Bring Business Ready Security to Your Organization
Alan Le Marquand
When we talk to customers about security one thing we hear is that they would like to be able to get all their security products from one vendor. Over the last year Microsoft has released a range of security products. Some new additions to the portfolio and some are updates. The aim was providing customers with a range of products to meet their security needs. The approach Microsoft has taken with these products is called Business Ready Security (BRS). BRS works on the principle that security is a means to a business end. BRS has 5 distinct solutions that map to the different scenarios customer face when implementing security. These solutions encompass the entire product range, some appearing in all the solutions, others very specific to just one. In this post I’ll cover the newly released products and how they map to these solutions, starting with Secure Endpoint.
The Secure Endpoint solution helps defend endpoints in real time against advanced and emerging threats. It addresses strategic security concerns—including encryption and authentication—and enables persistent confidentiality and integrity of information in transit and at rest. The products that enable this solution are Forefront Threat Management Gateway 2010 (TMG), Forefront Unified Access Gateway 2010 (UAG), Microsoft Forefront Client Security Active Directory Rights Management Services, as well as built-in Windows 7, features like BitLocker and BitLocker to Go.
TMG and UAG have been updated in the last 12 months, while FCS has a new version due in H2 of 2010. TMG is the successor to ISA Server 2006, it improves security enforcement at the edge of the network by integrating multiple detection technologies such as URL filtering, anti-malware, and intrusion prevention. Microsoft Forefront Client Security provides real-time endpoint protection against advanced threats and attacks with an integrated anti-virus/anti-spyware engine. Together with Forefront Client Security, Forefront Threat Management Gateway provides a dual layer of security that bolsters an organization's defence-in-depth strategy. Windows DirectAccess and Forefront Unified Access Gateway help increase employees’ productivity as well as enhance security of internal resources by providing always-on and secure access to data and applications. The combination of AD-RMS, BitLocker and BitLocker to Go will help ensure protection of sensitive information wherever the data resides.
Secure Collaboration is primarily focused on SharePoint. Forefront Protection 2010 for SharePoint, which has just been released, uses five antimalware engines to deliver its protection. It also allows you to prevent employees or partners from uploading or downloading infected docs, inappropriate content, or sensitive information. There are a number of products in the suite that cut across all scenarios. For Secure Collaboration, UAG helps protect inbound access to SharePoint sites you wish to publish. Other options include the use of Active Directory Federation Services 2.0 (AD FS 2.0) and Active Directory Rights Management Services (AD RMS). These are identity-centric products that allow you to manage access to sites (AD FS 2.0) and access to content on sites or file shares (AD RMS).
Secure Messaging shares many of the products used in Secure Collaboration. Focusing on Exchange, the new release of Forefront Protection 2010 for Exchange and Forefront Online Protection 2010 for Exchange (FOPE) helps protect messages both on premise, and in the cloud. AD RMS helps to ensure confidential information is not accidental lost or stolen. AD RMS also includes features which allow application of policies which define usage rights and conditions for a predefined set of users. The AD RMS logging allows Administrators to track and audit the use of rights-protected content within an organization. RMS logs all activities into a logging database, so that organizations have a record of RMS activities, including publishing and use licenses which are issued or denied.
The only Forefront product we’ve not yet discussed is the core of the Identity and Access Management solution. Forefront Identity Manager 2010 (FIM) is the new version of the identity management product. Building on a very mature product base, FIM centralises Identity and certificate management, brings workflow to identity management and synchronisation between identity stores. FIM allows IT administrators to delegate management of less critical parts of the identity process to users, freeing them up to concentrate on the more important security tasks.
The final solution is called Information Protection. There isn’t much more to cover in this solution as it’s made up of AD RMS and AD FS 2.0, all of which we’ve covered. Information is stored in many places, so products that can automatically discover, classify and protect data wherever it resides provide another level of protection. Once found, the next stage is to preserve the confidentiality and integrity of critical data wherever it goes. That is the core principle of this solution; AD RMS will protect data when in use, Forefront Protection 2010 for SharePoint when data is at rest in SharePoint and Forefront Protection 2010 for Exchange when it’s in motion.
We have listened to our customers’ needs and concerns about security. The Business Ready Security approach is designed to provide a range of products that deliver best of class functionality while integrating not just with each other, but also with existing infrastructure.