The Forefront server security products provide several key security capabilities to Exchange and SharePoint customers, including an advanced multiple anti-virus engine manager that allows you to concurrently run up to 5 of the included Microsoft and third-party anti-malware engines. Using multiple scan engines delivers several critical advantages:
A recent set of tests performed by the independent AV-Test.org group found some surprising differences in signature update times from various vendors. The tests compared AV lab response times for eighty-two “in the wild” viruses and variants. Twenty-six of the viruses were quickly detected by all the scan engines, but some engines didn’t detect viruses for more than twenty-four hours. In a few cases (notably 0506 Banwarum.C@mm), some vendors didn’t update their signatures to provide a block until nearly five days had elapsed! Because Forefront Security for Exchange Server and Forefront Security for SharePoint combine multiple engines, the odds that a virus will go unblocked or undetected for long periods are greatly reduced. Organizations benefit from all updates for the set of engines you use, not just from updates to a single engine.
For a larger version of this chart go here
The Forefront Client Security team writes:
While you’ve always had the ability to use MOM 2005 to monitor things like IIS and SQL for your Client Security servers, this management pack gives you the additional ability to monitor some key FCS services:
· Definition Import Failure
· Microsoft Client Security Update Assistant service—That’s the service that allows WSUS 2.0 to be configured to receive updates every hour rather than just once a day. For those of you running WSUS 2.0, you’ll be glad to have the ability to monitor this!
· Forefront Client Security Management service—This service is important because it parses antimalware definitions and adds the information to the collection database table fcs_Threat_Metadata_tbl. And that table is not only read by the management console when you set overrides based on threat, it’s also used by FCS reporting for information about specific threats.
There's more on the FCS blog...
The Forefront Client Security Team writes:
Today we published another Security State Assessment (SSA) definition update on Microsoft Update!
Included in this release is a new check that will provide visibility into end-user configuration of the Windows Firewall. When used with Group Policy, this new functionality aids in firewall management.
The Windows Firewall check reports on:
· Firewall status (on/off)
· User-defined exceptions
· Applicability to each network interface
Determining firewall status:
· If Windows Firewall is disabled on any network interface, the score is “High”
· If Windows Firewall is configured by Group Policy, the score is “Informational
Visibility into firewall exceptions:
· Enumerates each port and application exception
· Any exception not configured via Group Policy, the score is “Medium”
· If configured by Group Policy, the score is “Informational”
It's my turn to throw my hat into the Forefront Team Blog ring!
Okay...I'm not 100% what that means.
My name is Ian Hameroff, and I'm one of the many bloggers you'll see up here on the Forefront blog-o-rama. If that's not a stellar enough intro, check out this video we filmed last week at Microsoft's illustrious studio - Conference Room 27/1545 (please note: this "studio" is not affiliated with the really cool Microsoft Studios in building 127):
So, if you've stuck with me this far, thanks!
Let's get to the reason for my post: the upcoming birthday for Windows Networking.
Fifteen years ago this Saturday, on October 27, 1992, Microsoft shipped Windows for Workgroups (aka WfW for those who had dial-up Internet access back in the day that charged by the character) v3.1.
One of the major selling points of this release/update was the inclusion of "built in networking functionality" that would help make sharing files, sending electronic mails and "surfing" those Gopher sites -- that is, if you installed that pesky TCP/IP update -- that much easier.
Granted, these networking features were basically NetBIOS, but that didn't stop us from saying proudly on the product box: "Windows for Workgroups: Operating System with Integrated Networking."
While WfW Networking was still a leap forward, you'd have to wait until Windows 95 to get the complete "Internets" ready experience out of the box with Windows.
So, what the devil does have to do with Forefront or security Hameroff?
Clearly, integrated networking (or at the very least the more seamless integration of networking as with WfW 3.1) changed the rules of the game for Windows users. While it opened up new opportunities for collaboration and communication, it also introduced the newly connected world to the potential risks of malicious abuse.
Over these 15 years, we've (the industry, not just Microsoft) have learned a ton about how to balance greater access with increased security. This sometimes paradoxical acrobatic act of striking this balance is something I've spoken on for a bunch of years (both at events -- like TechEd -- and on my blog: http://blogs.technet.com/ianhamer), and I'm excited about the fact we're getting closer to another Windows networking birthday which will help us inch closer to the realization of the promise of policy-driven network access.
For me, that's all about the upcoming release of Windows Server 2008 and the Network Access Protection features found within.
NAP enables IT administrators to set policies that determine the minimum requirements for gaining network access to the corporate network - like making sure that Forefront Client Security is both enabled and up to date.
You can check out a killer demo of this in action (okay, get ready to watch this shameless plug, but bear with me) with FCS from my demo in BillG's recent keynote address at WinHEC 2007.
An absolutely shameless plug.
As you'll see in the demo, or if you've already played with the technology in Beta or RC, the ability to set, validate and enforce access policies based on the health of the connecting client helps further reduce the risk of malicious abuse of networked resources. I like to think of NAP as a catalyst for getting even more value of out the investments you've made in your security controls, because it helps make sure it is used properly by your end-users, with the reward of network access for those "up to snuff." This is a platform that will work closely with the Forefront product line -- even more so with the release of "Stirling" -- but also with the wide range of eco-system partners that have signed up to plug into our NAP platform.
So, if you're thinking about one of the Forefront products for your environment, or already have some of this stuff in place, I encourage you to check out the added value NAP can bring to these investments.
Also, don't forget to send Windows networking your birthday wishes this Saturday!
Hi, my name is Mike Chan and I’m the product manager for Forefront Security for Exchange Server. I’ve been on the job for a couple of months now and after talking to many customers I’ve noticed that there is still some confusion in the marketplace regarding the naming and relationship between Microsoft’s security solutions. First off, some basics. Within Microsoft, there is an antimalware group that produces signatures and an engine, very similar to the traditional anti-malware vendors. This group provides the engine and signatures for both our consumer and small business oriented solution (Windows Live OneCare) as well as our medium and large business oriented solutions (Forefront Security). I recently read an article where the author dinged Microsoft because there was no integration between our Windows Live OneCare and Forefront Security solutions. The author's assertion was that they should integrate, but I beg to differ. They both utilize an integrated engine, but at the end of the day, the solutions are targeted at different end customers which have very distinct needs and integrating them would not benefit either customer. I liken it to saying why isn’t my Microsoft Money integrated with SAP? I would say, “why?”.
Now on to the other area where I hear there is a bit of confusion. When customers hear the words “Forefront” – most think about our security solutions for businesses, but then they also assume that we are talking about the client protection technologies. Microsoft in fact has multiple solutions with the Forefront branding. On one hand you have Forefront Client Security – which is our antimalware technology for your desktops, servers and laptops, similar to the traditional AV client, designed to protect the host computer. However, we also have a line of Forefront Server Security products – of which Forefront Security for Exchange Server (FSES) is one. The Forefront Server Security products have an additional distinction of running multiple antimalware engines – along with the Microsoft antimalware engine listed above which gives our solution the edge when it comes to protecting your email. The moral of the story? Next time someone says, “Forefront” – you can be the wiser and ask them if they’re referring to client technologies or server technologies!