If you're like most companies, you have a solution to block or log employee access to websites. You also might have some form of network intrusion detection system (NIS) to help prevent unwanted attacks. Additionally, your company probably only relies upon the client AV software to detect malware when someone wants to download something from the web. With the release of Forefront Threat Management Gateway (TMG) you can improve upon all of the above situations to "modernize your web security" while reducing your risk and saving money.

TMG was rightfully renamed from ISA server because of all of the new capabilities it brings to the table in addition to the old functionality of ISA. TMG can now filter URLs utilizing a well-known reputation service, block malware from people trying to download files from the web over HTTP or SSL, and prevent zero-day attacks through it's own NIS.

What are some of the key reasons why you would want to switch from your existing solution(s) and/or upgrade from ISA 2006?

Reduce your Risk 

  • TMG protects against zero-day attacks which are compromised through signatures based on the known vulnerabilities in Microsoft products.  This adds an extra layer of security for vulnerabilities which come through the web, even if the patches have not been installed on your client machines.
  • TMG protects users from downloading malicious files on the web over HTTP or HTTPS through the built-in malware engine.  This adds another layer of security over simply relying upon the client AV to provide protection.
  • TMG protects non-Microsoft and unmanaged clients because all traffic which goes through TMG is protected via the AV scanning, URL filtering, and NIS – regardless of the browser, operating system, or whether or not it is joined to a domain or managed.

Save Money 

  • TMG reduces licensing costs by being able to pay only one company for NIS/URL Filtering/AV scanning instead of each of them separately.  Also if you have certain licensing agreements with Microsoft, some of this functionality comes at no extra cost.
  • TMG eases administration because instead of having to go to multiple servers and consoles for things like URL filtering, Malware scanning, and Network Intrusion, it’s all in one place.  This frees up time of administrators, hence saving money.
  • TMG reduces money spent on network bandwidth by working well with the Branch Cache functionality in Windows Server 2008 R2 and also caching website traffic.

For additional information, you can watch this video interview I had with David Cross:

Get Microsoft Silverlight