Providing an exceptional document hygiene experience on SharePoint 2007
SITUATION/CHALLENGE - A big challenge that organizations face is the speed with which malware hits and the damage made during the lag period it takes their single anti-malware vendor to create the signatures to catch the malware. Depending on the malware, some anti-virus labs are able to respond faster than others, but organizations are not able to take advantage of this since they only have a single engine solution within their organization. This was evident from AVTest.org’s, an independent organization, quarterly data which shows that while some vendors are faster to respond to certain malware, they are rarely consistently the most responsive. In this way, it is the luck of draw that will determine when an organization receives the signatures it needs from its anti-virus vendor to curb the malware spread. Organizations needed a solution that consistently minimizes their window of vulnerability so as to reduce the security breaches caused by the fast growing malware problem.
Name: Brett Tanzer
Team:Microsoft Forefront Security for SharePoint Engineering Team
Team Members: Brett Tanzer, Priya Ravichandran, Dave Friedman, Robert Morandini, Shirley Wang, John Oesterle, Mitch Hall, Frank Kurzyna, Anurag Pahwa, Jay Muller
Company: Microsoft Corporation
SOLUTION - To reduce the window of vulnerability, Forefront partnered with 7 leading anti-Virus labs and integrated Microsoft’s engine with these 7 engines into a single product and enabled customers to scan with up to 5 different engines simultaneously. In this way, when there is a malware outbreak within the organization, Forefront’s response time will be the shortest among the response times of all engines that the user has specified. Consequently, the window of vulnerability is largely restricted and reduces the damage that the malware is able to inflict on the organization. To further increase a company’s collaboration security, Forefront also allows the customer to select a different combination of engines for different deployments within the organization. In this way, Forefront provides a high level of confidence that any malware trying to enter a SharePoint document library is caught by one of its multiple engines. Forefront also allows organizations to determine their own performance vs. security tradeoff by allowing them to specify how many of the selected engines will be used to scan every document. As such, customers in the middle of a malware attack can increase the scanning rigor (i.e. use all 5 engines to scan every document) whereas they could use a subset of the engines if it is just a normal business day. To enable this, Forefront worked with its partners to have them hand us the signatures as soon as they are available. These signatures are also re-tested within our environment and then repackaged and sent out so that customers only have to download signatures from one location even though they are using multiple engines. We used rigorous internal testing as well as partner and customer testing to ensure that Forefront Security for SharePoint meets customer needs. Furthermore, to ensure that we were indeed providing customers with better protection, Forefront benchmarked itself against the independent AVTest.org data to confirm that we could provide a consistent protection experience against live viruses. Finally, we put Forefront Security for SharePoint through the ICSA certification process and were the first product in the collaboration security market to receive ICSA certification in the Enterprise Content Management (ECM) category. ICSA Labs is the organization that certifies and sets the standards for information security products worldwide. ECM certification requires the antivirus solution to detect viruses on demand and on access, report no false positives, perform administration functions, and log all the results of virus detections. The certification provides a benchmark for virus detection capability in products that are designed to protect portal, collaboration, and content management servers.
Info Security Products Guide
CONCLUSION - With the fast growth in collaboration solutions, especially SharePoint, comes an increased need for collaboration security at the application level. Many companies are now using SharePoint as an Enterprise Content Management solution, storing business critical documents in SharePoint libraries. Given the criticality of this data, companies cannot afford to risk having a virus entering their SharePoint collaboration environment. This risk becomes even greater if a company uses SharePoint for extranet use, allowing employees to collaborate with external parties such as customers, vendors, and partners. The comprehensive, multi-layered protection that Forefront Security for SharePoint offers through its multiple engines, gives companies greater assurance that malware will be kept away from entering their SharePoint environment.
The Forefront Security for SharePoint engineering team is a dynamic, diverse, highly motivated, and goal driven team that does not shy away from hard work. When deadlines are imminent, long nights full of work (and pizza and chatter) are not uncommon within this team. We are motivated by the challenges we face to solve complex collaboration security problems and drive for continuous innovation in this space. While we work hard, the team also knows how to take time off to relax and get to know the rest of the team as friends – to goof off over beer, chips and salsa as well as celebrate people’s successes. The light-hearted environment ensures that a laugh is always around the corner, enabling the team to work well and meet the goals we have set for ourselves.
Microsoft
2929 Expressway Drive
Ste 300,
Islandia, NY, 11749 USA
Tel: +1-425-706-0044
