Access Denied: The Business of Security

Web Service Security and Pre-Authentication with ISA 2004

2006-02-28T05:39:00Z

I have posted a new article that discusses the benefits of providing pre-authentication to your web applications and how it can provide a significant layer of security against application layer attacks.

http://blogs.technet.com/accessdenied/articles/420744.aspx

Microsoft Aquires URL Filtering technology for ISA Server 2004!

2006-02-11T04:32:00Z

Advanced URL filtering is an important part of a defense in depth strategy on your Application Layer Firewall to be able to properly secure, management and monitor users access to malware, phishing sites and URLs based on catagorization and intelligence.

We have a ton of partner plug ins to choose from in this space that integrate with the ISA 2004 infrastructure. Soon you will also have the option to get many of these great security enhancements from Microsoft too! We have announced the aquisition of technology from an ISA 2004 Partner, Futuresoft! Here are some Q&A from the Press Announcement with our VP of Security and Access Solutions, Ted Kummert:

What role does the acquisition of the DynaComm i:filter Web-filtering product play in strengthening Microsoft’s security product offering?

Kummert: This is a product that enables business customers to manage access to the Web in their environments. In addition to productivity concerns associated with unmanaged Web access, phishing attacks, malicious Web sites and other Web-based threats are leading to a growing security concern for our customers. Consequently, enabling customers to manage Web access in their environments is an important area of focus for our edge security offering. The acquisition of FutureSoft's DynaComm i:filter technology is another example of our broader commitment to providing a more comprehensive and integrated security offering to our customers while simplifying the user experience.

PressPass: Why did you acquire DynaComm i:filter from FutureSoft?

Kummert: We were impressed with DynaComm i:filter’s rich database and comprehensive management feature set. We believe this product will help us better address customer needs for more secure and productive Web access. It’s a product which already integrates with ISA Server and we will be looking at ways to deepen that integration, and simplify the user experience. Though it won’t be made available immediately, this product will help us deliver an additional layer of defense to our customers in future releases. We’ve acquired only the Web filtering product from FutureSoft. The company remains independent following this product acquisition.

For the full press announcement around this and some other exciting announcements (including the availability of a public beta for ISA 2006!) go to: http://www.microsoft.com/presspass/features/2006/feb06/02-09ISAServer.mspx

Stay tuned for more info!

LCS Server, SIP and ISA Server 2004

2006-02-11T04:26:00Z

Here I summarize my thoughts on providing secure and feature rich external access to LCS utilizing ISA Server 2004. We also have a new Microsoft Partner with an LCS SIP Filter in Beta from www.collectivesoftware.com!

LCS Server, SIP and ISA Server 2004: http://blogs.technet.com/accessdenied/articles/419279.aspx

Don't Dupe ISAServer.org or Tom Shinder!

2006-02-09T06:14:00Z

On Feb. 3rd Tom Shinder (a noted ISA MVP and manager of the content at ISAServer.org) posted a brief article to his blog regarding Bluecoat. (http://spaces.msn.com/drisa/blog/cns!BC3213176E0489FD!445.entry?_c=BlogPart) In summary Bluecoat (an ISA competitor) paid for advertising space to pitch a 'webcast' where they made mis-informed and incorrect statements about ISA Server (to an ISA audience!). The NEXT business day Bluecoats stock fell almost 40% (and has fallen each day since). What could have led to this?

Some might say it is because they announced that their Q3 profit will miss estimates by approx 50%.
Perhaps it is because customers are figuring out the benefits of having their enterprise caching device also perform valuable security functions.
Is it because having to deploy a separate device for AV scanning (as one example) isn't acceptable or customers want more options around extensibility, integration and managability?
Do customers just want more features for a lower price?
Are they really the market leader? (I am privy to how many processors of ISA Microsoft moved our last Fiscal year and let me just say...Bluecoats claims of 25,000 deployed units WW does NOT put them at #1).
Maybe it is because customers don't want to trust large investments in a technology from what is essentially a very small (and obviously not as stable as some thought) company that can fall in stock price 40% in one day!

I am giving credit to Tom Shinder and you can bet that I won't ever try to dupe him :)

Application Layer Firewalls and ISA Server 2004

2006-02-09T06:11:00Z

I have posted my first (of what should be many) article on my new blog site! Read about (and comment on) my thoughts regarding the application layer firewall market and how ISA 2004 has a very unique positioning in that space!

http://blogs.technet.com/accessdenied/articles/419068.aspx

Anonymous Comments

2006-02-09T03:45:00Z

In the few hours my new blog has been up I have recieved a few emails indicating (or implying) that I should consider anonymous comments. My opinion on comments is that I am out here sharing my thoughts, opinions and experiences and if someone is interested in providing feedback via comments they should be willing to take some level of a similar stake. I do not want to discourage comments in any way. There are those people that will want to leave serious comments of any kind and those that do not and I hope to minimize the latter. I also like to know who I am talking with! So anyone that is signed into TechNet can leave comments. Don’t know how to sign in? Look for the ‘Join’ on the web page and spend 15 seconds signing up! Anyone can do it (not just MS employees)! I look forward to sharing with and (hopefully) recieving comments from many people!

Disclaimer Time!

2006-02-08T21:55:00Z

So, welcome to my new blog. Per my Bio - I am a Microsoft Employee and work (or have worked) with some of our largest customers to help them meet their security needs. What I post here (unless other references are made) is based on my own opinions and experiences and should not be considered an overall opinion of Microsoft as a company, a product team or any other specific group within Microsoft.

With regards to Security related discussions and recommendations especially - it is ALWAYS my first and foremost recommendation that you review and strongly consider all best practices outlined at http://www.microsoft.com/security, run appropriate firewall and anti-malware software and keep systems patched appropriately. Any thoughts or advice I may give is not designed to be a suitable replacement for those best practices.