As the Product Unit Manager, I oversaw the
design, engineering and release process for the TMG release. Being a long time security
professional, I am impressed with how Forefront TMG provides value to the
network security marketplace by integrating multiple web security technologies
into a single, comprehensive solution. As a secure web gateway, TMG enables safer
Internet access for users through comprehensive protection techniques against
malware, malicious web sites and vulnerabilities.
Today's information workers, guest users and
partners require web access to do their jobs, but web-based threats continue to
rise. For example, the recent Microsoft Security Intelligence Report
indicated that phishing rose significantly in the first half of 2009,
quadrupling in May, and that social networking sites accounted for 76% of all
phishing impressions. Protecting both managed and unmanaged user web
access and usage is traditionally challenging for security administrators. Many solutions only offer protection
for domain-joined, homogenous desktop environments. TMG helps protect all users whether they are managed or
despite the operating system or browser they are using to access the Internet.
In addition, multiple products and vendors create high costs and management
difficulty through "security sprawl." TMG is designed to address both the
protection as well as the management and costs challenges faced by enterprise
IT professionals, as well as small business IT managers.
TMG is a unique release from Microsoft with a
unique value proposition to both existing ISA 2006 customers, as well as new
customers looking for a SWG solution. As a SWG, TMG provides web access
and protection by integrating multiple detection technologies such as URL
filtering, Anti Malware, and intrusion prevention into a single, easy-to-manage
As part of the URL filtering solution for
TMG, one of the most exciting capabilities of the solution is the integration
of Microsoft Reputation Services. MRS is a cloud-based system hosted by
Microsoft that maintains a centralized database of in excess of 45 million web
domains and billions of web pages, aggregated from multiple sources to identify
and block malicious web sites. It utilizes the same technology that helps
protect Internet Explorer 8 users against malware and phishing sites. The
TMG/ISA blog provides a great
overview of TMG and its URL filtering capabilities.
second advanced capability of TMG is the Microsoft anti-malware engine
integration. Detecting, cleaning and /or blocking malware on the edge
significantly decreases the possibility that malware, Trojans or viruses will
decrease productivity of end users and create risk for the enterprise. TMG has
integrated the Microsoft Anti Malware engine to provide excellent scanning and blocking capability
at the network edge to enable productivity without compromising security.
third pillar of the new TMG solution for advanced web access and protection is
the Forefront Network Inspection System (NIS). NIS is a generic
application protocol decode-based traffic inspection system that uses
signatures of known vulnerabilities to detect and potentially block attacks on
network resources. NIS provides comprehensive protection for Microsoft network
vulnerabilities. It was researched
and developed by the Microsoft Malware Protection Center
through the NIS Response Team, as well as an operational signature distribution
channel which enables dynamic signature snapshot distribution. The unique value
proposition of NIS is how it helps to close the vulnerability window between
vulnerability disclosures and patch deployment from weeks to few hours. This
gives IT professionals the flexibility, as well as the peace of mind in their
environment, that may not have existed previously.
Last, but not least, TMG is built upon the
proven Windows Server 2008 and Server 2008 R2 platforms as a native 64-bit
application firewall, providing not only enhanced security and reliability, but
a hardened platform with network protection at the edge. In each of these
advanced defense-in-depth technologies, TMG also introduces HTTPS (SSL/TLS)
scanning to enable inspection of encrypted sessions, easing deployment and
management with a set of easy to use wizards and significantly improved logging
and reporting. These provide full visibility into how users are accessing the
web and whether those users are compliant with local security policies.
This is an exciting announcement and
development for the network security community. For more details, check
out my TechNet interview on TMG.
Based on the overwhelming positive community response and feedback through the
extensive beta cycle of TMG, I encourage the community needing a solution to
help protect and enable secure web access for users to download Forefront TMG 2010 today
to try it out!
David B. CrossProduct Unit Manager
You mention that it's available to purchase. We have SA, but I cannot find it anywhere on both the Volume Licensing or MSDN sites. Do you know when it will be available there?
Thanks, and congratulations!
TMG will be available on MSDN in approximately the next week. It is already available on MVLS (licensing.microsoft.com under Forefront Threat Management Gateway 2010).
David B. Cross
Who can I speak to regarding TMG issues (in Australia).
There are a number of URL filtering configuration options missing (that were spoken about in the following video: http://edge.technet.com/Media/Forefront-TMG-URL-Filtering-and-MRS/)
Joshua, I'd like to know what you believe to be missing with the TMG/MRS product (in Australia).