Microsoft Forefront [EOL] Reviews

• Web proxy services along with the integrated firewall
• VPN
• Intrusion prevention
• Malware inspection
• URL filtering

The simplicity of managing the product compared to its competitors, like BIG-IP F5 and Citrix NetScaler.

The ease of deploying mobile functionality through the web proxy has significantly improved and encouraged the use of mobile workspaces.

The product has unfortunately reach its End-Of-Life (EOL) at Microsoft and is now replaced by several products.

I have used it for about five years as an employee at The National Land Survey of Sweden (Lantmäteriet).

It was very stable.

No issues, but you had to plan ahead before deploying redundancy with a Threat Management Gateway (TMG) cluster.

I never had to use tech support for the product.

We used Microsoft ISA Server 2004 before and upgraded to TMG 2010 to support Publishing Exchange 2010.

The initial setup was easy as the product had wizards to deploy services.

No advice regarding this product as it has reached its EOL. Regarding competitive pricing and the same functionality for load balancing and proxy, I recommend KEMP’s products.

No. As there were no other products at the time that had support for Exchange 2010 when TMG 2010 was released.

Impossible to give one value because so many things have an effect on the product selection:

1. Price
2. Server platform
3. Amount of built-in integrations (implementation work amount)
4. Requirements for coded integrations (implementation work amount)
5. Implementation work and time
6. Use cases specialties
7. Role management for users
8. Service agreements for vendors/sub-vendors
9. Deprovisioning use cases for selected entities
10. (Real-)time requirements for provisioning events

1. Price / licensing model
2. Implementation speed and work amount for first phase
3. Solid and stable provisioning engine
4. Possibility to code “any” feature requirement.

We do not use this product. We implement it for the customers.

1. Real-time provisioning events/triggering
2. Role management
3. Role/access/permissions revisioning/verification events (e.g., annually permissions have to be renewed).
4. Permission deprovisioning for certain use cases (work amount might be high).
5. No built-in entity model for Service Agreement management and tying those to users and their permissions.
6. Web user interface from 1990s. Users laugh at it.

Four years.

1. SQL deadlocks quite easily, but same happens for a plethora of other IDM products.
2. Web sessions often timeout after just minutes and there is no clear indication where to tune it.

Product has been enough for our customers’ requirements.

A six out of 10.

FIM 2010, SailPoint, and Efecte Identity.

Normal IDM complexity. Always something, but it always can be solved.

Remember that only ‘warm-bodies’ are counted. It is my understanding that the product could be used for ‘machine id’s’ for free, because those do not count as real users.

SailPoint and Efecte Identity.

Requirements, use cases, and requirements. Then, how much the customer has budget for it. Do not forgot the expectations of management. Other products fulfill other requirements. It is all about knowing what you buy and get, then settling for what you have bought.

Having experienced the frustrations of poorly designed/executed interfaces first-hand, one of the most valuable features for me is the graceful, responsive, and compatible web-UI. It works well across all browsers that I’ve tried, and even on mobile browsers. The snort engine, which is the muscle behind the Sourcefire IPS technology, has always been a joy for me to work with. I have almost 10 years of experience with snort and the power, customization, and ease-of-use has yet to be replicated. Lastly, I find great value in the context-sharing behavior across technologies with Sourcefire. Each active technology on the sensor enjoys access to the context of the others, and this has the great benefit of increasing accuracy and efficacy of automated response functions.

The network host/user/application visibility gained by leveraging FireSIGHT have produced collateral benefits that are time/money saving. The helpdesk uses this information often to troubleshoot issues rather than having to set up and configure WireShark or configuring an access-list to log specific traffic. The system gleans so much information from network traffic that it can simultaneously act as an organization’s SIEM and IPAM while performing role its purposed role of comprehensive threat defense.

I’d personally like to see some additional customization capabilities in the reporting section. This is already extremely customizable, more so than most other technologies, but specifically regarding formatting I think there is opportunity for improvement.

I started using Sourcefire technologies in early 2013 – upon the change in ownership my focus on this technology group was increased significantly. I’ve worked with Sourcefire products and technologies both before and after they were acquired by Cisco Systems. When I first started working with FirePOWER it was on version 5.2, and the earliest version of FireAMP for Endpoints for me was v4.4. Sourcefire has had many options regarding platform/chassis. I’ve personally deployed all defense center variations except for the DC4500, all 3D sensor variations as well as all AMP sensor variations. Additionally, I’ve deployed the virtual defense center and 3D sensor appliances.

I’ve deployed a lot of these products, and I’ve come across just one technology-related complication; if the sensor is not shut down gracefully there is a chance that the ‘sftunnel’ function, which secures communications between the sensor and the defense center, may become corrupt and require expert-user intervention/support. This has happened to me just twice across in over 80 deployments. I suppose I could take better care to gracefully shut down the sensor each time to alleviate the condition entirely. Any other complications have been the result of my configuration and/or typographical error.

I have never encountered any stability issues, I do always ensure that my sensors’ inline-pairs have configurable bypass modules – this ensures that if the sensor were to fail entirely my traffic will still flow through the inline appliance.

No I have not.

Unless you work with Cisco directly, it all depends on the Cisco partner you’re working with. My experiences have been great thus far.

Old-school Sourcefire technical support was unbelievably excellent – an absolute pleasure to work with them every time. The technical support has since moved to Cisco TAC, which is hit or miss regarding the proficiency of the engineer you get – with taking advantage of the available case escalation in those instances I would rate the current technical support as 7/10.

I’ve previously worked with and deployed Checkpoint, Juniper, and Palo Alto security technologies. The switch was due to the empirical track record. Sourcefire has a much lower security-incident rate than the others, especially Palo Alto which has been the primary security technology in many of the recent high-profile breaches.

It was very straight-forward, though my level of focus on security technologies affords me the time necessary for sufficient preparation.

The deployments I’ve completed have been both in-house and as the vendor team for our clients. My level of expertise would have to be rated by those clients.

ROI is extremely difficult to estimate in the network security world – you can see that your security posture is preventing threats from succeeding but what you cannot see is what the threat’s end-game is if it were to succeed in the initial intrusion/exploit. So for any given successful threat defense, I could have prevented defacement of my web-interface or I could’ve prevented the large-scale loss of digital property. Given the collateral benefits that Sourcefire provides, such as being a very efficient tool for our helpdesk as previously mentioned, the ROI is often much better than originally anticipated.

Difficult to answer due to the large number of deployments.

Certainly, I’ve evaluated

• Checkpoint
• Juniper
• Palo Alto firewalls

I've also looked at the follow NG solutions (FW, IPS, AVC, URL, Malware Protection).

• Checkpoint
• Palo Alto

Start with the end in mind – prepare for your implementation and have a plan for reacting to complications or failure. Also, position your sensors strategically to get the most comprehensive visibility in your environment; if you cannot see it you cannot defend it.

The way that it automated the provisioning of accounts for employees and students and the quick response time.

One of the biggest pain points was that username changes were not automated and caused problems. Now username changes are just so easy.

I've used it since September 2012.

Yes, but, they were not show stoppers.

No issues encountered.

We did not need to scale, however, it is holding up with the regular growth.

We have engaged Microsoft consultants to give us direction. That has greatly helped.

The technical support by the consultants was very good.

Yes, we used Sun IDM. However, Oracle was killing their product and the licenses would cost a lot, besides the cost of implementation.

The initial setup was mostly straightforward, since we had a game plan.

We had a partnership between Microsoft and an in-house team.

Our ROI is that we can provision users accounts within 30 minutes of them being put into the system.

The original setup cost was all inclusive about $100k.

Yes, we did evaluate other options. However, since we used Active Directory and Exchange, it was much easier to go to Forefront Identity Manager.

• Have a proper game plan
• Know your business processes
• Have good consultants

To be honest - it hasn't. It was sold and installed for us at a large sum, with questionable implementations. Personally, I could have done something almost as effective with PowerShell scripts.

I've used it for six months.

I was not here for deployment, but a mistake by the vendor caused a duplication of accounts for the entire enterprise

No issues encountered.

No issues encountered.

Unsure.

Awful. Vendor did not want to hear about it. However, our project team signed it off despite the operation team warning against it.

No previous solution used.

The biggest difficulty was aligning our requirements with HR.

We used a vendor team whose expertise was 8/10.

Pretty awful. A large initial investment with something that could have been done by one person full time over six years with less hassle. As it stands, around 0.25FTE is still spent on it by a higher salaried individual. Including ongoing server costs and time maintaining, the ROI would actually be negative

It cost us approx. US$250k to set up and is roughly US$200 day to day. Also, we pay for premier support and, occasionally, for consulting.

No other options evaluated.

I wouldn't consider this appropriate for less than around 2000 users, unless you are synchronising multiple databases

• Synchronization
• End user functionality
• Portal
• Service
• Self service password reset
• Password management
• Password sync
• Group management via Outlook
• Reporting

It has automated the entire user and group management process, thus reducing manual work and help desk cost to a great extent.

More out of box connectors and conducting awareness of the product along with more marketing. This would enhance the tools capabilities by keeping in mind other similar products from other vendors.

I've used it for seven years.

No issues encountered.

Not with the latest version.

Not with the latest version.

Good.

Good.

This is my first tool.

Pretty Straightforward. Microsoft always builds products with easy Next->Next options.

I work for a company that provides services for such tools, so we implement it ourselves.

You would get back the initial investment within three to four years.

Be sure on sizing.

Many of our customers use Forefront Client Security which simplifies administration though a central management console. This is great, as we are able to; monitor installs, virus definition updates and produce reports.All virus definition updates/engine updates can be downloaded and installed automatically, using windows server update services. This is ideal when you have a large network. To date we have not had a virus infecting a desktop with Forefront installed - this is the main reason why we will not use another anti-virus solution.

When using Forefront in a domain network, it is quite difficult to create the group policies needed for definition/engine updates using WSUS.For a managed Anti-Virus, Forefront is one of the best choices. Standard desktops use Microsoft Security Essentials which is free but limited to 10 licences on a small network and cannot be centrally managed.From an IT Support perspective -make sure desktops have user account control enabled just to avoid users running programs that forefront has alerted as dangerous.

From experience it's always best to use a Microsoft product for your desktop protection (Only if your running Windows of course).

We have been using Microsoft Forefront for almost three (3) years now and so far we are very satisfied with it. From a cost perspective, it very economical when packaged with our Microsoft software licenses. Microsoft's new license subscription option for schools even made it more value for money, as we can now install it on all university computers.Performance wise, it's one of the most effective anti-virus solutions we have ever used. It's very effective in cleaning viruses and malware without removing system files. As a result, we can recover servers faster and without the need to do a repair installation. We have used Free, Open source and Kaspersky anti-virus before, but Microsoft Forefront has the best integration between the OS and Anti-virus application.

In our experience, you really need a local Windows Update Server so that product and definintion updates can be easily downloaded. Without it, the client seems to update very slowly and may take a lot of time. Also, you need to have a license agreement with Microsoft for you to be able to use Forefront. It's technically the same as Security Essentials, but you can centrally management Forefront instances installed on different computer on the campus.I would definitely recommend Microsoft Forefront if you have a Microsoft license agreement. It will not only save you on cost, it will also give you an enterprise anti-virus system which can be centrally administered as well.

Just make sure you set-up an internal Windows update server to prevent each client from consuming a lot of bandwidth downloading updates from Microsoft's servers. It is not required but also highly recommended to set-up a management and reporting server to be able to have a picture of all threats being faced in your company.