Today, Microsoft released a public beta of its new, free consumer anti-malware product codenamed “Morro”, which now has an official product name: Microsoft Security Essentials (MSE). This new solution will address the growing need for a PC security solution tailored to the demands of emerging markets. You may remember that “Morro” was originally unveiled back in November 2008 after we announced the discontinuation of retail sales for Windows Live OneCare subscription service effective June 30, 2009. As we described in this blog last year, Microsoft Security Essentials is intended for consumers, not business customers. Microsoft continues to offer security solutions for businesses with the Forefront line of products as part of its Business Ready Security strategy.
It is important to note that MSE will have a very positive impact on Forefront, because it allows Microsoft to capture even more threat intelligence from customers as more people use the free anti-malware solution. We'll be able to use that information to help extend our security research and in the development of signatures and protection capabilities in our Forefront products, which are being deployed by increasing numbers of enterprises today, with thousands of Microsoft security partners certified to sell and deploy Forefront solutions. And, of course, there's an exciting road ahead for Forefront as we release a brand new set of products for this family in our next fiscal year under the codename "Stirling".
Key points about Microsoft Security Essentials (MSE)
· The MSE beta will become available to the first 75,000 visitors to www.microsoft.com/security_essentials starting Tuesday, June 23, 2009. An English language version will be available to beta testers in the U.S. and Israel, and a Brazilian Portuguese version will be available in Brazil. Support for Simplified Chinese in China is scheduled to follow shortly after initial beta release.
· MSE release (RTM) is scheduled for H2 2009 in 10 languages and in the following 20 markets: Australia, Austria, Belgium, Brazil, Canada, China, France, Germany, Ireland, Israel, Italy, Japan, Mexico, Netherlands, New Zealand, Singapore, Spain, Switzerland, United Kingdom, and the United States.
· MSE will include new protection technology, as part of the Microsoft anti-malware engine, called “Dynamic Signature Service (DSS)” which delivers real-time threat signature updates to the client when it detects something suspicious, whether code or behavior. As we mentioned previously in April, Forefront Client Security 2.0 will also include DSS when it releases in H1 2010.
· MSE is designed for consumers and will be offered as a free download separate from Windows (including Windows 7).
Following the last month’s launch of Forefront Protection for Exchange, today we are announcing more progress for our Business Ready Security strategy with the release of two new solutions: Forefront Threat Management Gateway 2010 (TMG) and Forefront Unified Access Gateway 2010 (UAG.)
These solutions address two key endpoint security challenges. TMG, available for evaluation and purchase now, helps companies provide safe employee web browsing. UAG, which will release to manufacturing in mid December and be generally available shortly thereafter, enables organizations to give employees (and trusted partners and vendors) secure remote access to corporate resources.
Forefront Threat Management Gateway 2010
Today’s information workers require web access to do their jobs, but web-based threats continue to rise. For example, the recent Microsoft Security Intelligence Report indicated that phishing rose significantly in the first half of 2009, quadrupling in May, and that social networking sites accounted for 76% of all phishing impressions. Securing web use is traditionally challenging for security administrators. Multiple products and vendors create high costs and management difficulty through “security sprawl.”
TMG is a secure web gateway that enables safe employee web use through comprehensive protection against malware, malicious web sites and vulnerabilities. Building on its predecessor, ISA Server 2006, TMG provides new URL filtering, anti-malware, and intrusion-prevention technologies to protect businesses against the latest web-based threats. These technologies are integrated with core network protection features such as firewall and VPN to create a unified, easy-to-manage gateway.
One of the most exciting features of TMG is its use of Microsoft Reputation Services – a new cloud-based system hosted by Microsoft which maintains a centralized database of 45 million (and growing!) web domains and billions of web pages to help customers identify and block malicious web sites. It pulls data from multiple sources, such as Hotmail, the same technology that powers SmartScreen in Internet Explorer 8, the Windows Live Security Platform, and more than 10 partners, such as Brightcloud, M8e6 and FutureSoft. The TMG/ISA blog provides a great overview of TMG and its URL filtering capabilities.
Forefront Unified Access Gateway 2010
Building on its predecessor, Intelligent Application Gateway, UAG enables remote access via managed and unmanaged PCs and mobile devices. Integrating a deep understanding of applications, the health state of end user devices, and the user’s identity – UAG enforces granular access controls, ensures security, and reduces management costs and complexity.
While UAG provides a variety of connectivity options such web publishing and SSL VPN tunnels, one of the best new features is UAG’s support and enhancements for Windows DirectAccess (DA). DA is the future of remote access allowing for seamless, always-on connectivity. Always-on keeps users happy as they are continually productive, but it also keeps administrators content as users are “always-managed.” UAG helps make DA deployments simpler, more extensible and easier to scale.
This week in New Orleans Microsoft is hosting its annual Worldwide Partner Conference. We made several announcements today at the conference about our identity and security solutions. This news is part of our Business Ready Security strategy to help both partners and customers 1) protect everywhere and access anywhere, 2) integrate and extend security across the enterprise, and 3) simplify the security experience and manage compliance
Official names and pricing for “Stirling”
Forefront codename “Stirling” - the next generation of the Forefront Security Suite for integrated, comprehensive protection across endpoints, servers and the edge – will be officially known as Forefront Protection Suite (FPS).
FPS will include the products in the current suite, plus the Forefront Protection Manager (formerly known as the “Stirling” management console) and the Forefront Threat Management Gateway Web Security Service.
FPS pricing will remain the same as the current Forefront Security Suite and all of the component solutions will continue to be licensed on a subscription basis. They will also be available independently, with Forefront Protection Manager included. (Note that the Forefront Threat Management Gateway license is sold separately on a per processor basis.)
At WPC we are also announcing the following new product solution names:
· Forefront Endpoint Protection 2010 - current version is Forefront Client Security
· Forefront Protection 2010 for Exchange Server - current version is Forefront Security for Exchange Server
· Forefront Protection 2010 for SharePoint - current version is Forefront Security for SharePoint
· Forefront Online Protection for Exchange - currently called Forefront Online Security for Exchange
· Forefront Threat Management Gateway Web Security Service - the next generation of ISA Server 2006.
The new FPS solutions are currently in beta and final versions will ship over the course of the latter half of 2009 and the first half of 2010.
Public beta 2 of Forefront Unified Access Gateway
Forefront Unified Access Gateway beta 2 is available for download at www.microsoft.com/forefront. UAG provides secure, virtually anywhere access to messaging, collaboration and other applications, increasing productivity and policy compliance. UAG also extends the benefits of Windows DirectAccess across the enterprise, enhancing scalability, deployment and management.
Official name for “Geneva”
The three components of Microsoft “Geneva” – the upcoming open platform providing simplified user access and single sign-on for cloud and on-premises applications – have the following names:
· Active Directory Federation Services – formerly known as “Geneva” Server
· Windows Identity Foundation – formerly known as “Geneva” Framework
· Windows Cardspace – same as current version
At WPC partners will learn about how the solutions above offer tremendous opportunity to better meet the identity and security needs of customers...and to build their own businesses. Since announcing a $75 million investment in our partner ecosystem at WPC last year, we have seen very strong partner development and growth.
For example, we have seen a 50% increase in participation in the Security Software Advisors (SSA) program, which offers fees to partners who influence deployment. The Security Solutions Competency, which enables partners to differentiate themselves as experts, is one of the fastest growing competencies in Microsoft’s history and in the last year grew 46% in participation. This year we anticipate quadrupling the number of identity and security partners we support with training, marketing and customer engagement.
As enterprise IT evolves, Microsoft continues to evolve its Forefront security management strategy. In order to best help customers simplify the security experience and manage compliance, we are aligning security management with systems and application management.
As part of this strategy, Forefront Protection Manager (FPM) will not be released to market. Instead, multi-server management for Forefront Protection 2010 for Exchange Server (FPE) and Forefront Protection 2010 for SharePoint (FPSP) will be delivered through a streamlined solution for messaging and collaboration workloads, both on-premises and in the cloud. We will share additional details on this solution in the future.
To address customer needs in the near-term, we will release the following in the second half of 2010 at no additional cost to FPE and FPSP customers:
· A Service Pack release for our established Forefront Server Security Management Console (FSSMC) that will expand support for multi-server management to the latest versions of FPE and FPSP.
· A Forefront Server Security Script Kit that will allow IT administrators to use Remote PowerShell to configure and report on multiple deployments of FPE and FPSP throughout the enterprise.
More about our long term strategy:
We are aligning security management with systems and application management at two levels. The first level will deliver risk management across protection, access, and identity, providing end-to-end visibility into the enterprise and helping enable compliance. The second level will operationalize and simplify security management by building on application workloads and providing a consistent management experience across physical, virtual, and cloud environments.
As part of this strategy, we announced earlier that Forefront Endpoint Protection 2010 will be built on System Center Configuration Manager for centralized deployment, configuration, updating, and reporting. This will allow customers to configure, patch, and protect their desktops and laptops with the same infrastructure, delivering comprehensive security with greater efficiency. This solution is on track for a planned release to market in the second half of 2010.
Active Directory is a critical technology for thousands and thousands of organizations, holding literally billions of identities around the world. Solutions to ensure AD is backed up and - should there be a breakdown - recoverable are essential to any business continuity strategy.
To that end, CionSystems Inc. has announced the release of CionSystems Active Directory Recovery, a web based, easy-to-use and affordable solution that offers quick, granular restoration of individual objects and attributes, as well as multiple domain recovery.