Microsoft Forefront Client Security: The next step in protecting businesses

Forefront Client Security, the latest addition to the Microsoft Forefront family, delivers unified protection from viruses, spyware, and other threats

Contact Us Contact a Microsoft Representative Your satisfaction Matters!Let us know your thoughts about your Microsoft experience. Home Products Microsoft Dynamics Microsoft Dynamics AX Microsoft Dynamics CRM Microsoft Dynamics GP Microsoft Dynamics NAV Microsoft Dynamics SL Microsoft Office Microsoft Office Professional Plus 2007 Microsoft Office Enterprise 2007 Microsoft Office Small Business 2007 Microsoft Project Microsoft Visio Windows Phone Windows Server Windows Essential Business Server Windows Server 2008 Microsoft SQL 2008 Microsoft Exchange Server 2007 Microsoft Forefront Microsoft System Center Essentials 2007 Microsoft Exchange Hosted Services Microsoft Office PerformancePoint Server 2007 Windows 7 Windows 7 Professional Windows 7 Enterprise Windows Vista Online Services How to Buy How to Buy: Overview Licensing Licensing Options More On Licensing Financing Software Management Software Asset Management (SAM) Support Information for IT Professionals Learning and Training Tools Microsoft Support Services Self-support & Assisted Support Industries Overview Professional Services Financial Services Manufacturing Government Retail Resources Business Resource Center Member Services IT Managers Business Leaders Security Business Goals Security Develop Relationships Drive Innovation Improve Operations Build Connections Regional Sales Teams East Region West Region Central Region Events and Webcasts Newsletter Worldwide Related Links • Microsoft Forefront Client Security • Microsoft Forefront Server Security • Microsoft Forefront Edge Security and Access

Viruses, spyware, and other threats remain a formidable challenge for IT professionals charged with protecting desktops, laptops, and server operating systems. Though virtually every U.S. business (97 percent) had antivirus and firewall protection in 2006, almost 7 in 10 companies experienced virus infections, according to the 2006 annual survey of computer crime by the Computer Security Institute and the U.S. Federal Bureau of Investigation.

These threats can have a major, visible impact on employees and their productivity, so it's critical for businesses to incorporate client security solutions as part of an overall defense-in-depth approach across the corporate network.

In July, Microsoft released the latest member of its Microsoft Forefront security product line, Forefront Client Security. It joins the rest of the products in the Forefront line—Microsoft Forefront Security for Exchange Server 2007, Microsoft Forefront Security for SharePoint, Microsoft Internet Security and Acceleration Server 2006, and the Intelligent Application Gateway 2007—to create a complete client-to-edge suite of security solutions.

Read on for details about Forefront Client Security's capabilities and how it integrates with the rest of the tools in the product line, as well as what you can expect next from Microsoft in terms of integrated security capabilities.

The midsize company's IT challenge

Like Microsoft Security Center Essentials 2007, also released in July, Forefront Client Security is designed to help the understaffed IT department. "[IT professionals] at midsize companies need to accomplish key security tasks with a minimal amount of effort," says Brendon Foley, group product manager for Forefront Client Security. "Our goal was to create a product that simplified administration for clients, but would also integrate easily with the existing environment."

Ryan McGee, senior product manager for Forefront, adds that he frequently hears customers express concern not just about security but auditing. "They think they're protected, but they don't have great visibility into how protected they are," he says.

To those ends, Forefront Client Security includes security agents, installed on business desktops, laptops, and server operating systems, that provide real-time protection against threats. The application includes a central management system that lets IT staffers easily manage and update the security agents and view reports on both threats and vulnerabilities that affect their environment. IT administrators can configure the protection technologies in the security agent by applying a single policy to multiple devices. Forefront Client Security also delivers a dashboard view, so that administrators know where action is required.

It's important to consider how your security tools integrate with other administrative applications. "For instance, some antivirus vendors, rather than relying on tools that already exist within the infrastructure, provide customers with separate tools to install new patches," McGee explains. "To us, that's just one more thing to learn, maintain, and manage." Forefront Client Security is optimized for Microsoft Active Directory Group Policy for configuring security agents and for Windows Server Update Services (WSUS) for distributing definition updates. Alternatively, administrators can choose to use other software distribution systems for policy, signature, or security agent deployment.

Forefront for server applications and the network edge

Forefront Client Security's myriad capabilities complement other solutions in the Forefront line. Having strong security within server applications and at the edge of the network means that it's less likely that malware will make it all the way to the desktop. Both Microsoft Forefront Security for Exchange Server and Microsoft Forefront Security for SharePoint help businesses protect users of Exchange and Office SharePoint from viruses, worms, spam, and inappropriate content.

Forefront Security for Exchange Server, released with Exchange Server 2007, includes multiple scan engines from industry-leading security firms, including Microsoft's own antivirus scan engine. "Businesses can run up to five scan engines at once, and in different combinations across the server system," says Foley. Through integration with Exchange Server, Forefront Security for Exchange also helps optimize server performance, he adds.

Similarly, Microsoft Forefront Security for SharePoint, released with Microsoft Office SharePoint Server 2007, integrates multiple scan engines to help ensure documents are safe before they are saved to or retrieved from the Office SharePoint document library. In addition, it can scan documents for company-sensitive information, profanity, or other administrator-defined content policies.

Included in the Forefront family are two other tools that guard the so-called "edge" of the network. Internet Security and Acceleration (ISA) Server 2006 helps protect your network from internal or external Web-based threats and provides remote users with secure access to data. It also helps IT departments reduce network costs by leveraging existing network connections between branch offices to offer high-speed access.

Intelligent Application Gateway 2007 offers secure remote access for applications (as opposed to the Web traffic that ISA Server tackles) that need even higher levels of protection, incorporating secure sockets layer (SSL)-based technology. It blocks malicious traffic and attacks at the edge of the network to protect the application infrastructure, and incorporates comprehensive policy enforcement for companies with heavy legal and business requirements for sensitive data.

In the future

Going forward, Microsoft is working on ways to make security management even more integrated and simpler. In June, the company announced a unified product—Microsoft Forefront codename "Stirling"—designed to provide comprehensive protection across client server applications and the network edge, and to do so from a single management console. With this new product, IT managers will be able to centrally set policy, configure, deploy, and manage security for all systems.

The "Stirling" product, scheduled for limited beta release in late 2007, will include the next-generation versions of Forefront Client Security, Forefront Server Security, and Forefront Edge Security and Access solutions, plus the unified management console. It represents Microsoft's continuing efforts to offer more capabilities without increasing the applications required to do so.

Silicon Valley-based freelancer Howard Baldwin writes regularly for the Microsoft Midsize Business Center. His work has also appeared on AllBusiness.com and in CIO.

Top of page