Microsoft has announced the release of Forefront Endpoint Protection 2010 (FEP), an email filtering and antimalware product for Windows PCs and servers. While a top analyst says the product is a worthwhile upgrade that security solution providers should consider, there are still instances when alternatives may make more sense.
For customers already using SCCM, adding FEP 2010 is a perfect solution.
FEP 2010 is part of Microsoft's Forefront Protection Suite for Microsoft client protection, which also includes Forefront Protection 2010 for Exchange Server, Threat Management Gateway (TMG), and other security products to defend Windows-based infrastructures. Originally slated for general availability in the first half of 2010, Microsoft delayed the release mid-year to gain more time to integrate FEP 2010 into Microsoft's System Center Configuration Manager. A beta version of FEP 2010 has been available since July, and the product finally became generally available Dec. 16, 2010. FEP 2010 is sold through Microsoft Authorized Resellers or directly to customers who have a volume license agreement in place with Microsoft. Forefront Endpoint Protection 2010 replaces Microsoft's earlier Forefront Client Security product, although Microsoft has not yet provided tools to help customers migrate from the older product to FEP2010.
Microsoft states that the key advantage of FEP 2010 is its integration with Microsoft's System Center Configuration Manager (SCCM) 2007, a system lifecycle management product. According to Microsoft, the convergence of system management with SCCM and security with FEP 2010 allows customers to use their existing client management infrastructure to secure their endpoints. For example, Microsoft claims this integration enables administrators to manage Windows PCs with SCCM 2007 and to protect them against malware with FEP 2010, all from a single console.
Should Microsoft Authorized Resellers immediately begin moving their customers to Forefront Endpoint Protection 2010? According to Neil MacDonald, vice president and Gartner fellow at Stamford, Conn.-based research firm Gartner Inc., the move makes sense for customers that have SCCM installed. "For customers already using SCCM, adding FEP 2010 is a perfect solution because it leverages their investment in SCCM and reduces costs and complexity," MacDonald said.
If a customer is not already using SCCM, or if a customer has a variety of non-Windows PCs in place, solution providers have many alternatives. McDonald pointed to other vendors that provide endpoint protection integrated with system lifecycle management. These include Kaspersky Lab with LanDesk Software, Symantec Corp. with its Altiris products or Trend Micro Inc. with BigFix Inc. (recently acquired by IBM).
Enterprises evaluating security products face a choice between purchasing an integrated suite of products, or purchasing individual products to address their specific needs. Microsoft claims that Forefront Protection Suite with FEP 2010 and its integration with SCCM leads to more efficient and effective security management. But Microsoft's competitors claim that a bundled product offering could lead to vendor lock-in and eventual loss of flexibility to choose the best products or negotiate lower prices. The release of FEP 2010 turned up the volume on this debate, one which security solution providers may find themselves embroiled in throughout 2011.