Tightening Up Security

The company is looking at ways to ensure that its Internet Security and Acceleration (ISA) Server, an application-layer firewall, "is even easier for people to deploy and use," Nash said in an interview last week at Comdex/Fall here after a panel discussion in which he and other Microsoft executives addressed the vendor's Trustworthy Computing security initiative.

When asked if Microsoft is developing other types of security products, Nash said, "There's nothing we've decided on or excluded at this point."

Microsoft is "working to understand customer needs" in security, he said, adding that it has not been determined whether the company will add to existing products or develop stand-alone products.

The current focus of Microsoft and its security business unit, established earlier this year, is to improve the core security of the vendor's existing products, Nash said. The unit is responsible for tools that help users secure their systems, such as HFNetChk, which administrators can use to check the status of security patches in a network. Microsoft is working on a new version of HFNetChk that can perform more checks, Nash said.

Job postings listed on Microsoft's Web site indicated that potential new product areas for the security business unit include vulnerability assessment, intrusion detection and antivirus.

Steve Crutchley, chief security officer at 4FrontSecurity, a Reston, Va.-based consulting firm, said he hasn't heard too much about Microsoft's new security unit but noted that the vendor should "concentrate on getting its operating system right" instead of developing security products.

"I don't think they're really in tune with giving the community out there what's really required," Crutchley said.

Another solution provider, who wished to remain anonymous, said Microsoft hasn't made much headway in the security space so far. Demand for the ISA Server has been minimal, the solution provider said.

PAULA ROONEY contributed to this story.