I had an opportunity to spend some quality time at the Microsoft RSA booth today and take a good look at the Forefront "Sterling" beta, released at the RSA show. One of my first goals was understanding just how the Forefront brand fit into Microsoft's product mix and clear up some confusion I've had. Personally, I've long found the Forefront branding by Microsoft to be confusing between Microsoft Forefront, Windows Live OneCare and Microsoft NAP. It think I've got it now, but no promises.
Forefront today consists of three primary product areas; Forefront Client Security (the enterprise AV/AS product), Forefront for SharePoint and Exchange, and Microsoft Internet Security and Acceleration Server (ISA). Sterling introduces a new management console updated to apply a variety of policies against devices. including control of the Forefront AV engine, set grace periods for signature updates, personal firewall policies and apply NAC rules. Some of the things I saw that I liked were applying polices (quarantine, fix or both) based the criticality of the Microsoft security update, the application of configuration changes so the endpoint would become compliant, and setting conditions (such as on wake up) when policies are applied.
The Sterling Beta also ushers in the coming Forefront Threat Management Gateway product, an upgrade and name change to ISA. TMG can treat devices differently whether the device is compromised or the user account is deemed compromised. A new feature Dynamic Threat Response can also initiate a virus scan of the device or quarantine a device if suspicious activity occurs on the device such an unusual number of network ports being open in a short period of time. Possible actions are alert, scan, block and restrict the endpoint device.
One of the pretty significant gaps I do see if Sterling is that specific security patches can't be called out as being required, vs. the approach of specifying a grace period for new updates. Both of these capabilities are needed. Enterprises don't just throw new patches out on the network without some serious testing first. Who wants their customer service department to go down for the better part of a day become a new patch was pushed out without the needed testing first? I'm sure Microsoft would say that's what the grace period is for, to give you time to test the patch before taking any action on out of date machines. But I've found that many larger organizations what that granular control, especially on server machines, because they may not be able to test and patch their boxes in a short 30 day window.
All-in-all, Microsoft has made some very good advancements with Forefront Sterling and I'm impressed with the breadth of functionality in the beta release. As it reaches release candidate stage I think we'll see Sterling start to become a very common approach to solving the centralized anti-virus, anti-spyware, firewall policy and access control problem on Windows endpoint and server devices. Microsoft is raising its game again against the traditional anti-virus vendors with their own substantial Forefront central security console and product suite. Another good reason not to rest on your laurels if you are an AV company.
Like this? Here are some of Mitchell's recent posts.
The funny little things I picked up on at RSA 2008
Google One Ups Microsoft Again-Google App Engine
Blogging From RSA 2008
Please Don't Interrupt When I'm Typing
Microsoft Mesh Could End Windows OS As We Know ItMitchell's Hottest Blog Posts:
Google Scoops Microsoft-Delivers Mesh First
Hyper-V Leaves Linux Out In The Cold,
Apple Fixes Open Source Vulnerabilities,
What Microsoft Mesh Means To You,
Apple iPhone Doomed To Failure.Check out Mitchell's Converging On Microsoft Podcast. Current Podcast Episode: Security Mike Gets Serious About Security
Also visit Mitchell's personal blog The Converging Network and SSAATY Security Podcast.
Visit Microsoft Subnet for more news, blogs, opinion from around the Web.
Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Mitchell Ashley is CEO and Chief Strategist of Converging Network, LLC, providing product and technology strategies to emerging technology companies. A serial entrepreneur, Mitchell has created many successful products and services in the networking, security, convergence, Internet and IT industries. In addition to blogging for NetworkWorld, Mitchell regularly blogs at TheConvergingNetwork and co-hosts the widely popular Still Crazy After All These Years podcast.
|
|
