and out-of-policy content. It explores the main features of the product, helping you walk through key antimalware, file, and keyword filtering technologies,

How Forefront Security Protects Office Communications Server 2007

Forefront Security for Office Communications Server helps organizations better protect their IM traffic from threats and inappropriate content.

• It provides comprehensive layered antivirus protection against the latest threats. The integration of multiple scanning engines from industry-leading partners provides fast and effective protection against IM-based malware. At the same time, file and keyword filtering technologies reduce corporate federated (trusted) organization liability by blocking instant messages that contain inappropriate language or unauthorized corporate information.
• It maximizes malware detection without compromising performance. Administrators can balance security and performance through controls that manage the percentage of engines used to scan for the latest malware.
• It simplifies the management of antivirus security in enterprise messaging environments through automated signature updating, IM notification alerts, and built-in management controls.

Provides comprehensive protection

Delivers multiple-engine antimalware scanning. Automatically applies and manages up to five antivirus scan engines at a time and in different combinations across the server system. The product ships with multiple scanning engines from industry-leading security partners. (No additional licenses are required.) Each engine includes unique signature and heuristic detection technologies, and Forefront Security for Office Communications Server engine sets are proven to provide faster detection rates for new threats than single-engine solutions (AVTest.org).

Eliminates single points of failure. Protects against a single point of failure in the messaging environment through diversity of antivirus engines across messaging servers and client devices. Forefront Security for Office Communications Server incorporates a multiple engine manager to ensure that if one engine goes offline to update or fails, other engines continue to protect the system without delaying IM traffic.

Blocks potentially dangerous file transfers. Applies configurable file-filtering rules to eliminate file types that are known to carry viruses (for example, .exe), even if the file extension has been changed. Separate filtering rules can be set for external and internal IM users, allowing organizations to block file transfers only from external sources, for example.

Prevents sharing of inappropriate content. Helps reduce company liability by using keyword filtering to prevent sharing unauthorized corporate information or out-of-policy files, or using offensive language in IM conversations.

Integrates security while maximizing performance

Maximizes malware detection without compromising performance. Helps IT administrators strike the right balance of server performance and level of security through bias controls that can dynamically manage the number of engines used for a given scan job. Forefront Security for Office Communications Server improves server performance and mail throughput with in-memory scanning (to avoid spooling data to disk) and multiple scanning threads (to process more messages at once).

Optimizes antivirus scanning for Office Communications Server. Integrates with the Office Communications Server application API to efficiently scan messages before they are sent to recipients. It can parse, scan, and reroute instant messages without users perceiving any significant delay in message delivery. Forefront Security for Office Communications Server also ensures that messages are scanned only once across pooled OCS environments in both the internal and perimeter networks to eliminate redundant scans and maximize performance.

Supports multiple server roles. Integrates with the Access Edge, Director, and Front End server roles in Office Communications Server 2007 Enterprise Edition and Office Communications Server Standard Edition, to provide layered protection at multiple points in the instant messaging infrastructure.

Protects federated connections and public IM users. Ensures that all external communications are scanned for malware by integrating with Office Communications Server Access Edge. Communications include those to and from external public IM clients, federated networks, or employees connecting via remote networks.

Simplifies management

Built-in administrator console. Forefront Server Security Administrator enables administrators to configure settings, schedule updates, and review logs locally or remotely.

One-stop, automated updates. Updates multiple scan engines without IT effort. Microsoft constantly monitors its antivirus vendors for new signatures and engine updates. Within minutes of their release, these updates are tested against a virus database, confirmed, and posted for automatic download by Forefront Security for Office Communications Server.

Allows user exceptions for filtering rules. Offers “allow lists” that enable administrators to exclude specific users from filtering rules. For example, the CEO and CFO might be allowed to send instant messages about a confidential corporate acquisition code name, but all other conversations containing the code name would be automatically blocked.

Provides notifications on out-of policy activity. Enables administrators to configure notifications that will alert both the user (through IM) and the administrator (through e-mail) when a content policy has been violated or an infected document has been sent.

Before you use this guide

This guide lays out the basic steps you would take to enlist the protection of Forefront Security for Office Communications Server for your instant messaging environment.

This guide assumes that you have successfully installed the evaluation version of the product. To start investigating the capabilities of Forefront Security for Office Communications Server, complete the steps in each chapter, using the checklist below to mark your progress as you configure the system.