The refresh to the longstanding Microsoft Internet Security and Acceleration Server, the Forefront Threat Management Gateway 2010, was released today. It finally brings security, primarily in the form or Web filtering, to a product long used as a proxy server by midmarket companies and some larger enterprises.
TMG, which had been released to manufacturers Nov. 18, is a secure Web gateway product that companies can use to secure inbound and outbound traffic and protect employees on the Web.
ISA Server is a ubiquitous presence in the datacenters and server rooms of midmarket companies, and some larger enterprises, but primarily it's been used as a proxy server. Any security features were bolted on from third parties.
"This is a major step up from ISA," said Chenxi Wang, principal analyst with Forrester Research. "This release adds more of the URL filtering and antimalware capabilities that have been missing. This is much more of a security product versus what it has been used for before."
"Customers have been asking Microsoft for security features [in ISA]," Wang said. "A lot of ISA customers in the midmarket are using ISA integrated with third-party URL and antimalware, and don't like it because they have to manage products from different vendors. "
Microsoft has been releasing the Forefront suite of protection, code-named Stirling, in stages. Most recent was the release of Forefront Protection for Exchange last month. Earlier this year, Microsoft released Forefront Online Security for Exchange, a software as a service offering. Still to come in early 2010 is Forefront Protection Manager, Forefront Identity Manager and Forefront Protection for Sharepoint.
Supported on Windows Server 2008 R2 and Windows Server 2008 Service Pack 2, TMG's URL filtering is backed up by Microsoft Reputation Services, which block users from landing on malicious sites and falling prey to drive-by downloads or phishing attempts.
"[Microsoft Reputation Services] is an enormous database in the cloud that we host and manage, capturing 95% of the top 1 million domains and categorizing those across 80 categories," said Joel Sider, senior product manager, Microsoft Windows Server Solutions Group. "We also pull from our own infrastructure (Hotmail and Internet Explorer, for example) and 10 external partners who specialize in reputation services to update the database."
Wang said there are pros and cons to Microsoft using reputation filtering based on third parties. Unlike specialists such as Blue Coat and Websense who do their own Web crawling and URL analysis, Microsoft's reliance on partners could delay updates to customers. However, relying on established partners would cut down on false positives, she said.
"The only in-house information source they would have is Hotmail," Wang said. "If a malicious URL or malware distribution appears in email, Microsoft would see it quickly. If not, it would be difficult to get an update as quickly."
Sider said TMG also addresses zero-day threats with an updated antimalware engine and Network Inspection System (NIS), which is the signature-based portion of the TMG intrusion prevention system.
"TMG puts Microsoft squarely in the content security space," Wang said. "It will be interesting to see how its stands up against the competition and whether it takes market share away."
Microsoft also announced today a new remote access product, Forefront Unified Access Gateway, which will ship to manufacturers Dec. 15, Sider said. UAG enables remote employees and trusted third parties access to applications and resources behind the company firewall. Using UAG, companies can extend access to email and applications such as Microsoft Sharepoint, and do so based on user profiles built and stored in Active Directory or Active Directory Federated Services.
Remote users will get broader support for Microsoft, legacy and third-party applications, remote desktop support and endpoint access controls, including a health check through integration with Microsoft Network Access Protection.