Microsoft Ups Ante On Security Strategy

Hoping to take a more holistic approach to thwarting escalating security threats, Microsoft on Thursday laid out its companywide strategy and product roadmap to build thicker walls for both corporate desktops and lower-end servers.

The company's Client Protection solution, which will bring it more into direct competition with offerings from Symantec and McAfee, will attempt to zero in on three areas including helping IT shops and their business partners make the proper technology investments, provide users with prescriptive guidance, and becoming close partners with the security industry, and law enforcement.

Microsoft will release the products to beta testers soon although the finished versions will not be available until sometime in 2006.

In concert with the new security solution, Microsoft announced the formation of the SecureIT Alliance. The alliance will serve as a focal point in helping security partners better integrate their solutions with Microsoft's platform as well as to create new security features and products.

At a press briefing in Munich on Thursday, Microsoft president and CEO Steve Ballmer acknowledged that Microsoft needs the support and cooperation of a wide range of developers, IT shops, and governments to successfully fend of "the continuing onslaught of malware, viruses, phishing attacks and other kinds of Internet fraud."

Describing it as a defense-in-depth approach, Microsoft officials said it will pin its technology investment to three pillars.

The first is providing a built-in level of safety by improving the security of the software code through its Engineering Excellence initiative. Second is to offer integrated security technologies that offer protection against threats giving users more central visibility and better control over their environments. Third is to offer technologies that allow authorized users to retrieve information and make it difficult for unauthorized users to gain access to critical corporate data.

Industry observers believe Microsoft is making a good faith effort in furthering its commitment to make its products and their users' data more secure. But most are taking a wait and see attitude until the company delivers something developers and other partners can work with.

"No question Microsoft is trying to raise the bar and is seeking the help of the industry to do so. But it is going to be a matter of seeing what they deliver in terms of getting people over the hump and getting them to use their security software," said Natalie Lambert, a security analyst with Forrester Research, Inc., in Cambridge, Ma.

Given their brand name recognition and partner network for both the consumer and business markets, Lambert believes that as long as Microsoft can deliver on what it is promising, it should be able to compete effectively against security heavyweights such as Symantec and McAfee.

"Looking at the consumer side the are already in the majority of households so as long as they can deliver they should do well. On the enterprise side they will have to compete a little harder with the competitors they face there," Lambert said.

The Microsoft Client Protection will have an integrated management console that allows LAN administrators to control their environment and to set prioritized reports and alerts. Company officials said it would integrate with products such as Microsoft's Active Directory as well as with a number of other existing software distribution systems.

In a related announcement Microsoft also on Thursday released its Antigen anti-virus and anti-spam security software, which is based on the technology it acquired in buying Sybari Software Inc. The software is designed specifically for messaging and collaboration servers.

Microsoft officials said they also plan to add their own anti-virus scan engine, which it will give to those who buy the Sybari product free of charge.