With Microsoft Forefront Client Security, Windows administrators will have another choice for malware protection for business desktops, laptops, and servers. This single, agent-based, anti-malware solution will help address a broad array of threats, ranging from viruses and worms to spyware and other emerging attacks.
What sets Forefront Client Security apart from other stand-alone offerings is its ability to easily integrate with existing Microsoft Windows infrastructure and provide critical visibility into threats and vulnerabilities through a unified console. It complements the platform security advancements in Windows Vista and the end-to-end network layer protection provided by Server and Domain Isolation.
Learn More
Read the datasheets
Watch the Webcast
Among the long list of new and updated security features of Windows Vista are Windows Firewall with Advanced Security, User Account Control, Internet Explorer 7, and the enhanced Security Center. Together with Forefront Client Security, the Windows Firewall with Advanced Security helps limit unwanted network communications, and these policies are centrally manageable from Active Directory using Group Policy. To help keep users informed of their current security state, Window Vista includes an updated Security Center to monitor the status of anti-malware protection installed on the client, the Windows Firewall, and automatic updates. It alerts the user when any of these fundamental security controls are either switched off (perhaps by a piece of malicious code) or become out-of-date, so that they can take corrective actions to return the client back to a more secure state.
The last component of this solution is Server and Domain Isolation, which adds the ability to enforce end-point authentication, enabling Windows administrators to dynamically segment their networks based on policy instead of physical topology. Through Group Policy settings, managed clients are logically isolated from unmanaged or rogue devices. Server and Domain Isolation also helps minimize the risk of network-borne attacks by reducing the attack surface area, verifying the integrity of network packets for virtually tamperproof transmissions, and protecting sensitive data with optional “on-the-wire” encryption. These benefits are especially important for networks that also play host to devices belonging to guest workers or visiting partners.
Integration and Deployment
At the heart of this integration is Active Directory, already a core infrastructural component in the vast majority of Windows environments. Active Directory enables administrative simplification by centralizing the policy management of all of these security layers. Forefront Client Security helps reduce administrative overhead through the creation of a single policy to manage all aspects of client security events and alerts. This single policy can be deployed through Active Directory, using the same rich client-targeting functionality already used for Group Policy management. Signature updates are also easily and rapidly delivered to clients through the use of an existing software distribution solution, like Windows Server Update Services (WSUS). Each of the three security controls complements the defenses of the others in the true spirit of a defense-in-depth security strategy. Another benefit is the ability to incrementally implement each solution without having to deploy separate management infrastructures. For example, administrators can start evaluating and implementing Server and Domain Isolation today (on Windows XP and Windows Server 2003), and then deploy Forefront Client Security on their existing Windows XP hosts and roll-out Windows Vista as part of the organization’s client hardware refresh cycle (with Forefront Client Security as part of the standard desktop image). In addition, as these hosts join the Active Directory domain, they will automatically receive the policy settings for all three components, resulting in reduced deployment complexity.
