Thursday, April 2, 2009

What is Microsoft Forefront?
Microsoft Forefront is relatively new and just beginning to get real traction in the network security market.

The first thing is that there is no “Forefront” product. Instead, Forefront is a collection of Microsoft security products. This collection of Forefront security products is referred to as the “Forefront Security Suite”

There are three collections of security products included in the Forefront Security Suite. These include:

  • Forefront Edge — Forefront Edge products include the Forefront Threat Management Gateway (the next version of ISA Server) and the Forefront Intelligent Access Gateway 2007 (IAG 2007). The next version of IAG will be part of the Forefront Security Suite and the product will be renamed to Forefront Unified Access Gateway (UAG).
  • Forefront Server Security — There are three products that comprise the Forefront Server Security collection. These are Forefront Security for Exchange, Forefront Security for SharePoint and Forefront Security for Office Communications Server.
  • Forefront Client Security — There is one product in this collection — Microsoft Forefront Client Security (FCS).

In the future, there is likely to be another member of the Forefront family of security products, Forefront code-named “Stirling”. Stirling is a comprehensive configuration, management and reporting console that allows you to configure, management and report on the activities of all the members of the Forefront family of security products. In addition, Stirling will allow you to create proactive response policies, so that information gathered from one member of the Forefront Security Suite can be used to trigger a response by other members of the suite. Stirling will enable you to create incident response policies so that corrective actions take place immediately, instead of having to wait for you to receive and alert and implement a response manually. The first version of Stirling will probably only support a subset of Forefront products, which the long term goal being support for all members of the Forefront Security Suite.

Microsoft Forefront Family Products
Forefront family products include security servers that perform a wide range of security functions. Members of the Forefront family include:

  • Forefront Threat Management Gateway (TMG). TMG is the next version of ISA Server. In contrast to the .1 upgrade we saw with ISA 2004 to ISA 2006, the TMG is a major rewrite and feature enhanced version of the ISA firewall. Major investments have been made to improve anti-malware and anti-virus scanning for Internet downloads, and the TMG will include site filtering based on category. There are many more features planned for the RTM release of the TMG. In addition, TMG runs only on 64bit Windows Server 2008, so should expect to see major improvements in performance and stability that only a 64bit platform can provide.
  • Forefront Intelligent Application Gateway 2007 (IAG 2007). The Forefront IAG 2007 is an SSL VPN gateway. IAG 2007 can be used to publish Web servers in traditional reverse Web Proxy fashion, or you can create customized portals that provide users one click access to applications hosted on the corporate network. IAG 2007 portals provide access to both Web and non-Web based applications. Non-Web based applications take advantage of IAG 2007 port and socket forwarding features, so that even complex protocols like Outlook/Exchange MAPI connections will work over an SSL connection. And for users who need full network layer access, IAG 2007 includes the “Network Connector” feature that enables users to establish a full network layer tunnel over an SSL connection. IAG 2007 also includes easy to configure and powerful endpoint detection and information wiping on client computers.
  • Forefront Server Security for Exchange (FSE), SharePoint (FSS) and Office Communications Server. These three products provide anti-virus and anti-malware protection for Exchange, SharePoint and OCS. These products can be used to scan e-mail or libraries for existing malware, and can be used to configure them to prevent users from uploading malware. Up to 5 anti-virus engines can be used at the same time, and policies configured to use a user-defined mix of engines, depending the level of confidence and performance you desire. In addition, these products allow to configure content filtering rules, so that we can block specific file types or documents containing forbidden strings. Each product has comprehensive logging and reporting features. They are all easy to configure, manage and update. At this time OCS is in beta testing and its full feature set is in flux, but we can expect it to provide similar anti-virus and anti-malware protection as the other products in the Forefront Server Security suite.
  • Forefront Client Security (FCS). Forefront Client Security is an enterprise grade desktop and server anti-virus and anti-malware platform. Forefront Client Security includes both client and server components. You can use Forefront Client Security to deploy the anti-malware agent too all machines, or selected machines, on the network using Group Policy or any other software distribution mechanism you like. Forefront Client Security scans client and server systems for viruses and malware, and also performs security state assessments that are reported to the Forefront Client Security console. Forefront Client Security can scale from a single server solution, to one that includes a separate servers for the 6 different Forefront Client Security server roles. Using the Forefront Client Security enterprise management console, Forefront Client Security can be configured to support up to 100,000 users.
  • Forefront “Stirling”. Forefront “Stirling,” is a single product that delivers unified security management and reporting with comprehensive, coordinated protection across an organization’s IT infrastructure. The Stirling console will allow to configure, manage, and receive reporting information from all members of the Forefront Security Suite. In addition to unified management, we will be able to configure Stirling policies that enables creation of proactive incident response policies. Stirling will be able to gather security information from all Forefront products it manages and monitors, and then will be able to use that information to trigger incident response policies that fire off automatically without requiring administrator intervention. In addition to integrating Forefront products, Stirling will also leverage Windows Server 2008 Network Access Protection to isolate compromised machines from the network.

Microsoft Forefront is a collection of Microsoft security products aimed at protecting the network edge, key server applications including Exchange, SharePoint and OCS, and client and server systems with host-based anti-virus and anti-malware protection. At this time these products work separately and configuration, management and reporting work through different consoles. In the future, with the release of Forefront Stirling, a single console will expose configuration, management and reporting functionality through a single interface.

No comments: