Making sense of Microsoft Forefront

Microsoft has put together a suite of server security products that may appeal to "Microsoft shops" -- here's what it offers

My first encounter with Microsoft Forefront occurred a few years ago when I was working on creating a solid defense for an Exchange 2007 deployment. We implemented an ISA server and an Edge Transport server inside the network's perimeter. The Edge Transport server is an Exchange server that handles antispam protection but lacks solid antivirus protection. For that, you had to add yet another server: the Forefront server.

Before I knew it, the name "Forefront" was everywhere in Microsoft's documents. I kept waiting for the new version of ISA Server 2010 to come out but didn't see it -- but I did keep hearing more and more about Forefront. When I investigated, I found that Microsoft had been having some name-changing fun: Forefront has become the branding bucket for all of Microsoft's protection, access, and identity security products.

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

So today, Forefront includes a whole set of products; I note their previous names just so that you know where some of your products have gone:

Security iGuide
  • Forefront Identity Manager 2010 (FIM): Formerly known as Identity Lifecycle Manager 2007, this allows users a greater level of control over their identity management through self-service tasks, while also providing IT professionals with better auditing and compliance tools.
  • Forefront Server Security Management Console (FSSMC): This provides a centralized console for managing several other Forefront products such as Forefront Security for Exchange and SharePoint.
  • Forefront Client Security: This is a desktop application that protects against viruses, worms, and Trojan horses, as well as against spyware and rootkit attacks. There are two parts to this product. One is the client installed on the PC; the other is a central management server for IT professionals to manage and update the configuration, as well as to audit and report on the security status of their business.
  • Forefront Protection 2010 for Exchange Server: Formerly called Forefront Security for Exchange, this blocks malware, spam, and out-of-policy content before it reaches your Exchange environment.
  • Forefront Online Protection for Exchange (FOPE): This is a hosted service that provides malware and spam protection; it includes outbound and inbound email checking for viruses, phishing scams, and so forth.
  • Forefront Protection 2010 for SharePoint: This product is very exciting because, with SharePoint taking on a life of its own, you can see the potential for people to upload content that might contain malware, out-of-policy content, and so forth. This product protects against those issues using multiple scanning engines.
1 2 Page 1
Page 1 of 2
How to choose a low-code development platform