Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/5/2010
06:04 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

New Microsoft Forefront Software Runs Five Antivirus Vendors' Engines

Forefront Protection 2010 for SharePoint supports AV from Authentium, Kaspersky Lab, Norman, and VirusBuster as well as Microsoft

Microsoft today rolled out a new member of its Forefront security family that supports up to five different vendors' anti-malware scanners simultaneously, including its own AV tool.

The new Forefront Protection 2010 for SharePoint is aimed at preventing users from either uploading or downloading infected documents or sensitive information. In addition to the new Forefront product, Microsoft also unveiled Active Directory Federation Services 2.0.

But Microsoft's inclusion of any combination of a select group of AV vendors' engines in the new Forefront product stood out the most: it supports not only Microsoft's own Forefront anti-malware software, but also AV engines from Authentium, Kaspersky Lab, Norman, and VirusBuster. "We use a multi-engine approach. This is an acknowledgement that no one vendor can see all the threats and profiles out there," says JG Chirapurath, senior director of Microsoft's identity and security business group.

Rob Enderle, principal analyst with The Enderle Group, calls Microsoft's strategy here "kind of an embrace and extend technology for AV." He says enterprises typically don't like multivendor approaches to security, but they also don't like to switch vendors, either.

"By using Forefront as the management layer, they would be initially attracted by the multiple AV support and motivated to move away over time from their existing AV vendors and towards a generic Microsoft solution if happy with the initial result," Enderle says. "This actually could be one of the rare times Microsoft has, subsequent to Office, used 'embrace and extend' to move into a market."

Jonathan Wynn, manager of advanced technology and collaborative services for Del Monte, which runs the new Forefront software on SharePoint to support its seven portals consisting of thousands of websites, says his company likes having the depth of five independent AV engines. "We're downloading those definitions as the sun travels around the world. So if something comes up in Russia, I can get the definition from Kaspersky by the time the sun rises here in Pittsburgh," Wynn says. "It's about confidence … for a secure, collaborative environment."

The AV tools for SharePoint all use signature as well as heuristics-based scanning technology. But some security experts say the days of pure signature-based scanning are over. Marc Maiffrett, chief security architect for FireEye, which today announced an inline appliance version of its signature-less anti-malware technology, says there will always be some degree of signature use. "But security companies have to get away from chasing the next threat," Maiffrett says.

Maiffrett's company uses virtual machine analysis and its cloud-based intelligence network, but no malware signatures.

Meantime, collaboration was the theme for Microsoft's new product announcements today. Microsoft's Chirapurath says the new Forefront software as well as the new ADFS 2.0 software help support five recommendations the software giant listed for balancing risk management and collaboration among organizations and their partners: playing as a team, where security, content, identity, and business managers all work together; defense-in-depth, with strong anti-malware tools on SharePoint and AV on PCs and servers; use technologies for managing and federating identity among organizations and into the cloud, such as single sign-on; deploy rights management policies so only authorized users access content they need for their jobs; and be cloud-ready with technologies that secure both in-house and cloud-based systems.

"What all of this adds up to is becoming cloud-ready and really making sure that the collaborative process is secure," he says.

ADFS 2.0 is a free download for Windows Server that lets organizations apply their in-house identities to the cloud and providers secure access to applications, according to Microsoft. It works with other identity standards, such as SAML, Chirapurath says. "It takes the enterprise identity infrastructure you've built in AD and extends it to the cloud, Azure or another" service, he says. "You can extend it to another partner or group of partners."

Chirapurath says even in a targeted attack where an attacker commandeers an enterprise user's machine, Forefront and ADFS could catch any unusual activity based on the user's identity and privileges and access to systems and information. "If an attacker has JG's identity and starts browsing or downloading [files] in patterns that aren't normal for JG, it would throw an immediate red flag. We can quarantine that person or machine."

Pricing for Forefront Protection 2010 for SharePoint is at around $7 per user per year, with a minimum of five users.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.