Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:45 PM
Connect Directly

Microsoft Partners With Network Security Vendors For 'Stirling'

Microsoft releases new beta version of next-gen security suite, announces first Forefront security service

Microsoft today released a new public beta version of its long-awaited Stirling security suite, along with key network security partnerships that allow the sharing of event information with their tools. The software giant also rolled out Forefront Online Security for Exchange -- its first hosted security service under the Forefront name.

Stirling, the next-generation security suite that Microsoft first unveiled in beta at last year's RSA Conference, now offers a partner program in which it shares its application programming interface with other security vendors to help provide enterprises with a more integrated view of security events. Initial Stirling partners include Brocade, Guardium, Imperva, Juniper Networks, Kaspersky, Q1 Labs, StillSecure, Sourcefire, RSA, and TippingPoint.

The Forefront Stirling security suite basically integrates the security of desktops, servers, applications, and network devices with a common interface that lets each Forefront security product under Microsoft's Stirling line -- Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, and Forefront Threat Management -- share and use security information with one another to automatically mediate threats. The new Stirling partner ecosystem extends that capability to partners' security tools, as well.

"There's not one [vendor] who can see all the threats by itself," says JG Chirapurath, director of Microsoft's identity and security business group. "Some may catch some threats sooner than others...the community really has to stand together and share information."

To date, client, server, and network security are typically separate. "In the past, if the edge detects an attack, only the edge knows about it and has to deal with it, and if the edge fails, the attack can progress inside," Chirapurath says. "With Stirling [and its partners], the edge sees the attack and passes that information through the framework to the server and client, and all tiers immediately know what's up at the edge."

Security experts say Microsoft's strategy of opening up Stirling's API shows just how pragmatic the software giant has become in how it approaches overall security.

"Sterling is a very ambitious security undertaking. If it were any other company besides Microsoft, there's no way they could do all of this," says Alan Shimel, chief strategy officer for StillSecure, which has incorporated the Stirling interface into its Strata Guard IDS/IPS and VAM vulnerability management system. "They want to do security event management from the end point to network security. But they recognize that they are weak in the network security piece, specifically around network-based intrusion prevention...this [ecosystem] is an example of the kind of security event and other information that Stirling will integrate, and it delivers something to enterprises that they don't have today."

"Stirling is a major part of Microsoft's plan to take back responsibility for securing their platform and reversing the error in judgment that passed this to third parties initially," says Rob Enderle, principal with Enderle Consulting. "Security is a big portion of how buyers view the quality of Microsoft's platforms, yet to sell security products, third parties have to aggressively find and point out security issues and effectively damage the perception of Microsoft's product quality. Microsoft would like to fix this."

Stirling, which includes a central management console as well as Forefront Client Security, has been a long time coming -- Microsoft first announced its plans for Stirling in June 2007. "It helps validate Microsoft as a major security player, making all related offerings more credible long-term," Enderle says, but notes Stirling is still "young and untested."

Meanwhile, Microsoft also rolled out Forefront Online Security for Exchange, a security service for its email offering. "It's a hosted email filter and anti-malware service for Exchange that sits in the cloud," Chirapurath says. "This is our first official Forefront online offering. Expect to see a series of cloud offerings."

The service, which ties into Active Directory, also is another move by Microsoft to unify its security and identity management offerings. As part of that strategy, the company said today it will offer all of its identity management tools under the Forefront brand name, as well.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address allows attackers in the local network to access multiple quagga VTYs. Attackers can...
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.