Microsoft recently announced details about its next generation Forefront security products, which are being combined into a suite of solutions codenamed Stirling. The idea is both simple and classic Microsoft: Take a disparate set of products, combine them into a suite that is integrated and more easily managed, and sell it for less. Well, I'm speculating on that last bit, as Microsoft hasn't yet released Stirling licensing details. But no matter: If you're currently sinking under the weight of multiple security end-points, Stirling might just be what the doctor ordered.
Today's Forefront product line offers little symbiosis beyond common branding. There's Forefront Client Security for unified malware protection on PC desktops and notebooks. Forefront Security for Exchange Server and Forefront Security for SharePoint for protecting Microsoft's key information worker server products. And the Forefront Server Security Management Console for tying it all together. (There're also the unfortunately named Microsoft ISA Server and Intelligent Application Gateway (IAG) products, which are badly in need of a makeover.) Microsoft bills these products as comprehensive, which they are. But what they don't really offer is deep integration. That's what's changing.
Yes, there will be some branding changes as well. ISA and IAG are morphing into the more consolidated Forefront Threat Management Gateway, or TMG, which will provide firewalling, Web anti-virus, and remote access protection.
But the big news with Stirling is integration. For the first time, Forefront's various tools will talk to each other over logical assessment channels and respond, automatically, to threats. It's actually more granular than that: Stirling can be as automated as you want it to be, so you can decide how to respond to specific types of threats. Consider a typical security scenario: A user visits a malicious Web site and inadvertently downloads a Trojan which starts port scanning your environment. Today, if you're lucky, a security admin catches the scan via some logs, contacts a desktop admin and the machine is ID'd and then manually removed from the network so that a fix can be found. But this could take days in many cases.
The idea behind Stirling is that its dynamic response mechanism could catch such a threat within minutes, not hours or days, and respond automatically and immediately if that's what you want. The situations to which the suite can respond, and the actual responses that it can make, are pretty comprehensive in the Beta 1 version that Microsoft recently shipped. But Microsoft tells me it will get even better over time, so that by the final release you'll be able to configure Stirling to do such things as automatically push infected machines into the Network Access Protection (NAP) quarantine in Windows Server 2008 environments and then fix whatever the problem is.
Stirling will also integrate with your existing infrastructure. It uses a policy-based management model that integrates with your existing containers in Active Directory. It will integrate with NAP on Windows Server 2008 (not in Beta 1). It is built on System Center Operations Manager 2007 and will utilize OpsManager if you've got it, or supply an embedded version if you don't. Updates are managed via Windows Server Update Services (WSUS).
Chances are, you're going to want to give Stirling a once-over. The Beta 1 version and a slew of documentation and other information are available now on the Microsoft Web site.
One final note. For the record; I had to look up the word "stirling" and was distressed to discover that it and "sterling" are, in fact, completely different things. Ah well.
This article originally appeared in the April 8, 2008 issue of Windows IT Pro UPDATE.