REDMOND, Wash., Nov. 4, 2004 — In July, Microsoft released the latest version of its Internet security and acceleration (ISA) server product, Microsoft ISA Server 2004. The release marked an important new development in the quest for better corporate network security — a product designed to provide businesses of all sizes with advanced protection for their Microsoft applications, both powerful enough and flexible enough to be used by businesses of all sizes as an advanced application layer firewall, virtual private network (VPN) and Web-cache solution.
Since its release, the product’s combination of advanced protection, ease of use and fast, more secure access has provided ISVs with a broad base of development options to address a wide range of scenarios for small and mid-sized businesses, as well as enterprise-scale deployments.
“We’re really excited about the tremendous customer and partner interest around the product,” says Steve Brown, director of product management, Microsoft Security Business & Technology group. “ISA Server 2004 is clearly designed to address customer’s changing security needs, and our ISV partners have recognized that it provides great new opportunities for them to create additional value for customers of all sizes.”
According to ISVs such as Rainfinity, McAfee, SurfControl and Wavecrest, many of those opportunities are created by the application-level focus of ISA Server 2004’s firewall protection. While traditional firewalls offer a basic level of protection — checking the source of network traffic, looking at attachments and so forth — customers in today’s complex environment are finding that they need even more intelligent capabilities provided by an application layer firewall. This layer of “defense-in-depth” security works with the actual content of network traffic to provide clearer, more detailed information about how the network is being used, and by whom.
Already, these developers, along with original equipment manufacturers (OEMs) such as Hewlett-Packard, Celestix, Network Engines and Pyramid, are seizing on that capability to create new functionality and best-of-breed security solutions for their customers. And with the ability of ISA Server 2004 to handle a wide variety of tasks, many different types of hardware and software based solutions are springing up.
Customers can now deploy a range of security, filtering, load-balancing, and other functionality from a single “box” integrated with the network, and enjoy several options when it comes to deploying a solution that best fits their business. That wide variety of new solutions has customers talking, and in turn, partners are reporting widespread interest in their new ISA Server based solutions.
“Whenever we’re on the road and at tradeshows, we have seen customers take a great interest for our Microsoft ISA Server appliance series,” says Peter Trosien, head of product management at Pyramid Computer GmbH, Freiburg, Germany. “We’re prepared to grow this business as much as possible on the EU scale. A defense in depth strategy, combined with ISA Server 2004’s ease of use, Pyramid’s product offers a more integrated and advanced security solution.”
According to Brown, several other ISV and OEM partners have rolled out solutions and are now beginning to participate in validation testing designed for ISA Server 2004, administered by industry leader, VeriTest. This validation testing provides a way for customers to cut through the clutter of this rapidly expanding new market, by providing assurance that the solutions have been tested and verified. This allows customers to spend their time addressing key business needs instead of wrestling with configuration and deployment issues.
“The testing provides an additional level of quality assurance for customers,” says Richard Preston of VeriTest. “When they see a product that’s had this validation testing, they know that it’s gone through a process of evaluation to determine that the solution operates and interfaces appropriately with ISA Server 2004 and the Windows Server 2003 platform. Customers can have additional confidence when they see the VeriTest logo that this level of testing has been completed.”
The first company to complete the new test is longtime Microsoft partner McAfee Corp., which is rolling out its new SecurityShield product on the ISA Server 2004 platform. Part of the McAfee Secure Content Management family, McAfee SecurityShield combines anti-virus, anti-spam and content-filtering technology into a single solution for Microsoft ISA Server deployments. The product provides protection and control over Internet and mail content, including advanced filtering rules that can be defined per user group and managed centrally.
“Basically what that means to the customer is that they’re going to have all of their in- and out-bound messaging traffic secured by SecurityShield, and we’re going to be scanning that messaging traffic for viruses, for spam, for inappropriate content, and also for phishing attacks,” says Zoe Lowther, group product marketing manager for SecurityShield. “We’re providing that functionality in one integrated solution, which supports a wide variety of protocols, leading to lower cost of ownership for the customer.”
According to Lowther, independent testing such as that provided by VeriTest is an important part of delivering the right solution for customers. “The VeriTest verification is going to give customers more peace of mind, because they know that the product they’re buying is being developed to a certain standard and that there is a benchmark for the type of quality they’ll be getting,” she says. “On the technology side, it also gives us assurance that our product is easy to deploy and maintain, and works exactly as it was designed to.”
That ease of configuration, as it turns out, is one of the strongest assurances of network security. Says Brown, “The majority of security issues traced back to a firewall are related to misconfiguration. So having the ease of use that ISA Server 2004 delivers, including great network templates, wizards and more, helps create more accuracy in the configuration, and that means customers are able to implement a more secure network, more easily.”
According to Bill Bonin of ISV Rainfinity Corp., the fact that Microsoft has focused on ease of deployment and ease of use for ISA Server 2004 is a big deal for customers. “We’ve heard that at least 65 percent of traditional network firewalls may be configured inappropriately,” Bonin says. “And clearly, if a firewall is configured incorrectly, it’s probably not very secure.”
Apart from ease of use, Rainfinity has built solutions for ISA Server 2004 that focus on another critical issue — availability. The company’s RainWall and RainConnect products provide load-balancing and availability functionality that supports the ISA Server 2004 platform.
RainWall provides “clustering” or grouping of ISA Server 2004 servers when used as a firewall or VPN for high availability and load balancing. “The way a firewall works, the firewall is configured to close in the event of failure,” says Bonin. “So that means if you have a failure, you lose network connectivity. By having a high-availability cluster, you ensure that even if a node fails, your network connectivity remains available.”
According to Bonin, RainConnect does the same thing for ISP connections. “You can have multiple ISP connections, and even if one of your ISPs failed, the others would still be available, preserving network connectivity for the business.”
Beyond ease of use and high availability, ISA Server 2004 provides other benefits for customers that ISVs and OEMs are working to capitalize on. As an important example, the application focus of the product’s firewall protection creates new ways for ISVs to develop solutions that provide better information for business decision-makers. Already, effective solutions are on the market that use this functionality to create new benefits for customers. ISVs SurfControl and Wavecrest have developed new solutions that allow customers to gain control of Internet usage, including blocking inappropriate Web sites, specifying Internet usage policies and providing flexible reporting options on Internet usage.
“We focus more on the employee aspect of Web usage, allowing managers and HR personnel to have access to actionable, high-level reports,” says Wavecrest’s Dennis McCabe.
“Our product, CyBlock, provides reports that business users can interpret without tasking their IT people with a lot of work to convert the raw data into a user-friendly format,” he says. “We’ve designed the output, and we actually have a design for a web interface, so an HR person can log into the product and generate his or her own reports without asking IT to do that.”
According to McCabe, the involvement of IT in simple usage reports can result in a business expense that outweighs the value of the exercise. “You have a highly paid technical person spending 15 hours to put the information into a format that HR can interpret. With Cyblock, the solution does all the processing. You plug the policy information into the product, define what sites are acceptable and unacceptable. For stuff you are not blocking, you can define thresholds. All this gives the manager a better feel for the actual amount of activity that occurred, versus a simple hit count.”
Brett Matesen, director of business development at ISV SurfControl, echoes that sentiment. “In many environments, everybody looks like the same person. So the customer can only set global policies, such as blocking pornography. With ISA Server 2004, we can say, ‘Larry can only go to ESPN at lunch and he can only surf it for 20 minutes.’ This clearly provides a much more powerful capability to manage network usage.”
Matesen says his company’s solution has also taken advantage of ISA Server 2004’s flexibility and easy deployment to create a filtering solution that integrates tightly. “We plug in and run directly on the platform,” he says. “ISA is one of our strongest selling platforms, and one of the most widely deployed for us in the enterprise realm.”
According to Matesen, SurfControl is able to filter all Internet content, plugging into ISA Server for Web content and Microsoft Exchange for e-mail filtering. With ISA Server 2004, these functions can now be more tightly integrated than ever before.
“ISA Server, as an application layer firewall, can be intimately integrated with products such as Exchange and Internet Information Services (IIS). This allows us to create a combined solution with web filtering on the ISA Server in conjunction with robust e-mail filtering such as the SurfControl e-mail filter. That total filtering solution is a very strong value proposition for customers who want to mediate their content risks.”
And it’s that concept of a total solution that has Brown and others at Microsoft so delighted about what partners are doing with ISA Server 2004.
“We’ve heard from customers time and time again that no one vendor can provide best-of-breed solutions across all of the different security needs that they have,” Brown says. “With ISA Server 2004, customers get a platform that enables them to choose a specific solution that best meets their needs. Companies such as McAfee, SurfControl, Pyramid, Wavecrest and Rainfinity are all providing great examples of effective solutions that customers running ISA Server 2004 can now choose from. We think this ecosystem of solutions for ISA Server 2004 will only continue to grow, and are very excited about what that means for our customers.”
