Securing Employee Web Use with Forefront Threat Management Gateway - Forefront Team Blog - Site Home

Hi all – Bill Jensen here, senior product manager for Forefront Threat Management Gateway (TMG.)

TMG Beta 2 is now available for download. For those that do not know, Forefront TMG is the successor to the Internet Security and Acceleration Server, more popularly known as ISA Server.

As we all know, the Web is a great boon to employee productivity. People use the Web every day and all day in the course of their jobs. Web-based applications and social networking sites grow in popularity. But at the same time, the Web presents increasingly dangerous security threats. TMG helps organizations take full advantage of business benefits presented by the Web by keeping malware out and controlling employee Web usage.

The three key features of Forefront TMG Beta 2 that will help customers to do this effectively:

Web Antimalware: This feature will inspect HTTP traffic for malware and viruses. It is a complement to desktop security suites such as Forefront Client Security and enables you to have a central point of control as well as defense in depth.

HTTPS Inspection: More and more Web traffic is being encrypted using HTTPS. This means most firewalls cannot inspect it for malware. Forefront TMG Beta 2 acts as a trusted intermediary that un-encrypts the traffic, inspects it, and then re-encrypts it. This enables it to inspect for malware.

Network Inspection System: A corollary to the rise of Web-hosted attack vectors is the rise of the application-layer attack. The Network Inspection System acts as an application-layer shield for vulnerabilities. This enables you time to complete your system patching and helps close the vulnerability window.

We also plan to include URL filtering to allow or block employee access to Web sites. Administrators will be able to define categories of prohibited sites, such as known malware sites or sites with inappropriate content. (URL filtering is not in Beta 2, however.)

Another new feature that helps improve security is improved integration with Forefront Security for Exchange. For organizations that place Exchange in an Edge role (Forefront Security for Exchange, and Forefront TMG on the same server) there is now a common management interface within Forefront TMG to enable you to simplify your management chores.

Bill