Analytics
6/5/2007
01:00 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Microsoft Unwraps Security Platform

Next-generation Forefront product to bring broad array of security tools under one umbrella

Now that Microsoft's revealed its plans for a next-generation integrated security management platform, the heat is on. (See Microsoft Adds Next-Gen Forefront Roadmap.)

By developing a single, unified management platform -- code-named "Stirling" -- for security from the server to the endpoint and the edge, Microsoft has made what may be its most aggressive security play yet, security experts say of the software giant's announcement at its TechEd 2007 conference yesterday.

Stirling initially will work only with Microsoft's Forefront products, but it eventually will expand to include the integration and interoperability with third-party security vendors' products, says Paul Bryan, a director of security and access product management for Microsoft.

"This is focused on security management, with comprehensive, coordinated protection across individual machines in the enterprise environment, as well as server applications and the network," Bryan says. The management console will let IT managers set policies and configure and deploy security across the network and endpoints. It will encompass next-generation versions of Forefront Client Security, Server Security, and Edge Security and Access, as well as the management console.

Microsoft really had no choice but to take such a bold step given the rate at which researchers and hackers are hammering away at its software, says Rob Enderle, principal analyst with The Enderle Group. "This is a forced march by Microsoft," he says. "They never intended to move into the security industry so aggressively, but they now see the industry as one at cross purposes to their goals in that to succeed, the industry has to drill holes in Microsoft’s products so that it can show value either identifying the holes or mitigating them."

Enderle says Microsoft is "taking security back" by preventing security holes rather than letting the industry continue its focus on breaking its products.

Still, Stirling won't be available for a few months: Microsoft plans for limited beta distribution by year's end. The company yesterday also released the beta 2 release of its Web-based Forefront Server Security Management Console.

Some Microsoft customers, meanwhile, are still uncomfortable with Microsoft's ability to provide users with both their enterprise applications and security protection, including William Bell, director of security for CWIE's security department. Bell says he'll evaluate Forefront Security once it's proven to be an enterprise-class product.

But Bell admits he's on the fence: He worries that security information management (SIM) and unified threat management (UTM) so far have been hampered by multiple vendors going their own way. "I am worried that the diversity of the security industry is holding back convergence efforts such as SIM/UTM," he says. "I think that Microsoft has taken a giant step towards gaining my confidence by announcing the addition of centralized management/reporting/configuration tools. I feel that some companies may steer clear of Microsoft for this specific product based solely on previous bias they have formed. This is obviously a huge mistake, and a bad business decision, that I feel people will make anyways."

Stirling will let the various security tools communicate with one another to protect against threats, says Steve Brown, a Microsoft director of security and access product management.

By unifying its security tools with Stirling, Microsoft is "channeling" IBM, says Enderle Group's Rob Enderle. "IBM traditionally owned security for their offerings and they could integrate that security solution into the other solutions they had to ensure SLAs were maintained and disruption was minimized," he says. "Microsoft is now showcasing a similar strength, by approaching the problems comprehensively and pushing for their integration into Microsoft's overall ecosystem."

The question is whether enterprises will follow the IBM old adage with "no one ever got fired for buying" Microsoft. "The 'play it safe' from an employment perspective buyer will now bounce between Microsoft, CA, Symantec, McAfee, and Trend Micro," says Randy Abrams, director of technical education for Eset, and the former operations manager for Microsoft's Global Infrastructure Alliance for Internet Safety. "All of these players have enterprise management tools and enough name recognition to qualify for safe purchasing under the 'buy IBM' mandate."

This will help Microsoft's cause, for sure. "All of this churn in the AV industry will work to Microsoft's benefit for at least the next two years," Abrams says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Microsoft Corp. (Nasdaq: MSFT)
  • IBM Corp. (NYSE: IBM)
  • Enderle Group
  • ESET
  • McAfee Inc. (NYSE: MFE)
  • Symantec Corp. (Nasdaq: SYMC)
  • Trend Micro Inc. Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Register for Dark Reading Newsletters
    White Papers
    Cartoon
    Latest Comment: nice post
    Current Issue
    Flash Poll
    Threat Intel Today
    Threat Intel Today
    The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
    Video
    Slideshows
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2014-1750
    Published: 2015-07-01
    Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

    CVE-2014-1836
    Published: 2015-07-01
    Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

    CVE-2015-0848
    Published: 2015-07-01
    Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

    CVE-2015-1330
    Published: 2015-07-01
    unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

    CVE-2015-1950
    Published: 2015-07-01
    IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

    Dark Reading Radio
    Archived Dark Reading Radio
    Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report