Microsoft Releases Forefront Endpoint Protection 2010 Beta

• By Herb Torrens
• 07/26/10

Microsoft has released a beta of its latest client protection software for enterprises.

Forefront Endpoint Protection 2010 (FEP 2010) is the successor product to Microsoft Forefront Client Security, designed to provide antimalware protection to client devices in organizations, such as PCs and laptops. Microsoft added a new antivirus engine in FEP 2010, along with behavioral threat detection, Windows firewall detection and a dynamic updates capability, according to the company's announcement Tuesday.

The product runs on Windows 7 and is compatible with Vista and XP. Microsoft said it expects to release FEP 2010 to market in "in the second half of 2010," according to a Microsoft blog.

Like its predecessor, FEP 2010 has capabilities built on System Center Configuration Manager 2007 R2, according to Don Retallack, research vice president for systems management and security at Directions on Microsoft.

"This is really an incremental step for Microsoft in terms of security strategy," Retallack said in a telephone interview. "It is built on an engine (System Center Configuration Manager) that's been around for years, and for enterprise customers who already have System Center Configuration Manager, this next generation of Forefront security should allow them to consolidate their IT footprint on both the equipment and personnel fronts."

This new release is setting the stage for the Windows 2010 security landscape, and may also reflect a revised viewpoint from Microsoft on who should do what regarding IT security, Retallack said. According to Microsoft, FEP 2010 will triage security to IT personnel that manage desktops, freeing up IT security management to focus on policy issues rather than day-to-day security.

"What we are doing [with FEP 2010] is providing the desktop admin the tools to do his job properly," said Bill Jensen, senior product planner for Microsoft in a video presentation at Tech-Ed. "The desktop, or workload, admin can see what's going on with the malware and remove the malware."

Jensen said a side benefit is that enterprises can eliminate infrastructure because one group of servers can manage both desktop management and endpoint security, which he said cuts down on operational expenses.

Administrators can manage the Windows firewall on individual machines directly from the group policy or configuration interface. This centralized approach helps ensure that the firewall is active at all endpoints, according to Microsoft.

The new behavioral threat detection feature in FEP 2010 runs incoming executables in a virtual environment using an emulation technology. This feature protects against unknown or "zero day" attacks by running the executable in a safe environment before it is allowed to run on a machine.

"[FEP 2010] appears to be a good choice for enterprise businesses that have System Center Configuration Manager," Retallack said. "For those who don't, there will be an added expense if they want to implement FEP."

FEP 2010 is one of a trio of products designed for client security protection, Retallack explained. Microsoft Security Essentials is for home users, while FEP 2010 is for enterprise deployments. Windows Intune, scheduled for release later this year, is an online service hosted by Microsoft for small to medium-size organizations.

Microsoft is developing a unified suite of Forefront security products, code-named "Stirling," which are expected to be called "Microsoft Forefront Protection," according to veteran Microsoft watcher Mary-Jo Foley in her June "CodeTracker" document. Parts of that suite are expected to be released "from late 2009 to early 2010," according to the document.

"They were going to have a new security offering called Stirling, but we haven't heard anything about that in a while," Retallack said.

According to a Microsoft FAQ, the Microsoft Forefront Protection Suite includes "Microsoft Forefront Client Security, Microsoft Forefront Protection 2010 for Exchange Server, Microsoft Forefront Protection 2010 for SharePoint, Microsoft Forefront Security for Office Communications Server and Microsoft Forefront Online Protection for Exchange."

The beta of FEP 2010 is available to the general public and can be downloaded here.