Next-Gen Security: Forefront Codename "Stirling"

 In addition to Michal's post about Forefront Codename "Stirling" I wish to further elaborate  about this solution.

Customers today experience multiple pain points in providing a secure and well-managed infrastructure for their companies. This includes:

• Lack of integrated protection: Today’s security solutions are not integrated well with each other or with a management interface, so it is difficult to monitor and protect the organization from emerging threats.

• Multiple security products and consoles: Today, IT pros spend a lot of time navigating between security consoles and trying to manage multiple methods for defining security policy and managing protection technologies.

• Lack of visibility into security state: It is difficult for IT pros to get visibility into the overall security state of the organization, since current security technologies do not share information.

More then one month ago (June 4th) Microsoft unveiled its solution to the problem. Forefront codename “Stirling” is a single product that delivers unified security management and reporting with comprehensive, coordinated protection across clients, server applications, and the network edge. Through its deep integration with the existing infrastructure, such as Microsoft Active Directory and Microsoft System Center, customers can reduce complexity, making it easier to achieve a more secure and well-managed infrastructure.

What Are the Key Benefits of Microsoft Forefront codename “Stirling”?

• Comprehensive Protection: By providing integrated protection technologies across clients, server applications, and the network edge, and dynamic responses to emerging threats, IT pros will be able to proactively protect their organization from emerging threats.

• “Stirling” integrates comprehensive protection technologies, including anti-malware, anti-spam, content filtering, host firewall, multi-engine protection for messaging and collaboration systems, network edge protection, and other technologies to be announced at a later date.

• “Stirling” technologies will act as a distributed system, sharing information with each other, allowing for correlation of security information to identify complex threats. Protection technologies included in “Stirling” can be set to dynamically respond to these threats, making it easier for the IT administrator to address new threats.

• Integration with Network Access Protection ensures administrators can control network access based on user and machine authorization as well as adherence to the company’s security policy for endpoint protection.

• Unified Management: “Stirling” provides a single management console across client, server, and network edge security.

• IT professionals can easily define their corporate security policy and “Stirling” will automatically configure the relevant protection technologies and ensure compliance to those policies.

• “Stirling” deploys configuration settings to existing groups of machines or users in Active Directory.

• IT professionals can use existing Microsoft Windows Server Update Services (WSUS) infrastructure to deploy updates for “Stirling.”

• Critical Visibility: Critical visibility into the security state, including insights into threats and vulnerabilities through one central console that easily communicates where action is required.

• “Stirling” collects security information from client, server, and network edge devices and provides both comprehensive reports as well as the ability to drill down and perform investigations on specific security incidents, all in one place.

• “Stirling” allows IT professionals to obtain real-time security state or identify emerging trends based on historical data.

How Does Microsoft Forefront codename “Stirling” Work?

Microsoft Forefront codename “Stirling” builds on Microsoft’s commitment to deeper integration of security and systems management, with a centralized management infrastructure to manage corporate security policies, view reports of the overall security state, and identify and protect against emerging threats. Through its integration with Microsoft System Center, IT administrators have more extensive control of alerts, enabling more complete management of the security lifecycle.

“Stirling” will utilize multiple technologies and approaches to help protect IT environments against unknown threats. For example, by enabling centralized control of software that is allowed to run on a machine along with advanced protection technologies to keep malware off systems, administrators can more easily protect systems from new threats.

“Stirling” integrates a comprehensive set of protection technologies, including anti-malware, anti-spam, content filtering, host firewall, multi-engine protection for messaging and collaboration systems, network edge protection and others to be announced at a later date.

In addition to protection provided by individual technologies, “Stirling” technologies act as a distributed system by sharing information with each other, allowing for correlation of security information to identify complex threats. Protection technologies included in “Stirling” can be set to dynamically respond to these threats through a variety of remediation techniques, making it easier for the IT administrator to address new threats.

Integration with Network Access Protection ensures administrators can control network access based on user and machine authorization, as well as adherence to the company’s security policy for endpoint protection.

Product Availability

A customer technology preview of Microsoft Forefront codename “Stirling” will begin in the second half of 2007, followed by a public beta in the first half of 2008. The product is expected to be generally available in the first half of 2009.

Read the Full Press release of the "Striling" Unveiling with an interview with Margaret Arakawa, senior director of Security Product Marketing at Microsoft, about this milestone and how it fits into Microsoft’s broader strategy and commitments to customers.

Read the "Striling" FAQ