Microsoft on April 8 announced that it expects to bring a new level of consistency and integration to its disparate security tools when it takes the wraps off its "Stirling" project.
At the RSA Conference, Microsoft released the first-look public beta of its integrated security system, code-named Stirling, under its fledgling Forefront brand.
"The challenges customers are facing [are] a lack of integration and visibility and high ownership costs in dealing with numerous point products across security, access and management," said Paul Bryan, director of product management at Microsoft.
Microsoft is bringing these products together more efficiently, "so that customers can have visibility into the overall state of the IT environment and address issues they have in the most cost-effective way," Bryan said.
The centerpiece of the Forefront Stirling integration effort is a centralized management console that consolidates security configuration functions and provides visibility and reporting for multiple security products that cover clients, servers and network boundaries.
The products include Forefront Client Security, Forefront Security for Exchange Server and Forefront Security for SharePoint. Also included is a new, next-generation version of Microsoft's 10-year-old Internet Security and Acceleration Server, rebranded the Forefront Threat Management Gateway.
Key to the integration effort is a new Microsoft technology called Dynamic Response, which allows the different security tools to communicate and automate responses to a potential threat, enhancing protection against new threats.
"If malware gets on an individual machine today, it may send off signals to the Internet. The only way to catch that is if a systems administrator sees it in the logs for that file system," Bryan said. "Then they have to find out what machine that is, and that can take days. Forefront Stirling can automatically address that by the threat management gateway noticing it and communicating with other components and automating a response to it."
According to Bryan, all of the components in Forefront Stirling are built on a common infrastructure foundation that includes Active Directory, SQL Server and Systems Center Operations Manager, which provides common alerting and reporting.
That centralized view and reporting capability is significant, said Natalie Lambert, senior analyst with Forrester Research.
"You now have the ability to look at the entire security posture of your organization because it all reports up to one place. That's very valuable, to say, here are our weaknesses," Lambert said.
But the simplicity of having a common user interface across different security tools does not address the technology silos in most IT organizations, Lambert said. "You do have a different person monitoring each of those silos within the IT organization," she said.
And Microsoft is still playing catch-up in terms of functionality with market leaders such as McAfee and Symantec, she said. "Especially on the client side, they're still functionally deficient compared to competitors. But they are gaining market share already and they're coming in at a price point people can deal with and they offer good-enough technology," she added.
The Dynamic Response system that Microsoft created in Stirling allows third-party products to plug into the system, which affords an opportunity to allow existing third-party products to communicate with the integrated system as well.
Microsoft provided few details on the next-generation version of the ISA Server 2006, although it will provide multiple threat protection, simplified management and secure connectivity. It will be based on Windows Server 2008. Microsoft said it would flesh out such details later in 2008.
The full public beta of the integrated security system will be available later in 2008 and it will be generally available in the first half of 2009, Microsoft said.