REDMOND, Wash., July 13, 2004 — The release this week of Microsoft Internet Security and Acceleration (ISA) Server 2004 marks the availability of an important new solution in the quest for better corporate network security. ISA Server 2004 is an advanced application layer firewall, VPN and Web cache solution that helps enable customers to easily maximize existing IT investments by improving network security and performance.
ISA Server 2004 makes significant improvements in the areas of advanced protection, ease of use, and fast, security-enhanced Web access. With a new security architecture, an all-new user interface and expanded virtual private network (VPN) capabilities, ISA Server 2004 can help companies better protect their applications against new and emerging threats.
Part of the Microsoft Windows Server System, ISA Server 2004 is particularly well suited to helping to safeguard Microsoft applications, such as Microsoft Exchange Server with Microsoft Outlook Web Access, Microsoft Internet Information Services, and Microsoft Office SharePoint Portal Server.
“We are incredibly excited about this release,” says Jonathan Perera, senior director of product management for Microsoft’s Security Business and Technology Unit. “Our customers have asked for ways to better control the cost of network security while also enabling them to share critical business applications over the Internet. ISA Server 2004 provides the advanced application protection and ease-of-use that make it possible for companies to achieve both goals.”
Strong Partner Momentum
According to Perera, there is a large opportunity for hardware partners to extend the security features of ISA Server 2004 to appliances. Several worldwide partners have already announced such plans, including Celestix Networks, HP, Network Engines, Pyramid Computer, RimApp Technologies and Wortmann AG.
Perera also notes that ISA Server 2004 was designed to be fully extensible, enabling Microsoft solution partners to build complementary add-ons and allowing customers to customize the platform for their needs. This week, 10 partners announced supporting products to help customers implement their defense-in-depth strategies. They include Cloudmark (anti-spam); FilterLogix (Web filtering); Forum Systems, Inc. (Web services security); GFI Software Ltd. (content filtering and anti-virus); McAfee, Inc. (anti-virus and anti-spam); Panda (anti-virus), Rainfinity (load balancing and high availability), RSA Security Inc. (two-factor authentication); SurfControl plc. (Web filtering); and WebSpy Ltd. (monitoring and analysis).
In addition, Perera says that ISA Server 2004 also delivers a significant opportunity for systems integrators to play a strategic role in the deployment and maintenance of customized security solutions based on ISA Server 2004. Among the systems integrators that already working with ISA Server 2004 are Getronics and Avanade.
“We’re already seeing a number of industry partners around the world who are having success helping customers deploy it to enable key business solutions,” says Perera. “We couldn’t be more excited about the number of complementary solutions that Microsoft industry partners are creating for the platform, providing customers with a wide range of options to meet their specific security requirements.”
Integrators Find Opportunity
For example, Getronics, based in Amsterdam and operating in 30 countries, has just announced the successful implementation of ISA Server 2004 for the more than 130 restaurants of a major food-services retailer in Israel. The new security solution has helped give the client’s 3,000 employees in that country more secure, efficient access to both the Internet and the company’s internal network.
The ISA Server 2004 system replaces a solution that was costly and inflexible. The goal for the restaurant chain was to implement a new system that is easier to use, integrates with the company’s existing infrastructure and delivers improved network performance.
According to Liran Zamir, support engineer for Getronics Israel, the new solution was implemented in a matter of days. Today, the restaurant chain’s employees have improved security and faster access to the Internet, and they can use Outlook Web Access to utilize the company’s internal messaging infrastructure. In addition, changes to security clearance levels can now be made in a matter of minutes.
“ISA Server 2004 enabled our client to lower costs and manage user access without outside help,” says Zamir. “I think ISA Server 2004 is now a mature product that delivers much more value than previous generations of firewalls. That opens up a lot of new opportunities.”
In another example, Avanade, which provides Microsoft solutions for the enterprise, is delivering important internal benefits with ISA Server 2004 while simultaneously opening the door to new opportunities in the marketplace. An ISA Server 2004 early adopter, Avanade is using it to facilitate site-to-site VPN connectivity and to help protect Microsoft applications that Avanade exposes externally, including Exchange Server, Outlook Web Access and SharePoint.
One reason that Avanade was quick to adopt ISA Server 2004 was that it helps address the threat of application level attacks. Traditional network firewalls have looked at the source of data but not the data itself. ISA Server 2004 was created to help ensure that only validated data enters the system.
Avanade has also developed a VPN Quarantine Solution that takes advantage of the functionality of ISA Server 2004 to reduce the threat that can come with VPN access to network resources. The solution evaluates remote users for compliance with company security policies when they first access the system. If a deficiency or vulnerability is detected, it provides steps that users can follow to remedy the problem.
While the solution has generated a great deal of interest, Avanade Director of IT Infrastructure and Operations Craig Nelson says the broader need to help customers improve security will mean new demand for services centered around the benefits that ISA Server 2004 delivers. He believes that the constantly evolving nature of security issues and the powerful features of ISA Server 2004 will generate a wide range of new opportunities.
“Our customers are looking for ways to improve network security at a more granular level,” he explains. “Historically, enterprises have entrusted a wide variety of vendors with these security tasks, but the problems remain. Neglect of the application layer is a large part of the reason why. It’s analogous to inspecting postal mail simply by looking at the address on the envelope, rather then opening the envelope to evaluate what’s inside. If customers want to expose something on the Internet, ISA Server 2004 will be an important part of what we offer. When we build secure systems for our clients, we want to push the envelope of firewall security. We know this can only be done with technologies powerful enough to intelligently look inside the data.”
Solutions Providers Adding Value
SurfControl, a leading Web and e-mail filtering company, is one the solutions companies that is extending the ISA Server 2004 platform. This week, SurfControl announced its intention to release SurfControl Web Filter for ISA Server 2004 in the third quarter of this year.
According to SurfControl Director of Business Development Brett Matesen, SurfControl Web Filter for ISA Server 2004 adds to ISA Server 2004’s advanced protection and ease of use capabilities with enhanced Internet content control and the ability to enforce corporate policies for Internet use. With SurfControl Web Filter for ISA Server 2004, users have access to an outstanding URL content database and artificial intelligence tools for dynamic recognition of high risk Internet content. The solution provides robust policy management capabilities, allowing Internet-use policies to be set at the user, group or organization level. Customizable deny pages can also be set to clearly communicate policies and violations.
“SurfControl stops unwanted content no matter how it comes in,” says Matesen. “That improves security and employee productivity, saves on network bandwidth and limits legal liability issues. ISA Server 2004 provides the scalable, high-performance platform for deployments from small companies to the largest enterprises”
SurfControl for ISA Server 2004 is already being used by SurfControl customer Skyline Chili, an Ohio-based restaurant chain that enjoys a devoted following for its Cincinnati-style chili.
“SurfControl lets me manage the way my users access the Internet without having to spend $30,000 on a hardware firewall solution,” says Skyline Chili Manager of Information Services Robbie Bomar. “Now my two-person IT department can easily create access policies and prevent users from accessing specific types of Web sites. Having this level of control, along with the security and firewall capabilities of ISA Server, is great.”
SurfControl technology for the ISA Server 2004 platform will help SurfControl take advantage of the fast-growing marketplace for content security solutions, which IDC predicts will grow from US $4 billion this year to $6 billion by 2007. Matesen says the company has already received numerous inquiries from customers who recognize the importance of content security and see the benefits of SurfControl Web Filter for ISA Server 2004.
Rainfinity, a San Jose, Calif. company that provides products that deliver high availability and optimized performance of network resources, is also seeing high demand for solutions that incorporate the functionality of ISA Server 2004.
“ISA Server 2004 is very cost effective. Because it’s part of the Windows Server System my staff is already familiar with it. So integrating it into the network is easier, and support costs are lower,” says Rainfinity Business Development Director Bill Bonin. “ISA Server 2004’s ease of use is particularly important to our organization. As a class, firewalls have been notoriously complicated. That’s OK if you’re building a firewall for the Pentagon. But if you are a midsize manufacturer or a regional bank, complexity can be very expensive.”
Rainfinity worked closely with Microsoft in the development of the RainWall High Availability Platform for ISA Server 2004, which provides clustering and fail-over capabilities. The Rainfinity platform helps provide uninterrupted Internet access by automatically detecting Internet outages and re-routing traffic. Many firewalls are configured so the connection is terminated and users lose access the system if there is a failure. With RainWall for ISA Server 2004, if one node fails, network traffic is moved to the active nodes and connectivity is unbroken.
According to Bonin, the ease-of-use, functionality and affordability of ISA Server 2004, combined with the uninterruptible service of a RainWall ISA Server 2004 cluster, is generating a great deal of interest in the marketplace.
“We already have a backlog of companies that are ready to roll this out,” he says. “They come from a wide range of industries including healthcare, where new regulations have increased security concerns, and banking, where security is always a critical issue.”
Hardware Solutions Providers Deliver More Choice
There is a similar level of interest among industry partners and customers in extending the advanced protection, ease of use and fast, secure access benefits of ISA Server to hardware solutions.
In fact, the first wave of hardware solutions that integrate ISA Server 2004 was announced at the Microsoft TechEd conference in May. Follow-up announcements were made in June by other partners at TechEd EMEA (Europe, the Middle East and Asia).
“Customers tell us they want more choice when it comes to how they secure their applications and networks. ISA Server 2004 allows customers to choose between hardware and software-based security solutions, depending on their needs and environment,” Perera says. “We’ve already announced partnerships with a half-dozen hardware solutions providers to build appliances based on ISA Server, and all of them are expected to be available this year.”
The HP ProLiant DL320 Firewall/VPN/Cache Server running ISA Server 2004 is one of these solutions. Built to help address network and perimeter security, it provides flexible multi-layer firewall, VPN and Web cache functionality. Tight integration with Microsoft Windows Server 2003 means customers can quickly improve network security and performance with a full-featured security package that is extremely affordable.
Offerings from Celestix Networks are expected to include Scorpio and Gemini Celestix MSA4000 products that deliver gateway firewalls for perimeter defense. Both utilize ISA Server 2004 to provide caching and proxy services for outbound Internet traffic, VPN deployments, application-layer inspection and publishing to internal Web sites in low-cost hardware appliances designed specifically for small and medium-sized businesses.
Network Engines’ Firewall for Microsoft Exchange Server also targets small and medium-sized businesses. Created to help protect servers running Microsoft Exchange Server, it integrates the application firewall features of ISA Server 2004 with Web-based setup and patch management in a desktop appliance that’s easy to deploy and use.
“Small and medium businesses are under intense pressure,” Jeff Brandes, vice president and business development manager at Network Engines told PressPass in May. “They often lack the IT resources found in larger companies, yet they face the same security and productivity challenges. We can pre-configure ISA Server 2004 so the solutions are optimized out-of-the-box.”