Endpoint
5/5/2010
06:04 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

New Microsoft Forefront Software Runs Five Antivirus Vendors' Engines

Forefront Protection 2010 for SharePoint supports AV from Authentium, Kaspersky Lab, Norman, and VirusBuster as well as Microsoft

Microsoft today rolled out a new member of its Forefront security family that supports up to five different vendors' anti-malware scanners simultaneously, including its own AV tool.

The new Forefront Protection 2010 for SharePoint is aimed at preventing users from either uploading or downloading infected documents or sensitive information. In addition to the new Forefront product, Microsoft also unveiled Active Directory Federation Services 2.0.

But Microsoft's inclusion of any combination of a select group of AV vendors' engines in the new Forefront product stood out the most: it supports not only Microsoft's own Forefront anti-malware software, but also AV engines from Authentium, Kaspersky Lab, Norman, and VirusBuster. "We use a multi-engine approach. This is an acknowledgement that no one vendor can see all the threats and profiles out there," says JG Chirapurath, senior director of Microsoft's identity and security business group.

Rob Enderle, principal analyst with The Enderle Group, calls Microsoft's strategy here "kind of an embrace and extend technology for AV." He says enterprises typically don't like multivendor approaches to security, but they also don't like to switch vendors, either.

"By using Forefront as the management layer, they would be initially attracted by the multiple AV support and motivated to move away over time from their existing AV vendors and towards a generic Microsoft solution if happy with the initial result," Enderle says. "This actually could be one of the rare times Microsoft has, subsequent to Office, used 'embrace and extend' to move into a market."

Jonathan Wynn, manager of advanced technology and collaborative services for Del Monte, which runs the new Forefront software on SharePoint to support its seven portals consisting of thousands of websites, says his company likes having the depth of five independent AV engines. "We're downloading those definitions as the sun travels around the world. So if something comes up in Russia, I can get the definition from Kaspersky by the time the sun rises here in Pittsburgh," Wynn says. "It's about confidence … for a secure, collaborative environment."

The AV tools for SharePoint all use signature as well as heuristics-based scanning technology. But some security experts say the days of pure signature-based scanning are over. Marc Maiffrett, chief security architect for FireEye, which today announced an inline appliance version of its signature-less anti-malware technology, says there will always be some degree of signature use. "But security companies have to get away from chasing the next threat," Maiffrett says.

Maiffrett's company uses virtual machine analysis and its cloud-based intelligence network, but no malware signatures.

Meantime, collaboration was the theme for Microsoft's new product announcements today. Microsoft's Chirapurath says the new Forefront software as well as the new ADFS 2.0 software help support five recommendations the software giant listed for balancing risk management and collaboration among organizations and their partners: playing as a team, where security, content, identity, and business managers all work together; defense-in-depth, with strong anti-malware tools on SharePoint and AV on PCs and servers; use technologies for managing and federating identity among organizations and into the cloud, such as single sign-on; deploy rights management policies so only authorized users access content they need for their jobs; and be cloud-ready with technologies that secure both in-house and cloud-based systems.

"What all of this adds up to is becoming cloud-ready and really making sure that the collaborative process is secure," he says.

ADFS 2.0 is a free download for Windows Server that lets organizations apply their in-house identities to the cloud and providers secure access to applications, according to Microsoft. It works with other identity standards, such as SAML, Chirapurath says. "It takes the enterprise identity infrastructure you've built in AD and extends it to the cloud, Azure or another" service, he says. "You can extend it to another partner or group of partners."

Chirapurath says even in a targeted attack where an attacker commandeers an enterprise user's machine, Forefront and ADFS could catch any unusual activity based on the user's identity and privileges and access to systems and information. "If an attacker has JG's identity and starts browsing or downloading [files] in patterns that aren't normal for JG, it would throw an immediate red flag. We can quarantine that person or machine."

Pricing for Forefront Protection 2010 for SharePoint is at around $7 per user per year, with a minimum of five users.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2184
Published: 2015-03-27
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.

CVE-2014-3619
Published: 2015-03-27
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.

CVE-2014-8121
Published: 2015-03-27
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over...

CVE-2014-9712
Published: 2015-03-27
Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allows remote administrators to read arbitrary files and obtain passwords via a crafted path.

CVE-2015-0658
Published: 2015-03-27
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.