Microsoft Security Comes to the Forefront - 21 Nov 2006

A few weeks back, I talked about Microsoft's progress with its client-side security applications. But the biggest news in this space is the pending arrival of Forefront Client Security, Microsoft's managed client security solution. Aimed at large and midsized businesses, Forefront Client Security is a much-needed and eagerly awaited solution for client security. And you can grab a public beta today and evaluate whether it's right for your business.

I spoke with members of Microsoft's Security, Access, and Solutions Division recently at a briefing in the Boston area to discuss Forefront Client Security, a product I had first heard rumors of years ago. Forefront Client Security is a centralized, managed solution that integrates with your existing Active Directory (AD) and Group Policy infrastructure to protect client PCs (including desktop PCs and portable computers) and servers from viruses, spyware, and other malware. As you might expect, Forefront Client Security includes a management dashboard, the Forefront Client Security Management Console, as well as a single client-based agent that you need to deploy to all protected systems.

From a technological perspective, Microsoft is handling its security wares intelligently: Forefront Client Security uses the same backend as its other anti-malware solutions, such as Windows Live OneCare, Windows Defender, and Forefront Security for Exchange (formerly Sybari Antigen), which will ship next month for Microsoft Exchange Server 2007). This brings with it certain efficiencies, of course, but the use of a single back-end server means that Forefront Client Security protection will have been used in the real world by millions of people by the time the product ships.

In use, Forefront Client Security is everything you'd expect from a Microsoft enterprise product: The console is feature-rich and easy to use, and deploying the Forefront Client Security agent through Group Policy to, say, an AD organizational unit (OU) is straightforward. By default, users will typically never even be aware that Forefront Client Security is working in the background, and indeed, you can configure it so that they'll never have to deal with a single dialog box. Users who are permitted to do so can run the client-side code manually and will see an application window modeled after that of Windows Defender.

Forefront Client Security uses Windows Server Update Services (WSUS) to provide definition updates for the product's anti-malware functionality, and can fail over to Microsoft Update if WSUS isn't available. Administrators can simply choose to auto-approve all such updates, which is recommended, or you can manually approve them as you go. The client application checks for updated definitions on a scheduled basis, as you'd expect. And each morning, it's possible to scan a security summary report through the Forefront Client Security Management Console to get a capsule view of how the past day went. There's also trend information, which goes back 30 days by default.

Currently, a public beta of Forefront Client Security is available from the Microsoft Web site (see the URL below), and the company intends to ship the final version by the second quarter of 2007. Although Microsoft hasn't yet announced pricing, Forefront Client Security will be made available via a subscription model whereby customers pay a per-year, per-device licensing fee. As part of that licensing fee, you receive constant definition updates and rights to any new versions of Forefront Client Security that ship in that timeframe.

Forefront Client Security looks great, and I recommend that you check it out. The only question is its suitability for small businesses, which is a market that is currently unserved by Microsoft's security solutions. On the very low-end, home-based and other very small businesses could be well served by a solution such as OneCare, and of course Forefront Client Security targets large and midsized businesses. But Microsoft Small Business Server (SBS) customers might be out of luck, though Microsoft is looking at a more pervasive security solution for that platform, perhaps one that combines the functionality of Forefront Client Security with that of Forefront Security for Exchange, for the future. Stay tuned.

Forefront Client Security Beta

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.