The Case for Forefront
The Windows security market is mature and full of established players. Why consider latecomer Forefront?
Forefront is Microsoft’s collection of end-to-end, secured solutions for everything from clients to servers to the network perimeter. As comprehensive as the line is, how relevant are these products to your company? How does each of Microsoft Forefronts products integrate into your environment?
Viruses and attacks coming in from the Internet try to access corporate networks through service vulnerabilities or security loopholes. Microsoft Forefront Edge Security and Access deal with these attacks on the network perimeter. Microsoft Forefront edge security and access products, Microsoft Internet Security and Acceleration (ISA) Server 2006 and Microsoft Intelligent Application Gateway (IAG) 2007 provide enhanced network edge protection and application-centric, policy-based access to corporate IT infrastructure.
ISA Server 2006 focuses on:
Securing contents for remote access users: Data confidentiality is crucial in every organization, and more employees than ever are looking towards working remotely. ISA Server manges which users are able to access data residing on the corporate network.
Connecting and securing branch offices: ISA Server also provides secure communication between branch offices to protect against man-in-the-middle or network sniffing activities. This is done through site-to-site Virtual Private Network (VPN), HTTP compression or caching of contents.
Defending your network environment from internal and external internet-based threats: Armed with scanning and blocking tools, ISA Server filters out the files for viruses or other threats before giving users access to the files. ISA Server comes with a hybrid proxy-firewall, deep content inspection, granular policies and comprehensive alerting and monitoring capabilities, giving full protection and control over your network.
Intelligent Application Gateway (IAG) 2007 provides a more robust security solution for your environment, by extending the capabilities of application and content filtering. Access control and authorization of the users could be implemented on the IAG 2007 level, giving a full endpoint compliance check.
Microsoft Forefront is designed to protect Microsoft server products, extending protection to Microsoft Exchange and Microsoft Office SharePoint Server. The benefit of having an integrated security suite is better protection against threats, and who knows Microsoft software better than Microsoft? One feature unique to Forefront when compared to some other security suites is its support for multiple scanning engines.
Covered Microsoft servers include:
Forefront for Exchange: Forefront provides deep integration with Microsoft Exchange. Exchange as a messaging environment is a common source for viruses and threats which enter the network environment through e-mail messages. If viruses are not identified before users access infected attachments, the network is at greater risk. Using Forefront for Exchange, every messaging node can be used for virus scanning and threat detection before sending the e-mail to user mailboxes.
Forefront for SharePoint: SharePoint enables workspace and document sharing between team members. The risk of someone eventually uploading or sharing an infected document on SharePoint is high. This is where Forefront comes in. Forefront allows document filtering and scanning of uploaded files, allowing only predefined file types or virus-free documents to be uploaded to SharePoint. Files are re-scanned for threats when downloaded from SharePoint.
Forefront for Office Communications Server: Still in beta as of this writing, Forefront for Office Communications Server provides protection against IM-based threats. Policies can be created that block instant messages that contain corporate confidential information, offensive language or out-of-policy files.
Forefront Security Management Console: Forefront Security Management Console provides a console to manage all Forefront products. Since some Forefront settings are in the global level, it makes sense to have a single interface to configure and manage settings in the global level. Reporting over the usage of Forefront products can be done through Forefront Security Management Console, providing a one-stop centralized location for every Forefront status.
Forefront Antigen protects older Microsoft Server Systems software, including Exchange 2000/2003 and SharePoint Portal Server 2003/SharePoint Services 2.0. Forefront Antigen provides a comprehensive level of protection just like other Forefront security products but is targeted for older Microsoft Server Systems. In terms of licensing, customers who have the license for Forefront for Exchange will be licensed to use Forefront Antigen.
Protecting the client side is just as important as protecting the server side of the corporate environment. Accessing dangerous websites is the second most common way users introduce threats into their corporate environment.
A lot of people recommended client security software that’s been in the market longer than Microsoft Forefront, but I tend to disagree. Here are a few points to consider:
Multiple scanning engines: It is possible to include as many as five scan engines to protect the environment, to ensure maximum protection against the latest threats. These scanning engines could be from any of the global security firms, such as Kaspersky Labs, CA and Sophos. Why go for a single antivirus scanning engine when you can have five scanning engines from a single vendor?
Integration within existing infrastructure: The majority of server and desktop operating systems in use run on the Microsoft Windows platform. Forefront also integrates directly with Microsoft System Center Operations Manager, to provide protection from deployment to daily use of Microsoft Windows products. Full integration means simplified manageability, which also means lower total cost of ownership (TCO).
Very Insightful reports: Forefront is able to generate detailed reports, ranging from the status of each protected server and desktop clients, to the risks or threats that have entered the corporate network. All this information can then be passed on to the management for action.