Big shift for Microsoft’s Forefront security products: RIP ISA Server

Today Microsoft announced “Important Changes to Forefront Product Roadmaps.” Product roadmap update announcements often aren’t terribly interesting, but oftentimes the bland naming hides the full scope of what’s really happening. Today is no exception.

Microsoft is making a rather dramatic change in its server security offerings, signaling a narrowing and shift in focus and bidding goodbye to nearly all their standalone products, including their oldest server security offering.

Microsoft has announced they’re discontinuing releases for:

  • Forefront Protection 2010 for Exchange Server (FPE)
  • Forefront Protection 2010 for SharePoint (FPSP)
  • Forefront Security for Office Communications Server (FSOCS)
  • Forefront Threat Management Gateway 2010 (TMG)
  • Forefront Threat Management Gateway Web Protection Services (TMG WPS)

But the Forefront server line isn’t disappearing entirely, and this is where it gets interesting. It looks like Microsoft is taking much of Forefront and putting more of it directly into their server offerings and “cloud-izing” it.

The announcement says that Microsoft is going to include (dare we say “bundle”) anti-malware protection in Exchange Server 2013. They note that customers will be able to turn this capability off, replace it, or pair it with other services. This sounds pretty clearly like they’re taking Forefront Protection 2010 for Exchange Server and folding most of it into Exchange Server 2013. To a lesser degree maybe, they’re doing the same with SharePoint and Lync Servers (the successor to Office Communications Server). They say these “will continue to offer the built-in security capabilities that many customers use to protect shared documents.” It’s not clear if they’re going to expand the current built-in security capabilities in those servers with those from Forefront, but it sounds like real a possibility particularly given Microsoft’s tendency to incorporate what it can from dead products into future ones.

The only major product on the server side not really affected by today’s announcement is the Forefront Unified Access Gateway (UAG) 2010, though the post indirectly outlines that a lot of that product’s basic functionality is also present in Windows Server 2012.

The one new product announcement is a new version of Forefront Online Protection for Exchange. This is the cloud version of Forefront Protection for Exchange Server and provides protection for Exchange servers by way of Microsoft’s online services rather than by running software on the local server.

When you take this all together, you’re left with a pretty dramatic shift. Microsoft is getting out of the firewall business entirely, reducing its shrink-wrap server security offerings to just Forefront Unified Access Gateway (UAG) 2010, rolling much of its server security offerings into the products they protect, and transforming Forefront for Exchange into a cloud-only offering that protects Office 365 and Exchange server customers. Lurking behind this all is, I would argue, a very clear focus on security in Exchange. The combination of more integrated security plus cloud services in Exchange mirrors what you see happening with Windows 8.

For those of us in security with a history with Microsoft, this is a bit of a sad day as two products we’ve known for years disappear. One entirely, the other swept into the cloud and the server.

If you’re familiar with Microsoft’s server security offerings you’ll recognize that buried in these products are the old ISA (Internet Security and Acceleration) Server (today known as Forefront Threat Management Gateway 2010) and Sybari Antigen (parts of which are today known as Forefront Protection 2010 for Exchange Server). ISA came out in 2000 and was the successor to Microsoft Proxy Server 2.0 (which I had a certification on). It was Microsoft’s first server security offering and actually came out of the big Internet push after the famous Bill Gates memo in May 1995. Microsoft acquired Sybari ten years later in 2005 as part of its post-Blaster security push.

Both of these were big steps forward into the security world for Microsoft. Their going away or being dispersed like this shows not just how Microsoft is changing but how the world of security is changing with the market consolidating, capabilities becoming ever more a part of products themselves, and the cloud becoming a central feature.

Christopher Budd is a freelance writer and independent consultant in the areas of online security and privacy, social media, incident response and crisis communications. A ten-year veteran of the Microsoft Security Response Center (MSRC), he combines his prior career as an engineer with his communications expertise to help bridge the gap between the technical and communications realms. Follow him on Twitter.

 

  • guest

    So numerous delays over the past year and now kill most of the product, only do it on a day when everyone is focused on Apple? Nice. And will anyone get fired over this? Nope.

  • Raj Singh

    Terrible decision by Microsoft; you are encouraging your customers to go elsewhere….