Endpoint
5/5/2010
06:04 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

New Microsoft Forefront Software Runs Five Antivirus Vendors' Engines

Forefront Protection 2010 for SharePoint supports AV from Authentium, Kaspersky Lab, Norman, and VirusBuster as well as Microsoft

Microsoft today rolled out a new member of its Forefront security family that supports up to five different vendors' anti-malware scanners simultaneously, including its own AV tool.

The new Forefront Protection 2010 for SharePoint is aimed at preventing users from either uploading or downloading infected documents or sensitive information. In addition to the new Forefront product, Microsoft also unveiled Active Directory Federation Services 2.0.

But Microsoft's inclusion of any combination of a select group of AV vendors' engines in the new Forefront product stood out the most: it supports not only Microsoft's own Forefront anti-malware software, but also AV engines from Authentium, Kaspersky Lab, Norman, and VirusBuster. "We use a multi-engine approach. This is an acknowledgement that no one vendor can see all the threats and profiles out there," says JG Chirapurath, senior director of Microsoft's identity and security business group.

Rob Enderle, principal analyst with The Enderle Group, calls Microsoft's strategy here "kind of an embrace and extend technology for AV." He says enterprises typically don't like multivendor approaches to security, but they also don't like to switch vendors, either.

"By using Forefront as the management layer, they would be initially attracted by the multiple AV support and motivated to move away over time from their existing AV vendors and towards a generic Microsoft solution if happy with the initial result," Enderle says. "This actually could be one of the rare times Microsoft has, subsequent to Office, used 'embrace and extend' to move into a market."

Jonathan Wynn, manager of advanced technology and collaborative services for Del Monte, which runs the new Forefront software on SharePoint to support its seven portals consisting of thousands of websites, says his company likes having the depth of five independent AV engines. "We're downloading those definitions as the sun travels around the world. So if something comes up in Russia, I can get the definition from Kaspersky by the time the sun rises here in Pittsburgh," Wynn says. "It's about confidence … for a secure, collaborative environment."

The AV tools for SharePoint all use signature as well as heuristics-based scanning technology. But some security experts say the days of pure signature-based scanning are over. Marc Maiffrett, chief security architect for FireEye, which today announced an inline appliance version of its signature-less anti-malware technology, says there will always be some degree of signature use. "But security companies have to get away from chasing the next threat," Maiffrett says.

Maiffrett's company uses virtual machine analysis and its cloud-based intelligence network, but no malware signatures.

Meantime, collaboration was the theme for Microsoft's new product announcements today. Microsoft's Chirapurath says the new Forefront software as well as the new ADFS 2.0 software help support five recommendations the software giant listed for balancing risk management and collaboration among organizations and their partners: playing as a team, where security, content, identity, and business managers all work together; defense-in-depth, with strong anti-malware tools on SharePoint and AV on PCs and servers; use technologies for managing and federating identity among organizations and into the cloud, such as single sign-on; deploy rights management policies so only authorized users access content they need for their jobs; and be cloud-ready with technologies that secure both in-house and cloud-based systems.

"What all of this adds up to is becoming cloud-ready and really making sure that the collaborative process is secure," he says.

ADFS 2.0 is a free download for Windows Server that lets organizations apply their in-house identities to the cloud and providers secure access to applications, according to Microsoft. It works with other identity standards, such as SAML, Chirapurath says. "It takes the enterprise identity infrastructure you've built in AD and extends it to the cloud, Azure or another" service, he says. "You can extend it to another partner or group of partners."

Chirapurath says even in a targeted attack where an attacker commandeers an enterprise user's machine, Forefront and ADFS could catch any unusual activity based on the user's identity and privileges and access to systems and information. "If an attacker has JG's identity and starts browsing or downloading [files] in patterns that aren't normal for JG, it would throw an immediate red flag. We can quarantine that person or machine."

Pricing for Forefront Protection 2010 for SharePoint is at around $7 per user per year, with a minimum of five users.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

CVE-2014-6183
Published: 2014-11-22
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVE-2014-8626
Published: 2014-11-22
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding...

CVE-2014-8710
Published: 2014-11-22
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

CVE-2014-8711
Published: 2014-11-22
Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?