Microsoft will announce today details about its next-generation Forefront security products, which are being combined into a suite of solutions code-named Stirling. The idea is both simple and classic Microsoft: Take a disparate set of products, combine them into a suite that is integrated and more easily managed, and sell it for less. Well, I'm speculating on that last bit, as Microsoft hasn't yet released Stirling licensing details. But no matter: If you're currently sinking under the weight of multiple security endpoints, Stirling might be just what the doctor ordered.
Today's Forefront product line offers little symbiosis beyond common branding. There's Forefront Client Security for unified malware protection on PC desktops and notebooks. Forefront Security for Exchange Server and Forefront Security for SharePoint for protecting Microsoft's key information worker server products. And the Forefront Server Security Management Console for tying it all together. (There're also the unfortunately named Microsoft ISA Server and Intelligent Application Gateway (IAG) products, which are badly in need of a makeover.) Microsoft bills these products as comprehensive, which they are. But what they don't really offer is deep integration. That's what's changing. Yes, there will be some branding changes as well. ISA and IAG are morphing into the more consolidated Forefront Threat Management Gateway (TMG), which will provide firewalling, Web antivirus, and remote access protection. But the big news with Stirling is integration. For the first time, Forefront's various tools will talk to each other over logical assessment channels and respond automatically to threats. It's actually more granular than that: Stirling can be as automated as you want it to be, so you can decide how to respond to specific types of threats.
Consider a typical security scenario: A user visits a malicious Web site and inadvertently downloads a Trojan which starts port scanning your environment. Today, if you're lucky, a security administrator catches the scan via some logs, contacts a desktop administrator and the machine is identified and manually removed from the network so that a fix can be found. But this could take days in many cases. The idea behind Stirling is that its dynamic response mechanism could catch such a threat within minutes, not hours or days, and respond automatically and immediately if that's what you want. The situations to which the suite can respond, and the actual responses that it can make, are pretty comprehensive in the Beta 1 version that will ship this week. But Microsoft tells me it will get even better over time, so that by the final release you'll be able to configure Stirling to do such things as automatically push infected machines into NAP's quarantine and then fix whatever the problem is. Stirling will also integrate with your existing infrastructure. It uses a policy-based management model that integrates with your existing containers in Active Directory (AD). It will integrate with NAP on Windows Server 2008 (not in Beta 1). It is built on System Center Operations Manager 2007 and will use OpsManager if you've got it, or supply an embedded version if you don't. Updates are managed via Windows Server Update Services (WSUS). Chances are, you're going to want to give Stirling a once-over. I'm told the Beta 1 version and a slew of documentation and other information will become available today on the Microsoft Web site. http://www.microsoft.com/forefront/
One final note. For the record, I had to look up the word "stirling" and was distressed to discover that it and "sterling" are, in fact, completely different things. But I never let pesky definitions get in the way of a good headline.
