Stirling, the next-generation security suite that Microsoft first unveiled in beta at last year's RSA Conference, now offers a partner program in which it shares its application programming interface with other security vendors to help provide enterprises with a more integrated view of security events. Initial Stirling partners include Brocade, Guardium, Imperva, Juniper Networks, Kaspersky, Q1 Labs, StillSecure, Sourcefire, RSA, and TippingPoint.
The Forefront Stirling security suite basically integrates the security of desktops, servers, applications, and network devices with a common interface that lets each Forefront security product under Microsoft's Stirling line -- Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, and Forefront Threat Management -- share and use security information with one another to automatically mediate threats. The new Stirling partner ecosystem extends that capability to partners' security tools, as well.
"There's not one [vendor] who can see all the threats by itself," says JG Chirapurath, director of Microsoft's identity and security business group. "Some may catch some threats sooner than others...the community really has to stand together and share information."
To date, client, server, and network security are typically separate. "In the past, if the edge detects an attack, only the edge knows about it and has to deal with it, and if the edge fails, the attack can progress inside," Chirapurath says. "With Stirling [and its partners], the edge sees the attack and passes that information through the framework to the server and client, and all tiers immediately know what's up at the edge."
Security experts say Microsoft's strategy of opening up Stirling's API shows just how pragmatic the software giant has become in how it approaches overall security.
"Sterling is a very ambitious security undertaking. If it were any other company besides Microsoft, there's no way they could do all of this," says Alan Shimel, chief strategy officer for StillSecure, which has incorporated the Stirling interface into its Strata Guard IDS/IPS and VAM vulnerability management system. "They want to do security event management from the end point to network security. But they recognize that they are weak in the network security piece, specifically around network-based intrusion prevention...this [ecosystem] is an example of the kind of security event and other information that Stirling will integrate, and it delivers something to enterprises that they don't have today."
"Stirling is a major part of Microsoft's plan to take back responsibility for securing their platform and reversing the error in judgment that passed this to third parties initially," says Rob Enderle, principal with Enderle Consulting. "Security is a big portion of how buyers view the quality of Microsoft's platforms, yet to sell security products, third parties have to aggressively find and point out security issues and effectively damage the perception of Microsoft's product quality. Microsoft would like to fix this."
Stirling, which includes a central management console as well as Forefront Client Security, has been a long time coming -- Microsoft first announced its plans for Stirling in June 2007. "It helps validate Microsoft as a major security player, making all related offerings more credible long-term," Enderle says, but notes Stirling is still "young and untested."
Meanwhile, Microsoft also rolled out Forefront Online Security for Exchange, a security service for its email offering. "It's a hosted email filter and anti-malware service for Exchange that sits in the cloud," Chirapurath says. "This is our first official Forefront online offering. Expect to see a series of cloud offerings."
The service, which ties into Active Directory, also is another move by Microsoft to unify its security and identity management offerings. As part of that strategy, the company said today it will offer all of its identity management tools under the Forefront brand name, as well.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.