Microsoft to offer hosted security for Exchange

Updated 5:20 p.m. PDT with more details and comments from Microsoft executive.

Microsoft will begin offering its first hosted security service under the Forefront brand on Thursday, dubbed Forefront Online Security for Exchange and designed to help keep malware and spam out of e-mail in-boxes.

The hosted service, which will cost $20 per user per year or less based on volume licensing, targets enterprise Exchange customers and includes a Web-based console for setting up policies for virus and spam protection, said Doug Leland, general manager of Microsoft's Identity and Security Business Group.

The releases will follow the timeline of Exchange 2010, which entered public beta this week. More hosted security services will be coming but Leland declined to elaborate.

Microsoft also will finally release on Thursday a new, public beta version of its Stirling security suite, which is the next generation of the Forefront software.

The initial beta version of Stirling was released a year ago and was supposed to be refreshed by the end of 2008. It will include client, server, and application security technology and offer a single management console.

Stirling components will come in staggered releases starting later this year with Forefront Security for Exchange and Threat Management and continuing through the first half of 2010, Leland said.

The company also is changing the name of its Identity Lifecycle Manager product to Forefront Identity Manager and plans to offer a new set of technologies, code-named Geneva, for helping corporations improve the security of software and services, Microsoft said.

In addition, Microsoft said it is investing $75 million in a partner ecosystem, including making a strategic partnership with RSA. Other companies integrating with Stirling include Kaspersky, Brocade, Juniper Networks, Guardium, Imperva, Sourcefire, StillSecure, Q1 Labs, and Tipping Point.

The moves are part of the company's strategy to provide "Business Ready Security."

The moves are part of Microsoft's effort to broaden the scope of its security offerings to incorporate data protection, access and management, all built around the concept of identity, Leland said.

Microsoft wants to offer the ability for corporations to set "fine-grained security policies and have a deeper understanding about who in the organization is trying to access data and what they are trying to do with it," he said.

[mb99]

Microsoft... "Business Ready Security".....

Thanks for the laugh!

[dumbspammers]

"Microsoft" and "security" in the same article? Let's see... Nope, April First was two weeks ago.

I guess the question is, if Microsoft is *able* to do this, why do they charge extra for it? Why isn't the capabilility built-in to Exchange? Is it perhaps yet another cash cow? "Let's build a crappy, insecure mail server, and then charge extra for keeping out the spam and malware using the code we left out of it!"

[monkeyfun14]

Crappy? Thats why everyone is licensing it right??

[Mr. Dee]

and what do you suggest businesses replace the so called 'crappy mail server' with? If you say Gmail, I think you are smoking bit too much of that green stuff. ;)

[Random_Walk]

People use Exchange because at this time there are no viable alternatives that tie in with Office (calendaring, integration with Active Directory, and the like).

If/when someone manages to build a robust replacement, I see Exchange getting dumped like a hot potato.

I can say this because Exchange has far too many flaws in architecture and design.

We can start with the annoying (and non-DR-friendly) habit of storing all emails and attachments in a proprietary .mdb database format (that way you have no choice but to buy an Enterprise license once your DB gets bigger than 72GB, or your mailboxes grow too numerous). Next up is the opaque manner in which individual emails are recovered, deleted, or otherwise manipulated. Any other email server can be comprehensively managed using OS-native tools alone if need be, and individual mails can be located and handled quickly. Not Exchange... without add-ons, plugins, and third-party apps, Exchange would quickly consume all of an admin's time. The third reason? That database is rather fragile (ever used ExMerge to do something without first wasting time backing up the DB or breaking into a nervous sweat if you didn't have the time to do it? You're either a geek deity, or you work for Microsoft and write code for Exchange).

Okay... enough griping. Suffice it to say that Exchange, while useful feature-wise, is among the most (combined) evil and expensive things an organization has to deal with (yes, I'm counting Oracle and Cisco in the equation too).

[topgunb2]

@ Random_Walk if anyone was even close to being microsoft then there would've been 20 replacements for exchange! you may love microsoft or hate it, but can't avoid it. Even you would agree that every single user/reader of cnet would've used microsoft product atleast 100 times.
@ dumbspammers , stop using microsoft products and see if you /your organisation can survive even 2 days without it. I've been using ubuntu at home and love it, but I admit that linux/apple don't have products to replace microsoft in foreseeable future

[MMC Racing]

Random_Walk - sounds like you know 2003, but not 2007 or seem to have forgot the recovery storage group.. And databases are not fragile like the 5.5 days. You mentioned exmerge, but you probably meant ESEUTIL.. Seems like your knowledge on Exchange is old and stale, but you rant on anyway. Good job.

[Random_Walk]

There is already a somewhat thriving market for hosted exchange services. I see Microsoft being accused of illegal monopolistic behavior by most of the operators in this market if they do...

[Random_Walk]

wait... wait... I read the article wrong.

Still, what would make this different from existing hosted/online mail filtering and security services (e.g. Postini, Barracuda, etc)?

[Maclover1]

$20 a user per year. Man that is a joke.

http://www.google.com/postini/compare.html

[MMC Racing]

Article says $20 or less and being a not released product, we can't compare features.. Give it time my man, you can hate on them later when all the facts are out.

[Vegaman_Dan]

Interesting site you bring up. You'd have to spend $45 at a minimum with the service you listed to get even to a percentage of what Exchange already offers now.

I'm not sure I see the savings in a service that costs you 2x more.

[MMC Racing]

The bigger question that people are missing is what is different than their current offering? They bought some company (was it bluefish?) years ago and they have hosted anti-virus / spam filtering now as an offering.. So is this really about just a rename to include forefront? What are the new features?

[deathinc70]

This is just a rename of Exchange Hosted Filtering, which was previously named Frontbridge. Microsoft has already provided this service for years. Nothing is changing except the name.

[Vegaman_Dan]

That's an interesting comment.

Completely incorrect, but interesting.

If you want to look back at the history of Forefront, go research Giant Software which is the company MSFT bought for this technology instead.

[deathinc70]

Also, you don't have to pay anything extra to use this service if you have Enterprise Exchange CALs. It is included in the CAL cost.