Microsoft on April 8 announced that it expects to bring a new level of consistency
and integration to its disparate security tools when it takes the wraps off its
"Stirling" project.
At the RSA Conference, Microsoft released
the first-look public beta of its integrated security system, code-named Stirling,
under its fledgling Forefront brand.
"The challenges customers are facing [are] a lack of integration and
visibility and high ownership costs in dealing with numerous point products
across security, access and management," said Paul Bryan, director of
product management at Microsoft.
Microsoft is bringing these products together more efficiently, "so
that customers can have visibility into the overall state of the IT environment
and address issues they have in the most cost-effective way," Bryan
said.
The centerpiece of the Forefront Stirling integration effort is a
centralized management console that consolidates security configuration
functions and provides visibility and reporting for multiple security products
that cover clients, servers and network boundaries.
The products include Forefront Client Security, Forefront Security for
Exchange Server and Forefront Security for SharePoint. Also included is a new,
next-generation version of Microsoft's 10-year-old Internet Security and
Acceleration Server, rebranded the Forefront Threat Management Gateway.
Click here to read more about Stirling and Microsoft's unified security.
Key to the integration effort is a new Microsoft technology called Dynamic
Response, which allows the different security tools to communicate and automate
responses to a potential threat, enhancing protection against new threats.
"If malware gets on an individual machine today, it may send off
signals to the Internet. The only way to catch that is if a systems
administrator sees it in the logs for that file system," Bryan
said. "Then they have to find out what machine that is, and that can take
days. Forefront Stirling can automatically address that
by the threat management gateway noticing it and communicating with other
components and automating a response to it."
According to Bryan, all of the
components in Forefront Stirling are built on a common infrastructure
foundation that includes Active Directory, SQL Server and Systems Center
Operations Manager, which provides common alerting and reporting.
That centralized view and reporting capability is significant, said
Natalie Lambert, senior analyst with Forrester Research.
"You now have the ability to look at the entire security posture of
your organization because it all reports up to one place. That's very valuable,
to say, here are our weaknesses," Lambert said.
But the simplicity of having a common user interface across different
security tools does not address the technology silos in most IT organizations,
Lambert said. "You do have a different person monitoring each of those
silos within the IT organization," she said.
And Microsoft is still playing catch-up in terms of functionality with
market leaders such as McAfee and Symantec, she
said. "Especially on the client side, they're still functionally
deficient compared to competitors. But they are gaining market share already and
they're coming in at a price point people can deal with and they offer good-enough
technology," she added.
The Dynamic Response system that Microsoft created in Stirling
allows third-party products to plug into the system, which affords an opportunity
to allow existing third-party products to communicate with the integrated
system as well.
Microsoft provided few details on the next-generation version of the ISA
Server 2006, although it will provide multiple threat protection, simplified
management and secure connectivity. It will be based on Windows Server 2008.
Microsoft said it would flesh out such details later in 2008.
The full public beta of the integrated security system
will be available later in 2008 and it will be generally available in the first
half of 2009, Microsoft said.
Architecture 
