The Ministry of Education is responsible for all primary and secondary schools in Egypt. Previously, third-party security products from multiple vendors protected the Ministry’s IT environment. However, the Ministry wanted a new solution that
would integrate well with other core infrastructure software while providing high performance and strong technical support. The Ministry worked with Global Brands—a Microsoft® Gold Certified Partner—to deploy Microsoft Forefront™ enterprise-ready security
products. The new solution offers centralized management, integration with existing IT infrastructure, and comprehensive protection against viruses, spyware, spam, and other threats. The Forefront solution’s performance on client computers is three times faster
than the previous software, and its multiple scanning engines provide better protection and more uptime for the Ministry’s e-mail servers.
Based in Cairo, the Egyptian Ministry of Education oversees nearly 40,000 elementary and secondary schools (the equivalent of K–12 in the United States), representing more than 16 million students. Nearly three-fourths of the Ministry’s 1.2 million employees
are teachers. The organization strongly promotes computer literacy and continually seeks ways to implement IT solutions as a means of improving the country’s educational system.
||Compared with our third-party solution, Forefront Client Security performed three times faster in our benchmark tests…, so we’re increasing security without decreasing computer responsiveness.
| Salah Elewa
Director of Technology Development & Decision Support Center
Egyptian Ministry of Education
Until recently, the Ministry relied on third-party security software from multiple vendors to protect its client and server computers from Internet-based threats. On the server side, the Ministry’s core IT infrastructure is based on the Windows Server® 2003
Enterprise Edition operating system and the Active Directory® service; on the client side, it is based on the Windows® XP and Windows Vista® operating systems.
The Ministry sought a cost-effective, high-performance security solution that would be simple to deploy and manage. The solution also needed to be scalable to protect hundreds of thousands of computers across tens of thousands of locations and easily integrate
into the Ministry’s Windows-based IT environment.
In early 2007, the Ministry of Education chose a comprehensive security solution based on the Microsoft® Forefront™ line of business security products. Evaluating this software was part of a much larger, ongoing project to upgrade overall IT systems and
to move toward a more efficient data center model. The new security solution includes the following components:
- Microsoft Forefront Client Security. Helps protect the Ministry’s personal computers and server operating systems from viruses, spyware, and other current and emerging threats.
- Microsoft Forefront Security for Exchange Server. Includes multiple scan engines that help guard the Ministry’s enterprise messaging environment against viruses, worms, spam, and inappropriate content. It offers protection at multiple checkpoints, including
Edge, Hub Transport, and Mailbox server roles.
- Microsoft Internet Security and Acceleration (ISA) Server 2006. Provides application layer firewalling, virtual private networking for secure remote access, and Web cache functionality in a single, integrated network edge security gateway.
Additionally, as part of the ongoing upgrade project, the Ministry chose software in the Microsoft System Center family of system management products to streamline its IT operations. The Ministry’s Forefront security solution integrates with these products
to further simplify security management:
- Microsoft System Center Configuration Manager 2007. Builds on Windows Server Update Services and Active Directory Domain Services to support software asset management, configuration management, and the deployment of operating systems and applications.
- Microsoft System Center Operations Manager 2007. Helps the Ministry with end-to-end IT service management through comprehensive event tracking, proactive monitoring and alerting, and detailed reporting and trend analysis.
To help evaluate and deploy the Forefront security solution, the Ministry worked with Global Brands—a Microsoft Gold Certified Partner and a leading provider of consulting, technology, and outsourcing services in Egypt.
The Ministry selected Forefront security software for two main reasons. First, the new solution offers comprehensive features that align with the Ministry’s IT needs, including tight integration with other Microsoft infrastructure software, support for centralized
IT management, protection against many different types of online threats, and the use of multiple scanning engines. Second, the Forefront solution performed extremely well in the Ministry’s comparison tests with other vendors’ products. “Forefront Client Security
was easier to install and configure, and it did not slow down computer performance,” says Salah Elewa, Director of Technology Development & Decision Support Center at the Ministry of Education. “It worked very smoothly and did not cause memory or other systems
||Overall, Forefront security software is easy to set up and doesn’t require a lot of overhead to maintain.
| Foad Ismail
Director of Mubarak Education City
Egyptian Ministry of Education
In July 2007, the Ministry deployed the Forefront security software in a pilot project at the Mubarak Academy, one of the largest public schools in Egypt. For three months, the Ministry tested the software under real-world conditions and, based on the positive
results, expanded the pilot to include several administrative offices.
Next, the Ministry moved the solution into production, rolling it out over several months. By July 2008, the deployment encompassed the Ministry’s administrative offices and hundreds of schools, including nearly 33,000 client computers.
Pleased with the performance of the new solution, the Ministry expects to deploy the software to all Ministry and school computers―233,000 in total―by the end of fiscal year 2009.
By deploying the Microsoft Forefront line of business security products, the Egyptian Ministry of Education is simplifying security management and gaining comprehensive, well-integrated protection of its IT systems. The new software offers better performance
and vendor support than the Ministry’s previous solution, and it provides a ready foundation for future IT enhancements.
Efficient Security Management
By tightly integrating its components with one another and with the Ministry’s core infrastructure software, the new Forefront solution helps IT staff manage security more efficiently. For example, Forefront software automatically downloads the latest threat
signatures and distributes them through Windows Server Update Services, saving IT staff five to six hours per week. The Ministry also benefits from the integration of Forefront Client Security with Active Directory Group Policy, which makes it easier to configure
the security agents on client computers. Additional integration between Forefront Security for Exchange Server and System Center Operations Manager 2007 supports the creation of detailed logs that the Ministry uses to monitor system health. “The solution’s
integration into a unified infrastructure is a big part of what makes it simple to manage,” says Foad Ismail, Director of Mubarak Education City at the Ministry of Education. “Overall, Forefront security software is easy to set up and doesn’t require a lot
of overhead to maintain.”
In particular, with the Forefront Client Security Management Console, the IT staff can easily manage protection agents and generate reports and alerts on the state of environment security. The Ministry uses Microsoft SQL Server® 2005 data management software
to support the security solution’s rich reporting functionality. The reports quickly identify which computers need security updates or have incorrect configuration settings, and security alerts notify IT staff when new threats appear. As a result, the Ministry
saves time and minimizes risk by proactively addressing many security issues.
||With multiple scan engines in Forefront Security for Exchange Server, even when one engine is being updated, others continue to scan. As a result, we don’t have e-mail messages queuing up.
| Salah Elewa
Director of Technology Development & Decision Support Center
Egyptian Ministry of Education
“The Forefront solution gives us high visibility into our system,” adds Elewa. “The reports are thorough, and the alerts are particularly easy to configure. These features help us respond quickly and effectively to critical security issues.”
Comprehensive, Layered Protection
Because Forefront security software protects against several types of threats, the Ministry does not have to purchase and support separate antivirus and antispyware solutions. Also, Forefront Security for Exchange Server can run up to five concurrent scan
engines, which reduces the Ministry’s exposure to emerging threats and maintains high protection—even if an engine is offline. Ismail says, “Our previous solution had issues detecting threats. In contrast, we believe that Forefront Security for Exchange Server
is particularly secure due to its multi-engine design—a feature that greatly increases our confidence and distinguishes this solution from the others we looked at.”
The new solution helps guard against not only malicious software but also material that violates administratively defined policies, such as profanity, nonlicensed intellectual property, and large media files. “Because we’re a government agency, the ability
to block sensitive or inappropriate content is very important,” says Ismail. “And the Forefront solution offers us all the filtering techniques we need.”
The new solution offers speedier operation on both client and server computers in the Ministry’s environment. “Compared with our third-party solution, Forefront Client Security performed three times faster in our benchmark tests,” says Elewa. “And with Forefront
Security for Exchange Server, we see great server performance, with about a 15–20 percent increase in processor utilization, even when e-mail volume is high. Now, we can run more scans each day, so we’re increasing security without decreasing computer responsiveness
or user productivity.”
Performance is also improved by not delaying e-mail messages during scan engine maintenance. Elewa adds, “With multiple scan engines in Forefront Security for Exchange Server, even when one engine is being updated, others continue to scan. As a result, we
don’t have e-mail messages queuing up. This is a big advantage over single-engine products, contributing to increased system uptime and helping employees work and communicate more effectively.”
Superior Support and Frequent Updates
The Ministry of Education values the consistent, expert technical support it receives from Microsoft and believes this support is especially important in the context of security. For example, as part of its early testing and research, the Ministry discovered
a computer with a virus that neither its previous third-party product nor Forefront security software had detected. After submitting the virus to the Microsoft Malware Protection Center, the Ministry received a rapid resolution. “Within 8 to 10 hours of reporting
our virus, Microsoft provided an updated signature file for Forefront Client Security that effectively prevented further infection,” says Ismail. “We were very impressed with this fast response and the high-quality support it demonstrated. We opened a case
about this virus with all vendors that we evaluated, and Forefront was proven to be the fastest. It also removed all traces of the infection immediately.”
Strong Foundation for Future Enhancements
Although the Forefront security solution is not yet fully deployed, the Ministry is pleased with the success of the project so far, and Elewa appreciates its ongoing benefits. He says, “We believe the Forefront solution will continue to contribute to easier
security management as we upgrade our systems in the future—for example, to take advantage of Network Access Protection in the Windows Server 2008 operating system. We’re also eager to try out the next generation of security software—Microsoft Forefront code
name ‘Stirling’ —which will give us a consolidated tool for threat management and visibility across our entire organization. With Forefront software, we’re gaining not just increased protection but also a road map of exciting security innovations that we can
look forward to.”
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft
text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
For more information about Global Brands products and services, call 202 333 666 89 (Egypt) or visit the Web site at:
- Global Brands is a Microsoft Gold Certified Partner and a leading provider of consulting, technology, and outsourcing services in Egypt.
For more information about Egyptian Ministry of Education products and services, call 202 279 596 64 or 202 279 598 92 (Egypt) or visit the Web site at:
Microsoft Forefront Product Portfolio
The Microsoft® Forefront™ comprehensive line of business security products provides greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Forefront
is a comprehensive solution that helps provide protection for the client operating system, application servers, and the network edge.
For more information about the Forefront product portfolio, go to:
Founded in 1997, Global Brands provides IT consulting, technology, and outsourcing services to businesses and government agencies. Global Brands worked with the Egyptian Ministry of Education to evaluate and deploy Microsoft® Forefront™ business
security products, which help protect against a wide variety of Internet-based threats.
*Forefront code name “Stirling” is an integrated security system that delivers comprehensive, coordinated protection across endpoints, messaging and collaboration applications, and the network edge that is easier to manage and control.
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published August 2008