Microsoft Solutions

Security Solutions

Web-based threats compromise business security and can cost your customers millions of dollars. Security Solutions help your organization directly address this top budget priority. Showcase your capabilities as a trusted security advisor and win new business.

Microsoft identity and security products and tools that can help you assess, protect, and manage your business security infrastructures. With the constant threat of viruses, worms, spam, and other malware, finding advanced security solutions that integrate with existing infrastructures is a top-of-mind consideration for your customers. They’re looking for solutions that are simple to set up and administer. And, most important, help guard their systems against attack. Make the most of this demand with Microsoft Forefront business security products. Strengthen your security offerings by leveraging Forefront technology.

• Identity and Secure Access
  • Identity and Secure Access Product Suite
  • Windows Rights Management Services
  • Microsoft Identity Lifecycle Manager 2007
  • Windows Server Active Directory
  • Active Directory Federation Services
  • Active Directory Certificate Services
• Infrastructure Security
  • Forefront Code Name “Stirling”
  • Microsoft Forefront Security Suite
  • Forefront Client Security
  • Forefront Security for Exchange Server
  • Forefront Security for SharePoint
  • Forefront Security for Office Communication Server
  • Microsoft Internet Security and Acceleration Server 2006
  • Microsoft Intelligent Application Gateway 2007
  • Antigen Security Solutions
  • Network Access Protection

Identity and Secure Access

Identity and Secure Access Product Suite

Enterprise customers have many identities and access privileges to manage, but they are also concerned about protection and secure access. Help them meet these business challenges with Microsoft Identity and Access (IDA) solutions, a comprehensive set of integrated offerings designed to help companies manage user identities and associated access privileges, with a focus on security and ease of use.

IDA solutions can help your customers improve operational efficiency, boost compliance, heighten security, and enable business success. And when you help your customers address these key concerns.

Windows Rights Management Services

Microsoft Windows Rights Management Services (RMS) for Windows Server 2003 is information protection technology that works with RMS-enabled applications to help safeguard digital information from unauthorized use —both online and offline, inside and outside of the firewall.

RMS augments an organization's security strategy by protecting information through persistent usage policies, which remain with the information, no matter where it goes. Organizations can use RMS to help prevent sensitive information—such as financial reports, product specifications, customer data, and confidential e-mail messages—from intentionally or accidentally getting into the wrong hands.

For information about other Windows Server technologies and services, see the complete list of Windows Server 2003 Technology Centers.

Microsoft Identity Lifecycle Manager 2007

Identity Lifecycle Manager (ILM) 2007 Feature Pack 1 (FP1) enables IT organizations to reduce the cost of managing the identity and access life cycle by providing a single view of a user's identity across the heterogeneous enterprise and through the automation of common tasks. ILM 2007 FP1 builds on the metadirectory and user provisioning capabilities in Microsoft Identity Integration Server (MIIS) 2003 and adds new capabilities for managing strong credentials such as smartcards, providing an integrated approach that pulls together metadirectory, certificate and password management, and user provisioning across Windows® and other enterprise systems.

ILM 2007 FP1 simplifies the process of matching and managing identity records from disparate data repositories, and prevents anomalies, such as active records for employees who have left the organization. ILM 2007 FP1 provides IT with a policy framework to control and track the identity and access data that helps manage compliance. It also includes self-help tools for end users, enabling IT to improve efficiency by securely delegating many tasks to end users. Another key feature of ILM 2007 FP1 is that it includes a Windows-based certificate management solution that integrates with the Windows Server 2003 operating system and Active Directory® to provide a turnkey solution for managing the end-to-end life cycle of smart cards and digital certificates for the Windows Server 2003 Certificate Authority.

Synchronize Identity Information. Organizations that have many different directories and other data repositories such as a Human Resources (HR) data repository, mainframe systems, or databases, can use ILM 2007 FP1 to synchronize user accounts and attributes in all of those systems, including synchronization of passwords. Directory synchronization saves time and money that is currently spent on keeping data consistent and enforcing data ownership rules.

Provision and Deprovision Users. In many organizations, information about new employees is entered in a HR database first. Then, the IT department creates user accounts, mailboxes, and other identity information in different database systems. ILM 2007 FP1 automatically creates these user accounts, mailboxes, and other identity information in target systems in real-time so new employees are productive immediately, and also ensures that corporate resource access is instantly revoked for employees who leave the organization.

Manage Certificates and Smart Cards. ILM 2007 FP1 includes a workflow and policy based solution that enables organizations to easily manage the life cycle of digital certificates and smart cards. ILM 2007 FP1 leverages Active Directory Directory Services and Active Directory Certificate Services to provision digital certificates and smart cards, with automated workflow to manage the entire life cycle of certificate-based credentials. ILM 2007 FP1 significantly lowers the costs associated with digital certificates and smart cards by enabling organizations to more efficiently deploy, manage, and maintain a certificate-based infrastructure. It also streamlines the provisioning, configuration, and management of digital certificates and smart cards, while increasing security through strong, multifactor authentication technology.

How Identity Lifecycle Manager 2007 FP1 Works

ILM 2007 FP1 has two central components, one that includes metadirectory and user provisioning capabilities and another for certificate and smart card management.

Identity Synchronization and User Provisioning

The identity synchronization and user provisioning component of ILM 2007 FP1 manages identity information across multiple stores by aggregating this information in a central repository called the metaverse. Management agents serve as connectors that translate data from these connected stores to the metaverse. For example, the e-mail system can be linked to its HR database through the metaverse. When an employee joining the organization is added to the HR database, ILM 2007 FP1 can automatically provision that employee to the e-mail system. Each employee's attributes, from the e-mail system and the HR database, are imported into the connector space through management agents.

The e-mail system can then use individual attributes, from the employee entry that originated in the HR database, such as the employee telephone number. If an employee's telephone number changes in the HR database, the new number will automatically be propagated to the e-mail system.

Certificate and Smart Card Management

ILM 2007 FP1 also provides sophisticated credential management features to Windows Server 2003 Certificate Authorities (CA) by acting as an administrative proxy. Once installed within an organization, all digital certificate and smartcard management functions pass through ILM 2007 FP1. The certificate management solution in ILM 2007 FP1 consists of three components:

1. Server component: Provides a Web interface and is the focal point of administrative functions.
2. Certificate Authority plug-in: Communicates with the server, controls the behavior of the CA(s), and provide rich logging and auditing in a central location.
3. Client-side components:
   • Smartcard Self Service Control, which provides certificate management capabilities.
   • Smartcard Personalization Control, which provides Java card management.
   • Bulk Smartcard Issuance Tool, which is an application for centralized large scale smart card deployment scenarios.

Active Directory Federation Services

Federated Identity

Microsoft Active Directory Federation Services (ADFS) provides the interoperability required to simplify the broad, federated sharing of digital identities and policies across organizational boundaries. Seamless yet secure, customers, partners, suppliers, and mobile employees can all securely gain access to the information they need, when they need it.

Business Needs ?

• Improve collaboration and operational efficiency by building secure and efficient connections with other organizations
• Retain control over corporate data, while allowing trusted entities access to business information
• Express, communicate, and share business policies with other trusted organizations

Benefits ?

• Boost cross-organizational efficiency and collaboration with secure data access across companies
• Improve operational efficiency with streamlined federation systems and simplified management of IDs and passwords
•  Boost visibility into cross-boundary processes with transparent, auditable information rights and roles
•  Improve security with ADFS claim mapping, SAML tokens, and Kerberos authentication
• Reduce costs by taking advantage of existing investments in Active Directory and security
• • Eliminate the complexity of managing federation by using Active Directory as the main identity repository

Active Directory Certificate Services

Windows Certificate Services (CS) provides an integrated public key infrastructure that enables the secure exchange of information. With strong security and easy administration across the Internet, extranets, intranets, and applications, CS provides customizable services for issuing and managing the certificates used in software security systems employing public key technologies.

Business Needs

• Move beyond traditional username and password combinations for more robust security
• Find solutions that are effective, easy to manage, and simple to deploy

Benefits

• Increase access security with better security than username and password solutions and the ability to verify the validity of certificates using the Online Certificate Status Protocol (OCSP)
• Reduce cost of ownership by taking advantage of Active Directory integration for enrollment, store, and revocation processes
• Simplify certificate management using a single information store that comes from full integration with Microsoft Management Console
• Streamline deployment by enrolling user and computer certificates without user intervention

1. Client retrieves certificate policy from Active Directory.
2. Client submits certificate request to Certificate Server based on policy.
3. Certificate Server retrieves user information from Active Directory.
4. Certificate Server returns signed digital certificate to the client.

Infrastructure Security

Forefront Code Name "Stirling"

Your customers want an easy-to-manage security solution that responds to evolving threats and integrates with their existing IT investments. Prepare to meet that demand —and grow your business —with a new offering from Microsoft. Microsoft Forefront codename "Stirling" can offer an integrated security system that helps deliver comprehensive, coordinated protection, simplified management, and critical visibility to create significant new revenue opportunities for you.

Microsoft Forefront Security Suite

Microsoft Forefront Security Suite helps you meet customer demand for comprehensive IT-infrastructure security on Microsoft Windows-based client desktops and laptops, servers, and messaging and collaboration platforms. By combining on- and off-premise security technologies, Forefront Security Suite provides the comprehensive, integrated, simplified IT-infrastructure protection your customers require. And that can help boost profitability for your business.

Forefront Client Security

Organizations need to protect their PCs and servers from viruses and spyware. Yet many protection-software suites are difficult to use and integrate into existing IT infrastructures, making it challenging to identify threats and vulnerabilities.

In contrast, Microsoft Forefront Client Security offers unified protection, simplified administration, and critical visibility and control—adding up to a significant opportunity for you. Earn a share of the rapidly expanding IT security market—expected to more than double by 2011 to reach US $71.8 billion.*

Use the resources and tools on this page to help you become more knowledgeable, discover new revenue streams, and grow your business by offering services to support your customers.

Forefront Security for Exchange Server

Protecting Microsoft Exchange Server messaging environments against viruses, worms, and spam is critical to your customers' business success. Deliver the protection they need with Microsoft Forefront Security for Exchange Server. It integrates multiple scan engines from industry-leading vendors to provide comprehensive protection, optimized server performance, and simplified management. And it enables you to increase revenue by developing and delivering security solutions for Microsoft Exchange Server 2007 and Exchange Server 2003 messaging and collaboration environments.

Forefront Security for SharePoint

Protecting collaboration environments against viruses and inappropriate content is critical to your customers’ business success. Deliver the protection they need with Microsoft Forefront Security for SharePoint. It integrates multiple scan engines from industry-leading vendors to provide comprehensive protection, optimized server performance, and simplified management. And it enables you to increase revenue by developing security solutions for collaboration environments, including Microsoft Office SharePoint Server 2007, SharePoint Portal Server 2003, and Windows SharePoint Services 3.0 and 2.0.

Forefront Security for Office Communication Server

Keeping networks and data secure is a key preoccupation for most companies. Internet threats, malware, and competitive information leaks are transmitted via instant messaging (IM) systems —creating significant vulnerabilities. Earn higher revenues by delivering integrated IM protection with Microsoft Forefront Security for Office Communications Server.

Microsoft Internet Security and Acceleration Server 2006

Demand for network and access security offerings has never been higher. Microsoft Internet Security and Acceleration (ISA) Server 2006 help your organization protects their IT environments from Internet-based threats, while providing fast and secure remote access to applications and data.

Part of the Microsoft Forefront Edge Security and Access family of products, ISA Server 2006 is an integrated gateway server application available in both Standard and Enterprise editions. It helps your IT department provides employees and partners with secure and appropriate access to applications, documents, and data from virtually any PC or device. Securely connect remote workers and branch offices to corporate headquarters. Minimize—or even eliminate—potential damage from malware and attackers. Or simply use limited bandwidth more efficiently. Regardless of the business need, ISA Server 2006 makes it easier for you to provide security for corporate applications accessed over the Internet.

Microsoft Intelligent Application Gateway 2007

Help customer safely access business resources from virtually anywhere, so they can maintain productivity while protecting their infrastructures and data. Microsoft Intelligent Application Gateway (IAG) 2007 is a comprehensive remote-access gateway that facilitates Secure Sockets Layer (SSL)-based application access with endpoint security management. The platform provides a single, cost-effective means to deliver applications and business information to people in almost any location.

How Does IAG 2007 Work? One of the Microsoft Forefront edge security and access products, IAG works by consolidating multiple technologies to provide a centralized entry point for remote access. At its foundation is an SSL virtual private network (VPN) that facilitates connectivity for almost any protocol, a firewall to help ensure application security and intelligent access, and an endpoint detection mechanism to enhance overall system security. Together, these features enable customers to publish applications —regardless of whether they are native to the Web —that can be securely accessed from practically anywhere.

Antigen Security Solutions

For customers with Microsoft Exchange Server 2003, Exchange Server 2000, SharePoint Portal Server 2003, or Live Communications Server 2005 environments, supported Microsoft Antigen products provide a multilayered security solution, helping to stop threats before they affect businesses and users. Antigen software integrates antivirus, anti-spam, content filtering, and management technologies seamlessly with the servers they protect to help maintain infrastructure reliability and performance.

It protects your messaging and collaboration servers from viruses, worms, spam, and inappropriate content through comprehensive security solutions that work with Microsoft messaging and collaboration platforms.

Learn more  about Microsoft Antigen and register to download free trials of Antigen email and collaboration server security products.

Network Access Protection

When you protect access to your customers’ networks, you help close the loop on network security. While gateway devices check for viruses and other malware, Network Access Protection (NAP) from Microsoft analyzes the security status of every device that attempts to connect to a network. Show your customers how to approach network security comprehensively. With built-in Network Access Protection.

What is Network Access Protection?

Built into Windows Server 2008 and Windows Vista, Network Access Protection evaluates and responds to the security state of any computer or device attempting to connect to your network. It works with a host of Microsoft products such as Microsoft Forefront Client Security and Microsoft System Center . It also integrates with third-party networking and security products —offering you more opportunities to provide services to your customers and build revenue. Network Access Protection enables customized end-point security policies to validate computer health before allowing network access or communication. The platform automatically updates compliant computers to ensure ongoing health. And you can set it to quarantine questionable computers to a restricted network until they become compliant.

Network Access Protection complements gateway security —which typically includes malware protection, intrusion detection, and content filtering —to provide complete network access control capabilities.