• Illustration: Forefront 'Stirling' Roadmap

The bewildering number of consoles facing customers who use Microsoft's Forefront family of enterprise security products may be reduced in 2008 when Microsoft releases a product that aims to integrate them. Microsoft says the new product, code-named Stirling, will provide "unified security management and reporting with comprehensive, coordinated protection across clients, server applications, and the network edge." However, integrating different products can be complex, and it typically takes longer than initially planned.

(For an overview of the Stirling roadmap, see "Forefront 'Stirling' Roadmap".)

Multiple Security Products and Consoles

Microsoft has moved aggressively into security software in recent years, and has placed most of these products—many of them gained through acquisitions—under the Forefront brand. The Forefront family of enterprise security products includes Forefront Client Security, Forefront Security for Exchange Server, and Forefront Security for SharePoint, as well as two products that don't include "Forefront" in their name but are considered part of the product family: Internet Security and Acceleration Server (ISA) 2006 and the Intelligent Application Gateway (IAG, a platform for appliance-based firewalls gained in the 2006 acquisition of Whale Communications).

Although all are part of the Forefront product line, the products' technical relationships are hardly familial. There is little sharing of data across applications, and each is installed, configured, and managed separately via its own console, or set of consoles. For example, Forefront requires at least three consoles to manage client security alone: the Forefront Client Security dashboard, the Windows Software Update Services console, and a Microsoft Operations Manager (MOM) 2005 console, each of which shows only a piece of the information needed and each of which works differently.

Stirling's Goals

Although many details about Stirling's actual features will not be known until the product enters beta in the first half of 2008, Microsoft indicates Stirling will allow customers to do the following:

• Correlate disparate security information from client, server, and network edge devices to identify complex threats
• Use information on the state of security within the organization to proactively protect against emerging and complex threats
• Obtain real-time security state or identify emerging trends based on historical data.

In addition to integrating the current Forefront products, Stirling will integrate with security features in non-Forefront products, such as Windows Server 2008, including the following:

• Network Access Protection (NAP), to control network access and adherence to the company's security policy for devices accessing a network
• Active Directory and Group Policy to manage configuration settings for existing groups of machines or users
• Windows Server Update Services (WSUS) to deploy updates for Stirling.

The Stirling management console should allow customers to define a corporate security policy and configure the relevant Forefront components to ensure compliance to those policies.

Availability and Resources

Even after Stirling is released, the component Forefront products will still likely be available separately.

Forefront Stirling information is available at http: www.microsoft.com/forefront/prodinfo/roadmap/stirling.mspx.

The Forefront family is described at www.microsoft.com/forefront/default.mspx.

For background on Forefront Client Security, see "Forefront Client Security Focuses on Administration" on page 9 of the June 2007 Update.