Endpoint
5/5/2010
06:04 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

New Microsoft Forefront Software Runs Five Antivirus Vendors' Engines

Forefront Protection 2010 for SharePoint supports AV from Authentium, Kaspersky Lab, Norman, and VirusBuster as well as Microsoft

Microsoft today rolled out a new member of its Forefront security family that supports up to five different vendors' anti-malware scanners simultaneously, including its own AV tool.

The new Forefront Protection 2010 for SharePoint is aimed at preventing users from either uploading or downloading infected documents or sensitive information. In addition to the new Forefront product, Microsoft also unveiled Active Directory Federation Services 2.0.

But Microsoft's inclusion of any combination of a select group of AV vendors' engines in the new Forefront product stood out the most: it supports not only Microsoft's own Forefront anti-malware software, but also AV engines from Authentium, Kaspersky Lab, Norman, and VirusBuster. "We use a multi-engine approach. This is an acknowledgement that no one vendor can see all the threats and profiles out there," says JG Chirapurath, senior director of Microsoft's identity and security business group.

Rob Enderle, principal analyst with The Enderle Group, calls Microsoft's strategy here "kind of an embrace and extend technology for AV." He says enterprises typically don't like multivendor approaches to security, but they also don't like to switch vendors, either.

"By using Forefront as the management layer, they would be initially attracted by the multiple AV support and motivated to move away over time from their existing AV vendors and towards a generic Microsoft solution if happy with the initial result," Enderle says. "This actually could be one of the rare times Microsoft has, subsequent to Office, used 'embrace and extend' to move into a market."

Jonathan Wynn, manager of advanced technology and collaborative services for Del Monte, which runs the new Forefront software on SharePoint to support its seven portals consisting of thousands of websites, says his company likes having the depth of five independent AV engines. "We're downloading those definitions as the sun travels around the world. So if something comes up in Russia, I can get the definition from Kaspersky by the time the sun rises here in Pittsburgh," Wynn says. "It's about confidence … for a secure, collaborative environment."

The AV tools for SharePoint all use signature as well as heuristics-based scanning technology. But some security experts say the days of pure signature-based scanning are over. Marc Maiffrett, chief security architect for FireEye, which today announced an inline appliance version of its signature-less anti-malware technology, says there will always be some degree of signature use. "But security companies have to get away from chasing the next threat," Maiffrett says.

Maiffrett's company uses virtual machine analysis and its cloud-based intelligence network, but no malware signatures.

Meantime, collaboration was the theme for Microsoft's new product announcements today. Microsoft's Chirapurath says the new Forefront software as well as the new ADFS 2.0 software help support five recommendations the software giant listed for balancing risk management and collaboration among organizations and their partners: playing as a team, where security, content, identity, and business managers all work together; defense-in-depth, with strong anti-malware tools on SharePoint and AV on PCs and servers; use technologies for managing and federating identity among organizations and into the cloud, such as single sign-on; deploy rights management policies so only authorized users access content they need for their jobs; and be cloud-ready with technologies that secure both in-house and cloud-based systems.

"What all of this adds up to is becoming cloud-ready and really making sure that the collaborative process is secure," he says.

ADFS 2.0 is a free download for Windows Server that lets organizations apply their in-house identities to the cloud and providers secure access to applications, according to Microsoft. It works with other identity standards, such as SAML, Chirapurath says. "It takes the enterprise identity infrastructure you've built in AD and extends it to the cloud, Azure or another" service, he says. "You can extend it to another partner or group of partners."

Chirapurath says even in a targeted attack where an attacker commandeers an enterprise user's machine, Forefront and ADFS could catch any unusual activity based on the user's identity and privileges and access to systems and information. "If an attacker has JG's identity and starts browsing or downloading [files] in patterns that aren't normal for JG, it would throw an immediate red flag. We can quarantine that person or machine."

Pricing for Forefront Protection 2010 for SharePoint is at around $7 per user per year, with a minimum of five users.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

CVE-2014-3372
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.

CVE-2014-3373
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550.

CVE-2014-3374
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.

CVE-2014-3375
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.