If you haven't heard of Microsoft Forefront, it's a comprehensive set of security technologies, that can help to protect your infrastructure, whether it be with Forefront Client Security for unified malware protection on PC desktops and notebooks, Forefront Security for Exchange Server and Forefront Security for SharePoint for protecting key information worker server products and don't forget the Forefront Server Security Management Console for tying it all together. Whilst these products are comprehensive, what they don't really offer is deep integration. That's about to change, with Stirling.
"Forefront codename “Stirling” is an integrated security system that delivers comprehensive, coordinated protection across endpoints, messaging, and collaboration applications, and the network edge that is easier to manage and control"
"Dynamic response, an innovative feature of the Stirling integrated security system, saves IT staff considerable time by automatically responding to incoming threats.
By sharing and using security information across the IT environment, “Stirling” and dynamic response help to save time while proactively securing the environment"
To put more of a real life scenario around the technology, I've found a useful example on the Stirling website:
In this scenario, a Trojan lodges itself on an employee’s PC, creating hundreds of open connections to the Internet. The network administrator notices the Trojan after receiving an alert or looking at logs on the firewall. At that point, he calls the desktop administrator or Help Desk, which in turn looks for the infected computer and resolves the issue by disconnecting the computer from the network. More often than not, this search-and-fix process takes several hours and exposes the organization to unnecessary risk.
In the same scenario with "Stirling" deployed, Forefront Threat Management Gateway detects the open connections to the Internet and relays that information to the other Forefront security products. The information automatically triggers a response by Forefront Client Security to start a thorough malware scan on the infected computer. Depending on the results, a subsequent response is triggered by the Network Access Protection technology to quarantine the machine and block e-mail exchanges. The entire process takes a few minutes and requires no manual intervention.
There's loads of information on Stirling here: http://www.microsoft.com/forefront/stirling/en/us/default.aspx and you can also pull down the beta of the software, and you can also read a great review of the technologies here: http://windowsitpro.com/article/articleid/98813/microsofts-next-security-suite-nothing-short-of-stirling.html
Final piece of info - check out the online flash demo: Microsoft Forefront Codename Stirling Demo
PingBack from http://microsoft-site2008yr.freehostia.com/?p=9028