Microsoft Research Reports

This report provides an overview of the Forefront products, explaining the primary benefits and requirements of each product, and briefly summarizes each product's licensing and pricing.

INTRODUCTION

Forefront products provide a wide range of security-related functions, such as removing viruses, stopping spam, and intercepting malware before it reaches users' computers, as well as filtering documents and files for inappropriate content, protecting users from malicious Web sites, and managing users' identity information and associated permissions.

Protection for Microsoft Systems

The Forefront brand was originally applied to Antigen-branded products that were acquired from Sybari, but has since been expanded to encompass products that Microsoft developed in-house or acquired elsewhere. (For details of the Forefront products and release dates, see the chart "Forefront Product Line".)

The Forefront products discussed in this report perform the following functions:

• Protect Microsoft applications from malware and inappropriate content (Forefront Protection for Exchange Server, Forefront Protection for SharePoint)
• Protect Windows desktop, laptop, and tablet computers (collectively, clients) and Windows servers from malware (Forefront Endpoint Protection)
• Protect the network edge from malware (Threat Management Gateway, Unified Access Gateway)
• Integrate administration of two Forefront products through one console (Forefront Protection Server Management Console).

Although the Forefront brand is used for several Microsoft security products, the defense approaches used differ in the following ways:

• Forefront for application servers such as Exchange Server, SharePoint, and Office Communications Server use multiple scanning engine technology originally acquired from Sybari Antigen to perform message and document filtering
• Forefront Endpoint Protection uses a single, Microsoft-developed scanning engine to protect the OS and file system on clients and servers
• Forefront edge protection products filter Internet traffic using yet another set of components that were originally acquired from DynaComm and Whale.

Forefront products integrate with other Microsoft products—for example, reporting can be done through SQL Reporting Services, and Forefront Endpoint Protection agent deployment, updates, and malware signature distribution are managed through Configuration Manager. This can benefit customers with these products in place, but for customers without it, deploying SQL Server and/or Configuration Manager infrastructure may be a major task. IT administrators can centrally manage the security components for Exchange and SharePoint, but only those two Forefront products, and enforce policies throughout the organization using the Forefront Protection Server Management Console using one console, one common set of tools, and PowerShell.

Forefront products are generally updated in conjunction with OS or application server updates. For example, Forefront Protection for Exchange was updated at about the time Exchange Server 2010 was released and will likely get a further update with the expected 2013 release.

Online versions of these products had been expected, but to date only Forefront Online Protection for Exchange has been released. It can help provide protection by offloading the scanning functions to a Microsoft service, reducing the need for organizations to maintain up-to-date antimalware signatures (for instance), and can be helpful as organizations move from on-premises infrastructure to cloud-based services or a combination of the two.

Customers using or planning to use Lync Server (the follow-on to Office Communications Server) should note that Microsoft does not provide protection software for Lync Server: Forefront Security for Communications Server will not protect Lync Server, and Microsoft has not yet released an equivalent product for Lync Server.

Tackling Security with Multiple Engines, Integration

Forefront products continue to increase in importance because malware continues to get worse, and organizations have been using Microsoft systems for more and more critical tasks, so the stakes are getting higher. In addition, legal risks continue to rise, so companies are paying more attention to keeping confidential content inside their walls and keeping inappropriate material like pornography out.

Microsoft has some unique strengths in the security software space that could help it displace entrenched vendors, such as Symantec and Trend Micro, and encourage customers to trust Microsoft security solutions. The company has an edge in creating protection software for its own products because Microsoft has unique insight into how its products are constructed and how new versions differ from past versions. In addition, by offering a wide range of security products, such as Microsoft Security Essentials (a free antimalware product for consumers' Windows PCs) and Forefront for Exchange, Microsoft can also collect information about exploits from products that have been deployed very broadly and build a huge database of malware signatures and information, potentially allowing the company to react faster and patch more products than competitors when outbreaks occur. Finally, the products for protecting Exchange Server, SharePoint, and Office Communications Server use multiple antivirus scanning engines, instead of a single engine as in many competitive products. (For details, see the sidebar "Multiple Scanning Engines".)

However, Forefront products can be complex to set up, especially for coordination between all the pieces: Microsoft partners have an opportunity to help customers plan installations and can sell the Microsoft infrastructure components required.

What’s Ahead

This report provides an overview of Microsoft's Forefront line of antimalware products, explains the primary benefits and requirements of each, and briefly summarizes the product's licensing and pricing. Forefront Security for Communications Server has not been updated in several years and its future has not been announced; it is not discussed here. The older Antigen products and early versions of Forefront security are nearing the end of support (and therefore the end of malware signature updates). Customers should already be planning migration to later versions or risk being left unprotected. (See the chart "Important Dates for Forefront Products".) One other Microsoft product that bears the Forefront branding, Forefront Identity Manager, provides identity tools rather than antimalware; it is not included in this report.

The report is organized into the following chapters:

Forefront Protects Exchange Server 2010 discusses the Forefront product that provides antimalware, antispam, and content filtering for Microsoft's e-mail server.

Forefront Online Protection Updated explains the online subscription service for protecting e-mail and reducing the amount of spam that is delivered to an organization's network.

Forefront Protects SharePoint 2010 introduces Microsoft's security for the newest SharePoint technologies and extensive filtering options that give administrators the ability to prevent malware and inappropriate content on SharePoint servers.

Console Manages Forefront for Servers presents the Forefront Protection Server Management Console 2010, which administrators can use to centrally manage server antimalware provided by Forefront Protection for Exchange Server and Forefront Protection for SharePoint.

Forefront Endpoint Protection Takes on Malware discusses the Forefront product that protects the OS and file systems on Windows clients and servers.

Forefront Products Protect the Network Edge summarizes Threat Management Gateway and Unified Access Gateway, two specialized products that provide firewall features.

Threat Management Gateway Arrives gives details on Microsoft's latest firewall/caching software, which scans for malware and inappropriate content at the network edge, enabling them to be eliminated before they enter an organization's network, and provides URL filtering technology to help block access to inappropriate or dangerous Web sites.

Forefront Gateway Gets Service Pack provides details of an update to the Unified Access Gateway, which provides remote access to an organization's applications over secure Web and Windows virtual private network technologies.

Resources provides an extensive list of reference material for all of the Forefront products discussed in this report.