Forefront Stirling – The possibilities

avatar of davetedavete1

That's right it's Stirling, not Sterling like silver.  I'll cover the background behind the name perhaps in an interview with the product team. 

Forefront is categorized into three categories: Client, Server, and Edge. Currently, the client and server forefront products have two separate management consoles and Edge doesn’t have a management console. In June at TechEd 2007 Orlando, we announced Forefront “Stirling” which will be a central management console for all of our forefront line of products. The first CTP is scheduled to be released sometime by the end of this year.

Ok, so other than a central console, why should I care about it? Thinking about the scenario below will help you realize why it’s much bigger than this…

1) A client downloads a virus which is new and has an unknown signature by browsing the web through their ISA server (scan 1 - missed).

2) The client executes the virus (scan 2 – missed) and then the virus proceeds to attempt to send individual emails to all of their contacts and also tries to replicate itself to other client machines in the network over a specific port.

3) Forefront Exchange notices this behavior (scan 3 – detected), immediately sends alerts to the IT staff via a pager/email/etc, automatically prohibits this client from sending those pieces of mail, and also takes action to stop this behavior by talking to the forefront client software.

4) Forefront client security detects (scan 4 – successful) the rapid attempt to spread to other machines, sends notifications to IT staff, notifies ISA to not allow this file to be downloaded, and stops the behavior from spreading by stopping it locally and telling the FCS console the file is a virus (if it hasn’t already been stopped by the assistance from Forefront Exchange).

5) Finally, at any point the IT staff can quickly identify where the virus entered the network on the ISA server, see the behavior of the virus, see what machines in the network have been affected, and if necessary quickly tell all clients to block the specific port it is trying to replicate on for all machines in the environment.

Ok... I know it was long, but it gets you to think about the power Stirling could have.

Other cool tidbits about it:

· Integration with SCCM 2007. So not only is it a central security console, it also is a central console for your entire enterprise’s computer management.

· Integration with AD. This might allow you to do cool stuff like roll out custom security policies to machines or users in specific OUs.

· The entire suite of products will be updatable via WSUS.

· Integration with NAP.

· Covers more than just viruses. Anti-malware, Anti-spyware, Anti-spam all included.

Get started:

Unfortunately, there's not much out there publicly yet - but check here for some more info: http://www.microsoft.com/forefront/prodinfo/roadmap/stirling.mspx

Comments (1)

  1. Anonymous says:
    April 26, 2019 at 2:12 pm

    With the launch of the 1 st public beta for Forefront Stirling on April 8 th , I thought it would be

Skip to main content