4-page Case Study - Posted 5/1/2007
Views: 400
Rate This Evidence:
Integrated, Easy-to-Manage Security and Monitoring Solution Boosts IT Productivity
Guardian Management LLC (Guardian), a real estate investment and management firm, had a firewall that kept locking up and a PC antivirus solution that failed to detect all malware, required manual configuration, and offered only limited reporting. To address those issues, Guardian deployed a comprehensive solution consisting of the Microsoft® Forefront™ line of business security products and the Microsoft System Center family of IT management solutions, which take advantage of and integrate with the company’s existing investment in Active Directory®. Now, the company’s IT infrastructure is more secure, reliable, and manageable, and Guardian can easily monitor all PCs and servers on its network from a central location. The company’s newly simplified, better-integrated IT infrastructure is providing productivity gains for end users and the IT staff.
Situation
Founded in 1971, Guardian Management LLC (Guardian) is a third-generation real estate investment and management company with approximately 500 employees, of which nearly 70 work in its headquarters in Portland, Oregon. Most of the other employees work remotely, at the company’s more than 150 managed properties.
In the past, Guardian used several security products from different vendors to help protect its corporate network, including antivirus software from one vendor for its Microsoft® Exchange Server environment, antivirus software from a second vendor for user PCs, and a combination firewall, Internet gateway, and virtual private networking (VPN) device from a third vendor.
When Will Wilson joined the company as Director of Information Systems in 2004, he quickly replaced the antivirus software for the Exchange Server environment with Sybari Antigen for Exchange Server. “We liked that Antigen integrated better with Exchange Server, scanned mail before it hit the message store, used multiple scanning engines, and worked with less system overhead,” he says.
 |
We chose Forefront and System Center because we wanted a common platform and management infrastructure for all aspects of network security and IT management.  |
|
|
Will Wilson
Director of Information Systems
Guardian Management LLC |
|
|
Although Antigen has served Guardian well for the past few years, the other two products were problematic for Wilson and his sole IT administrator. Specific issues with the PC antivirus software included:
- Limited malware detection. The product provided poor support for the detection and removal of nonvirus forms of malware, such as spyware. As a result, some user PCs were infected with such threats even though the antivirus software reported that none had been found.
- Lack of automated deployment. The deployment and configuration of the product for new PCs was time-consuming. Wilson had to manually configure each PC and then make several round-trips between his own desk and the user’s PC to check if everything was working properly.
- Poor visibility into PC health. Although the product provided a few basic reports, they included only limited information. Wilson had no way to get an overall view or conduct a detailed analysis of problem spots. He was also unable to know if a PC was properly protected without physically examining it.
The firewall device was even more problematic. It often locked up, causing users in the company’s main office to lose all Internet connectivity, including Web access and the ability to exchange e-mail with people who were outside the building. In addition, when the device failed, remote users could not access the company’s Web-based property management applications or their own e-mail—which was provided using Microsoft Office Outlook® Web Access.
“We spent a lot of time troubleshooting the firewall device,” says Wilson. “The vendor was unable to resolve the problem, and we had already replaced the device once, to no avail. The only solution was for me to frequently reboot the device, which could mean hours of lost productivity for people who started work ahead of me whenever the device locked up during the night.”
Those two products also presented challenges because they did not integrate with the rest of the company’s IT infrastructure. Wilson was able to centrally manage and administer most technologies on the company’s network using the Active Directory® service in the Windows Server® 2003 operating system. But the desktop antivirus software and the firewall device were isolated technologies, each of which required unique management interfaces and skill sets.
When looking for a better solution, Guardian sought to go beyond security management to include the management of all PCs and server computers on the company’s network. Monitoring the company’s 20 Windows®-based server computers was a manual process, involving several trips to the server room each day.
“We didn’t have a good way of monitoring servers other than making a trip to the server room to physically examine them—or waiting for a user to report a problem,” says Wilson. “Even then, examining the event logs on 20 servers each day for signs of potential problems was unrealistic. We expected the situation to worsen at the end of 2006 because that’s when we moved to our new headquarters, where the server room is located two floors below my office instead of across the hall.”
Solution
To meet these challenges, Guardian deployed an integrated solution based on Microsoft software, including the Microsoft Forefront™ line of business security products and the Microsoft System Center family of IT management solutions. “We chose Forefront and System Center because we wanted a common platform and management infrastructure for all aspects of network security and IT management,” says Wilson. “In addition, we liked their reporting capabilities and integration with each other and the rest of our IT infrastructure.”
|
Integration with Active Directory helps us manage all aspects of Forefront Client Security, and the process couldn’t be easier. |
|
|
Will Wilson
Director of Information Systems
Guardian Management LLC |
|
|
By deploying Forefront and System Center products together, which Guardian did with help from Microsoft Certified Partner Ascentium, the company is benefiting from an integrated solution for client security, application server security, network edge security, and operational monitoring. The solution includes the following components:
- Microsoft Forefront Client Security, with which Guardian replaced its previous desktop antivirus software, helps protect PCs in the company’s corporate office from viruses, worms, spyware, and other threats. It also performs a security state assessment that detects and reports on deviations from security-related best practices, such as PCs that have too many local administrator accounts or passwords that are not set to expire.
- Microsoft Forefront Security for Exchange Server, a new version of Sybari Antigen released after Microsoft acquired Sybari, integrates multiple scan engines from industry-leading security firms. It helps protect the company’s Exchange Server environment from viruses, worms, spam, and inappropriate content.
- Microsoft Forefront Security for SharePoint®, which also uses multiple scan engines, automatically inspects documents as they are saved to or retrieved from Microsoft Office SharePoint Server 2007. It helps safeguard against viruses, worms, and other potential threats, as well as inappropriate content and disclosure of confidential information.
- Microsoft Internet Security and Acceleration (ISA) Server 2006, a member of the Forefront product line with which Guardian replaced its previous firewall device, is an integrated edge security gateway. It provides fast and reliable Internet connectivity and remote access while helping to protect the company’s network from Internet-based threats.
- Microsoft Operations Manager 2005, a System Center product, makes it possible for Guardian to centrally monitor the Windows-based PCs and server computers on its corporate network. Role-specific management packs for Exchange Server, Microsoft SQL Server™ database software, Domain Name System, Active Directory, Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, and ISA Server provide the built-in expertise needed to properly monitor those systems. The packs include predefined monitoring rules, a knowledge base, and scripts to help quickly resolve issues. Upon an alert being triggered, Operations Manager 2005 notifies IT administrators by e-mail that an issue exists, with knowledge base information appended to the alert to aid in problem resolution.
All the Forefront and System Center products integrate with the company’s existing Windows-based IT infrastructure—including technologies such as Active Directory, Group Policy, and Windows Server Update Services—to streamline deployment, management of configuration settings, and ongoing system administration. Similarly, all Forefront and System Center products use a common data store and reporting framework based on Microsoft SQL Server 2005, including SQL Server Reporting Services, thereby helping Guardian extend the usefulness of another existing in-house technology.
Guardian is evaluating Microsoft Forefront Server Security Management Console, which will give the company an easy-to-use, Web-based tool for the centralized management of all servers running Forefront Security for Exchange Server and Forefront Security for SharePoint, including initial deployment and configuration as well as ongoing management. Forefront Server Security Management Console automates the download and distribution of virus signature and engine updates for all scan engines employed, helping Guardian ensure that any such updates are deployed within the shortest possible amount of time and immediately notifying system administrators if an update fails. It also provides administrators with virus outbreak alerts and comprehensive management reports.
In addition, Wilson plans to employ Microsoft System Center Configuration Manager 2007, which will give Guardian the ability to report on desired configuration management across all managed systems, without geographical boundaries. By using Software Update Management features in the product, Guardian will be able to automate the deployment of software updates for all Microsoft products, as well as third-party and line-of-business applications. This is a core capability of System Center Configuration Manager 2007 that builds on the functionality of Windows Server Update Services.
Benefits
By deploying Forefront and System Center products together, Guardian is benefiting from a more secure and reliable IT infrastructure—one based on a common technology platform and management infrastructure that extends from user PCs to the network edge. Because of that seamless integration, the company can ensure that all security technologies are functioning as intended. The integration also makes it possible for Guardian to easily manage and support those technologies—along with the rest of the company’s IT infrastructure—with less time and effort. Wilson and his IT administrator now have an additional 10 to 14 hours per week to focus on other tasks.
 |
Figure 1. Forefront Client Security Management
Console provides a comprehensive view of the security
status of all PCs on the company’s network. |
Improved Security and Reliability
The company’s use of Forefront products has helped improve security in several ways, one of which is the detection of malware on user PCs. Upon deploying Forefront Client Security, Wilson found more than a dozen vulnerabilities that until then had gone undetected. “On one system, our previous desktop antivirus product had found a virus but couldn’t remove it,” says Wilson. “Forefront Client Security not only quarantined the virus, but it also found and removed eight other types of malware that the previous antivirus product hadn’t detected. After being out of commission for two weeks, the PC was ready to return to service within hours. It was at that point that we decided to deploy Forefront Client Security to all PCs, using Group Policy and Windows Server Update Services to automate the process and make it transparent to users.”
The Security State Assessment feature of Forefront Client Security also has helped Guardian uncover potential security vulnerabilities. “Forefront Client Security detected a number of security-related issues: passwords not set to expire, PCs missing software updates, unnecessary Windows services running, incorrect auto-update settings, and PCs with too many local administrators,” says Wilson. “In the past, it would have taken days to manually inspect each PC and find such problems. Instead, all of those issues were detected automatically and presented in a single interactive report.”
Forefront Security for Exchange Server is providing similar benefits at the application server level by scanning for viruses, worms, spam, and inappropriate content. Similarly, Forefront Security for SharePoint will help protect the company’s new portal when Guardian deploys it later this year. “Forefront Security for SharePoint will be especially useful because our new portal will be used by hundreds of PCs that reside outside our corporate network, where the odds of someone unintentionally trying to upload an infected file are far greater,” says Wilson.
ISA Server 2006 is improving security at the edge of the company’s network. ISA Server fills the roles served by the previous combination firewall, Internet gateway, and VPN device, but with greater reliability. ISA Server also helps Guardian easily publish and preauthenticate access to the servers that run Outlook Web Access and the company’s Web-based property management system—without having to directly expose those systems to Internet-based threats.
Operations Manager is helping improve reliability by providing a way to confirm that all PCs and servers on the company’s corporate network are healthy and operating properly. “Microsoft Operations Manager automatically checks hundreds, if not thousands, of points of vulnerability each day, providing me with a consolidated list of any potential issues,” says Wilson. “Upon first deploying Operations Manager, we found lots of little things that could have affected reliability if left unattended and we were able to easily clean them up. On an ongoing basis, Operations Manager will raise an alert when any new issues crop up, helping us to identify and address them before they can affect end users. It’s not that I still don’t worry about something going wrong, but at least I know I’ll be notified if it does.”
Simplified Deployment, Monitoring, and Reporting
|
I’ve used many security products over the years, and the reporting in Forefront products is light-years ahead of anything else I’ve seen. |
|
|
Will Wilson
Director of Information Systems
Guardian Management LLC |
|
|
The integration of Forefront and System Center products with the company’s existing IT infrastructure has made it possible for Guardian to more easily deploy, monitor, and report on the various components of that infrastructure. For example, Wilson was able to configure Forefront Client Security in half the time it took to initially set up the previous desktop antivirus software. “With Forefront Client Security, I used the Group Policy Management Console to create a new Group Policy, adjusted the settings on four tabs, clicked Done, and clicked Deploy,” says Wilson. “With our previous desktop antivirus product, the configuration process had many more steps and took twice as long.”
Similarly, Guardian can deploy new PCs faster because it no longer takes extra effort to install and configure antivirus software. “It used to take me an additional 30 minutes to deploy desktop antivirus software on each new PC,” says Wilson. “Today, we simply have an organizational unit defined in Active Directory for all headquarters PCs, with a Group Policy for Forefront Client Security applied to that organizational unit. After I bring a new PC onto the domain and load software, I simply move the PC into the organizational unit and Forefront Client Security is installed automatically, including the scan engine and all virus definitions. Integration with Active Directory helps us manage all aspects of Forefront Client Security, and the process couldn’t be easier.”
The company’s use of Forefront and System Center products has also simplified operational monitoring and reporting, providing real-time visibility into the health of all PCs and servers on the network. For example, Microsoft Forefront Client Security Management Console (see Figure 1) gives Wilson an immediate overview of the status of all systems running Forefront Client Security. It offers more detailed reports than the previous antivirus product and makes it possible for Wilson to view the status of a single machine using just a mouse click or two. “As soon as I open the Forefront Client Security Management Console, I’m immediately presented with a summary of which systems are healthy, which have problems, and which haven’t reported in,” says Wilson. “I’ve used many security products over the years, and the reporting in Forefront products is light-years ahead of anything else I’ve seen.”
Operations Manager provides a top-down view of the company’s IT infrastructure, helping Wilson to easily monitor the status of all PCs and servers on the network. “There’s great stand-alone reporting in each Forefront product, but Operations Manager really pulls everything together to simplify my day-to-day IT management responsibilities,” says Wilson. “We have 500 employees, yet we run our core IT operations with only two people. Using one or two management screens, I can identify issues, triage them, and use the rich information that’s provided to make better decisions and delegate tasks more efficiently.”
Increased End-User and IT Productivity
End users are more productive since Guardian deployed System Center and Forefront products. More than a dozen previously undetected malware infections have been found and eliminated by Forefront Client Security, and ISA Server has eliminated all Internet connectivity issues. Forefront Security for Exchange Server is catching 4,000 spam e-mail messages per day, helping employees focus on the company’s business instead of dealing with overflowing e-mail inboxes.
Wilson and his sole IT administrator are also more productive. Thanks to the company’s newly simplified IT environment and IT management processes, the time that Wilson spends configuring PCs, checking on the status of various systems, and troubleshooting problems has decreased significantly. And the number of trips he makes to the server room has decreased from at least a half-dozen per day to just one or two.
“Thanks to Forefront and System Center, we’re now more in control of our IT environment and spend less time managing it,” says Wilson. “I’m now 15 to 20 percent more productive, with an additional six to eight hours per week to spend on new IT initiatives instead of simply keeping everything up and running. And our other IT administrator is saving four to six hours per week—primarily through the use of Operations Manager to keep a closer eye on activities. With systems now more integrated and automated, we have avoided the need to hire a third IT administrator to accomplish everything that needs to be done.”
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
http://www.microsoft.com/
For more information about Guardian Management LLC, visit the Web site at:
http://www.guardianmanagementllc.com/
For more information about Ascentium, visit the Web site at:
http://www.ascentium.com/
Microsoft Forefront Product Portfolio
The Microsoft® Forefront™ comprehensive line of business security products provides greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Forefront is a comprehensive solution that helps provide protection for the client operating system, application servers, and the network edge.
For more information about the Forefront product portfolio, go to:
www.microsoft.com/forefront
Microsoft System Center
Microsoft® System Center is a family of leading IT management solutions that helps you proactively plan, deploy, manage, and optimize your IT environment. System Center solutions capture and aggregate knowledge about your infrastructure, policies, processes, and best practices so your IT staff can build manageable systems and automate operations in order to reduce costs, improve application availability, and enhance service delivery.
For more information about the System Center family of solutions, go to:
www.microsoft.com/systemcenter
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published May 2007
