Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:45 PM
Connect Directly

Microsoft Partners With Network Security Vendors For 'Stirling'

Microsoft releases new beta version of next-gen security suite, announces first Forefront security service

Microsoft today released a new public beta version of its long-awaited Stirling security suite, along with key network security partnerships that allow the sharing of event information with their tools. The software giant also rolled out Forefront Online Security for Exchange -- its first hosted security service under the Forefront name.

Stirling, the next-generation security suite that Microsoft first unveiled in beta at last year's RSA Conference, now offers a partner program in which it shares its application programming interface with other security vendors to help provide enterprises with a more integrated view of security events. Initial Stirling partners include Brocade, Guardium, Imperva, Juniper Networks, Kaspersky, Q1 Labs, StillSecure, Sourcefire, RSA, and TippingPoint.

The Forefront Stirling security suite basically integrates the security of desktops, servers, applications, and network devices with a common interface that lets each Forefront security product under Microsoft's Stirling line -- Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, and Forefront Threat Management -- share and use security information with one another to automatically mediate threats. The new Stirling partner ecosystem extends that capability to partners' security tools, as well.

"There's not one [vendor] who can see all the threats by itself," says JG Chirapurath, director of Microsoft's identity and security business group. "Some may catch some threats sooner than others...the community really has to stand together and share information."

To date, client, server, and network security are typically separate. "In the past, if the edge detects an attack, only the edge knows about it and has to deal with it, and if the edge fails, the attack can progress inside," Chirapurath says. "With Stirling [and its partners], the edge sees the attack and passes that information through the framework to the server and client, and all tiers immediately know what's up at the edge."

Security experts say Microsoft's strategy of opening up Stirling's API shows just how pragmatic the software giant has become in how it approaches overall security.

"Sterling is a very ambitious security undertaking. If it were any other company besides Microsoft, there's no way they could do all of this," says Alan Shimel, chief strategy officer for StillSecure, which has incorporated the Stirling interface into its Strata Guard IDS/IPS and VAM vulnerability management system. "They want to do security event management from the end point to network security. But they recognize that they are weak in the network security piece, specifically around network-based intrusion prevention...this [ecosystem] is an example of the kind of security event and other information that Stirling will integrate, and it delivers something to enterprises that they don't have today."

"Stirling is a major part of Microsoft's plan to take back responsibility for securing their platform and reversing the error in judgment that passed this to third parties initially," says Rob Enderle, principal with Enderle Consulting. "Security is a big portion of how buyers view the quality of Microsoft's platforms, yet to sell security products, third parties have to aggressively find and point out security issues and effectively damage the perception of Microsoft's product quality. Microsoft would like to fix this."

Stirling, which includes a central management console as well as Forefront Client Security, has been a long time coming -- Microsoft first announced its plans for Stirling in June 2007. "It helps validate Microsoft as a major security player, making all related offerings more credible long-term," Enderle says, but notes Stirling is still "young and untested."

Meanwhile, Microsoft also rolled out Forefront Online Security for Exchange, a security service for its email offering. "It's a hosted email filter and anti-malware service for Exchange that sits in the cloud," Chirapurath says. "This is our first official Forefront online offering. Expect to see a series of cloud offerings."

The service, which ties into Active Directory, also is another move by Microsoft to unify its security and identity management offerings. As part of that strategy, the company said today it will offer all of its identity management tools under the Forefront brand name, as well.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-10-22
Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors.
PUBLISHED: 2019-10-22
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.
PUBLISHED: 2019-10-22
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the...
PUBLISHED: 2019-10-22
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin ...
PUBLISHED: 2019-10-22
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusi...