Microsoft Unwraps Security Platform

Now that Microsoft's revealed its plans for a next-generation integrated security management platform, the heat is on. (See Microsoft Adds Next-Gen Forefront Roadmap.)

By developing a single, unified management platform -- code-named "Stirling" -- for security from the server to the endpoint and the edge, Microsoft has made what may be its most aggressive security play yet, security experts say of the software giant's announcement at its TechEd 2007 conference yesterday.

Stirling initially will work only with Microsoft's Forefront products, but it eventually will expand to include the integration and interoperability with third-party security vendors' products, says Paul Bryan, a director of security and access product management for Microsoft.

"This is focused on security management, with comprehensive, coordinated protection across individual machines in the enterprise environment, as well as server applications and the network," Bryan says. The management console will let IT managers set policies and configure and deploy security across the network and endpoints. It will encompass next-generation versions of Forefront Client Security, Server Security, and Edge Security and Access, as well as the management console.

Microsoft really had no choice but to take such a bold step given the rate at which researchers and hackers are hammering away at its software, says Rob Enderle, principal analyst with The Enderle Group. "This is a forced march by Microsoft," he says. "They never intended to move into the security industry so aggressively, but they now see the industry as one at cross purposes to their goals in that to succeed, the industry has to drill holes in Microsoft’s products so that it can show value either identifying the holes or mitigating them."

Enderle says Microsoft is "taking security back" by preventing security holes rather than letting the industry continue its focus on breaking its products.

Still, Stirling won't be available for a few months: Microsoft plans for limited beta distribution by year's end. The company yesterday also released the beta 2 release of its Web-based Forefront Server Security Management Console.

Some Microsoft customers, meanwhile, are still uncomfortable with Microsoft's ability to provide users with both their enterprise applications and security protection, including William Bell, director of security for CWIE's security department. Bell says he'll evaluate Forefront Security once it's proven to be an enterprise-class product.

But Bell admits he's on the fence: He worries that security information management (SIM) and unified threat management (UTM) so far have been hampered by multiple vendors going their own way. "I am worried that the diversity of the security industry is holding back convergence efforts such as SIM/UTM," he says. "I think that Microsoft has taken a giant step towards gaining my confidence by announcing the addition of centralized management/reporting/configuration tools. I feel that some companies may steer clear of Microsoft for this specific product based solely on previous bias they have formed. This is obviously a huge mistake, and a bad business decision, that I feel people will make anyways."

Stirling will let the various security tools communicate with one another to protect against threats, says Steve Brown, a Microsoft director of security and access product management.

By unifying its security tools with Stirling, Microsoft is "channeling" IBM, says Enderle Group's Rob Enderle. "IBM traditionally owned security for their offerings and they could integrate that security solution into the other solutions they had to ensure SLAs were maintained and disruption was minimized," he says. "Microsoft is now showcasing a similar strength, by approaching the problems comprehensively and pushing for their integration into Microsoft's overall ecosystem."

The question is whether enterprises will follow the IBM old adage with "no one ever got fired for buying" Microsoft. "The 'play it safe' from an employment perspective buyer will now bounce between Microsoft, CA, Symantec, McAfee, and Trend Micro," says Randy Abrams, director of technical education for Eset, and the former operations manager for Microsoft's Global Infrastructure Alliance for Internet Safety. "All of these players have enterprise management tools and enough name recognition to qualify for safe purchasing under the 'buy IBM' mandate."

This will help Microsoft's cause, for sure. "All of this churn in the AV industry will work to Microsoft's benefit for at least the next two years," Abrams says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading