Making sense of Microsoft Forefront

My first encounter with Microsoft Forefront occurred a few years ago when I was working on creating a solid defense for an Exchange 2007 deployment. We implemented an ISA server and an Edge Transport server inside the network's perimeter. The Edge Transport server is an Exchange server that handles antispam protection but lacks solid antivirus protection. For that, you had to add yet another server: the Forefront server.

Before I knew it, the name "Forefront" was everywhere in Microsoft's documents. I kept waiting for the new version of ISA Server 2010 to come out but didn't see it - but I did keep hearing more and more about Forefront. When I investigated, I found that Microsoft had been having some name-changing fun: Forefront has become the branding bucket for all of Microsoft's protection, access, and identity security products.

So today, Forefront includes a whole set of products; I note their previous names just so that you know where some of your products have gone:

• Forefront Identity Manager 2010: Formerly known as Identity Lifecycle Manager 2007, this allows users a greater level of control over their identity management through self-service tasks, while also providing IT professionals with better auditing and compliance tools.
• Forefront Server Security Management Console: This provides a centralised console for managing several other Forefront products such as Forefront Security for Exchange and SharePoint.
• Forefront Client Security: This is a desktop application that protects against viruses, worms, and Trojan horses, as well as against spyware and rootkit attacks. There are two parts to this product. One is the client installed on the PC; the other is a central management server for IT professionals to manage and update the configuration, as well as to audit and report on the security status of their business.
• Forefront Protection 2010 for Exchange Server: Formerly called Forefront Security for Exchange, this blocks malware, spam, and out-of-policy content before it reaches your Exchange environment.
• Forefront Online Protection for Exchange: This is a hosted service that provides malware and spam protection; it includes outbound and inbound email checking for viruses, phishing scams, and so forth.
• Forefront Protection 2010 for SharePoint: This product is very exciting because, with SharePoint taking on a life of its own, you can see the potential for people to upload content that might contain malware, out-of-policy content, and so forth. This product protects against those issues using multiple scanning engines.
• Forefront Security for Office Communications Server: This product provide malware and out-of-policy protection within your enterprise for the documents sent from OCS.
• Forefront Threat Management Gateway 2010: Formerly known as Internet Security and Acceleration Server (ISA Server 2006), this is designed to protect your business from Web-based threats. Features include virus and malware scanning, URL filtering, HTTPS inspection, and firewall protection.
• Forefront Unified Access Gateway 2010: The successor to Intelligent Application Gateway IAG 2007, this provides secure remote access through SSL VPN or DirectAccess, with control via access policies and predefined authentication methods.

Now that you have a general overview of the different products available, the logical question is "Why would I go with Forefront over a third-party product?"

It's a good question, but one you need to answer for yourself. Some shops will go with the mantra "we buy Microsoft," believing that Microsoft is best able to protect the products it creates and in an integrated, consistent way. However, that logic assumes you don't have a heterogeneous environment.

If you have a heterogeneous environment and/or don't mind stepping outside the realm of Microsoft products for your security solutions, by all means investigate how Forefront stacks up against other solutions you are interested in. And let us know in the comments what you think.