More Secure Web Access and Protection with Forefront TMG - Forefront Experts - Site Home - TechNet Blogs

More Secure Web Access and Protection with Forefront TMG

More Secure Web Access and Protection with Forefront TMG

  • Comments 4
  • Likes
Today Microsoft is announcing the release of the Forefront Threat Management Gateway (TMG) 2010 product.  Forefront TMG 2010 builds on its predecessor, ISA Server 2006, providing all new URL filtering, web antimalware inspection, and intrusion prevention technologies to help protect businesses against the latest web based threats.  These technologies are integrated with the core network protection features of ISA 2006 to create a unified, easy-to-manage secure Web gateway (SWG).   The evaluation version  is available for download already and customers can now buy both Standard Edition and Enterprise edition in three languages as of today.

As the Product Unit Manager, I oversaw the design, engineering and release process for the TMG release.  Being a long time security professional, I am impressed with how Forefront TMG provides value to the network security marketplace by integrating multiple web security technologies into a single, comprehensive solution. As a secure web gateway, TMG enables safer Internet access for users through comprehensive protection techniques against malware, malicious web sites and vulnerabilities. 

Today's information workers, guest users and partners require web access to do their jobs, but web-based threats continue to rise.  For example, the recent Microsoft Security Intelligence Report indicated that phishing rose significantly in the first half of 2009, quadrupling in May, and that social networking sites accounted for 76% of all phishing impressions.  Protecting both managed and unmanaged user web access and usage is traditionally challenging for security administrators.  Many solutions only offer protection for domain-joined, homogenous desktop environments.  TMG helps protect all users whether they are managed or despite the operating system or browser they are using to access the Internet.  In addition, multiple products and vendors create high costs and management difficulty through "security sprawl."  TMG is designed to address both the protection as well as the management and costs challenges faced by enterprise IT professionals, as well as small business IT managers.

TMG is a unique release from Microsoft with a unique value proposition to both existing ISA 2006 customers, as well as new customers looking for a SWG solution.  As a SWG, TMG provides web access and protection by integrating multiple detection technologies such as URL filtering, Anti Malware, and intrusion prevention into a single, easy-to-manage solution.

As part of the URL filtering solution for TMG, one of the most exciting capabilities of the solution is the integration of Microsoft Reputation Services.  MRS is a cloud-based system hosted by Microsoft that maintains a centralized database of in excess of 45 million web domains and billions of web pages, aggregated from multiple sources to identify and block malicious web sites.  It utilizes the same technology that helps protect Internet Explorer 8 users against malware and phishing sites.  The TMG/ISA blog provides a great overview of TMG and its URL filtering capabilities.

The second advanced capability of TMG is the Microsoft anti-malware engine integration.  Detecting, cleaning and /or blocking malware on the edge significantly decreases the possibility that malware, Trojans or viruses will decrease productivity of end users and create risk for the enterprise. TMG has integrated the Microsoft Anti Malware engine to provide excellent scanning and blocking capability at the network edge to enable productivity without compromising security.

The third pillar of the new TMG solution for advanced web access and protection is the Forefront Network Inspection System (NIS).  NIS is a generic application protocol decode-based traffic inspection system that uses signatures of known vulnerabilities to detect and potentially block attacks on network resources. NIS provides comprehensive protection for Microsoft network vulnerabilities.  It was researched and developed by the Microsoft Malware Protection Center through the NIS Response Team, as well as an operational signature distribution channel which enables dynamic signature snapshot distribution. The unique value proposition of NIS is how it helps to close the vulnerability window between vulnerability disclosures and patch deployment from weeks to few hours. This gives IT professionals the flexibility, as well as the peace of mind in their environment, that may not have existed previously.

Last, but not least, TMG is built upon the proven Windows Server 2008 and Server 2008 R2 platforms as a native 64-bit application firewall, providing not only enhanced security and reliability, but a hardened platform with network protection at the edge.  In each of these advanced defense-in-depth technologies, TMG also introduces HTTPS (SSL/TLS) scanning to enable inspection of encrypted sessions, easing deployment and management with a set of easy to use wizards and significantly improved logging and reporting. These provide full visibility into how users are accessing the web and whether those users are compliant with local security policies. 

This is an exciting announcement and development for the network security community.  For more details, check out my TechNet interview on TMG.  Based on the overwhelming positive community response and feedback through the extensive beta cycle of TMG, I encourage the community needing a solution to help protect and enable secure web access for users to download Forefront TMG 2010 today to try it out! 


David B. Cross
Product Unit Manager

  • You mention that it's available to purchase.  We have SA, but I cannot find it anywhere on both the Volume Licensing or MSDN sites.  Do you know when it will be available there?

    Thanks, and congratulations!


  • Hi Everyone:

    TMG will be available on MSDN in approximately the next week.  It is already available on MVLS ( under Forefront Threat Management Gateway 2010).

    David B. Cross

  • Who can I speak to regarding TMG issues (in Australia).

    There are a number of URL filtering configuration options missing (that were spoken about in the following video:

  • Joshua,  I'd like to know what you believe to be missing with the TMG/MRS product (in Australia).

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment