Microsoft rejigs enterprise end point security management
Redmond retires Forefront Protection Manager
Updated Microsoft has decided to drop a standalone anti-malware management product in order to concentrate on server-based security and management software and hosted services.
The management component of Stirling, the already delayed next generation of the Microsoft Forefront Protection Suite for end points (business PC anti-virus), has been dropped. The Forefront team explained that Redmond had made the decision in order to align "security management with systems and application management".
As part of this strategy, Forefront Protection Manager (FPM) will not be released to market. Instead, multi-server management for Forefront Protection 2010 for Exchange Server (FPE) and Forefront Protection 2010 for SharePoint (FPSP) will be delivered through a streamlined solution for messaging and collaboration workloads, both on-premises and in the cloud.
Redmond promised to offer extra management functionality to customers of these enterprise server security products at no extra charge during the second half of this year. This was presumably to build loyalty in the user base before sales people at the likes of CA and Trend Micro attempt to encourage users to defect.
Instead of a stand-alone management product, Forefront Endpoint Protection 2010 will be incorporated as a component of System Center Configuration Manager. "This will allow customers to configure, patch, and protect their desktops and laptops with the same infrastructure, delivering comprehensive security with greater efficiency," the Forefront blog post further explained.
Earlier version of this story incorrectly reported that Microsoft was abandoning the enterprise desktop security market altogether. Not so, as a Microsoft spokesperson explained.
"We are not discontinuing Forefront Endpoint Protection," he told El Reg. "We communicated that we are not shipping Forefront Protection Manager - a planned product to manage Forefront secrity products.
"Instead, we will build on the current Forefront management product to manage Exchange and SharePoint security, and Forefront Endpoint Protection will be built on and managed by System Center Configuration Manager. This approach is better aligned with how customers approach and want security management, per workload." ®
I think you're right.
Based on what I read in a subsequent blog post (http://blogs.technet.com/forefront/archive/2010/04/21/converging-endpoint-security-and-management-it-just-makes-sense.aspx) it sounds like they're just killing Forefront Protection Manager (FPM).
FPM was supposed to be a central management point for all your Forefront products, so you could monitor definition updates and set policies across Forefront on PCs, Exchange, Sharepoint, OCS, etc all from the one console. The blog post that started this article *seems* to be saying that the individual products (including FEP for desktop protection) will continue, but they'll just be managed by a module in SCCM. That's not what the Reg article is saying, but it's what I understand to be the case from the blog posts.
It makes a certain amount of sense too - you don't want to have too many management consoles for your IT staff to flick between. I'm just hoping there's a cut-down version that talks to SCE. We're a small shop and SCCM is too big for us to use day to day, but I don't want to be running SCCM for FPE as well as SCE for all our other management.
FPM out, FCS goes to SCCM, FPE and FPSP stay with FFSMC.
"Stripped of the marketing speak the move means that Redmond has decided to work together with its channel partners to sell server-based security products rather than trying to go head-to-head with the likes of Symantec and McAfee in the enterprise desktop security market, where it hasn't made much inroads."
Er, is that definitely what it means? Surely what they're saying is that the management of the Forefront AV client will now be done through SCCM (where it belongs) rather than a stand-alone manager, while Forefront for Exchange and Forefront for Sharepoint will still use a separate management console. They're not abandoning the desktop security market though - just changing where the management is done.
Of course I could have got that wrong - the Forefront range has to be the most confusing jumble of acronyms and badly named products ever to grace the world of IT, but the original blog post is here: http://blogs.technet.com/forefront/.