Microsoft updates Forefront with access and Web security

Microsoft Corp. has added new features to existing offerings that address security and access challenges to worker mobility and social networking for business.

The Redmond, Wash.-based software vendor announced enhanced offerings Forefront Threat Management Gateway 2010 (TMG) and Forefront Unified Access Gateway 2010 (UAG) to its Business Ready Security Strategy. The strategy aims to help customers protecting assets and infrastructure amid shrinking budgets and regulatory compliance.

A new URL filtering feature in Forefront Threat Management Gateway 2010 is particularly noteworthy because it “really helps companies provide safe employee Web browsing,” said Jeff Ewin, product manager for security and management with Mississauga, Ont.-based Microsoft Canada Co.

When a user types in a URL, that URL goes through the Threat Management Gateway server to the Microsoft reputation services database to be checked against the 43 million listed domains. Depending on security policies set by IT administrators, users can be blocked access to the site.

Forefront Threat Management Gateway has enhancements to other areas like e-mail protection.

The primary feature in Forefront Unified Access Gateway 2010 (UAG), is one that “does away with VPN” and is the ability to more directly remotely access a PC on the corporate network for Windows 7 environments, said Ewin. The new feature, DirectAccess, responds to the mobile worker’s desire to connect to the corporate network from all manner of machines, whether its home PCs or mobile devices, he said.

“It actually removes location from the equation and works on the identity,” said Ewin.

But it’s not so much that employees don’t find Virtual Private Network (VPN) useful, said Ewin. Rather, the experience is typically convoluted, entailing the user having to logon through a management console to access the corporate network before accessing an individual PC, he explained. “The new UAG defines how customers do that,” he said.

But Microsoft has nonetheless made “significant investment” in improving the VPN functionality to cater to those customers that won’t be using DirectAccess because they haven’t deployed Windows 7.

Brian Bourne, president of Toronto-based Microsoft partner CMS Consulting Inc., said that although interest in DirectAccess is high among his customers, he doesn’t expect they will cease using VPN. 

“Direct Access is so new that I don’t imagine the whole market is going to run out and deploy Direct Access tomorrow,” said Bourne.

The downside to VPN, said Bourne, is that it doesn’t allowsIT departments to “manage out” such that remote machines can get the updates and patches they require.

Otherwise, said Bourne, “it’s essentially an unmanaged machine floating around wherever the person who owns the machine may be floating.”

As for URL filtering, Bourne said the feature aligns with the fact that malware is more often today delivered over the Web than it is in inboxes. “Enterprises have issues with how to stop the malware coming in the network when people are browsing the Web,” he said.

Social networking in the context of business injects added complexity because services like tinyURL and make Twittering short messages easier, but doesn’t help with security, said Bourne.

“When you click on a shortened URL, you don’t know just where it’s going to take you,” he said.

Forefront Threat Management Gateway 2010 was made available on Tuesday this week. Forefront Unified Access Gateway 2010 will be released to manufacturing mid-December.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now