Microsoft last week launched the public beta of its new Forefront Security for SharePoint, which will provide protection from viruses and malicious content for Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0. As more business are demanding and using collaboration technologies to share information, they are becoming increasingly vulnerable to viruses or attacks designed to steal important company data. Microsoft is addressing these concerns by updating and morphing the Antigen for SharePoint solution that it acquired as part of the acquisition of Sybari Software in 2005. The Antigen products are now part of the Forefront brand, which is the umbrella brand for all Microsoft's security products for the business community.
According to Joe Licari, product manager for Forefront Security for Exchange and SharePoint, companies need to protect against viruses, malicious code, and undesirable content in documents, whether they're coming in through email attachments or whether their being put up on fileservers or onto SharePoint servers in the document library. "Companies want to make sure they're providing layered protection, but they also need a consistent level of protection across all platforms," he said. "IT administrators don't want to block certain file types coming in through email, only to inadvertently force users to use their SharePoint servers as a store for those types of files."
Forefront uses a layered, multiple scan engine approach to scan documents as they're being uploaded to SharePoint servers and when being downloaded by users. When a document is uploaded to a SharePoint server, Forefront first scans the document with up to five antivirus engines to make sure it doesn't contain malicious code. If it passes that, Forefront also scans it for confidential or inappropriate content.
"We have relationships with eight different antivirus labs," said Licari, "and we provide all their antivirus engines in the Forefront product. When you install the product the IT administrator has the ability to choose which ones they want to enable, up to a maximum of five engines. Beyond that, you trade any additional benefits with performance hits."
Forefront uses a multiple scan engine approach because if you rely on a single antivirus solution for the entire organization (on desktops, servers, and the edge), you have in effect a single point of failure because if a virus gets past that particular antivirus engine you expose everyone in the organization. By integrating multiple scan engines, you can provide a much greater level of security.