Microsoft Partners: Forefront Not Ready For Business

The problem with Forefront isn't with the security technologies that Microsoft has acquired -- which are generally pretty solid -- but rather with products Microsoft has developed in house, said one Microsoft Gold partner.

"Some of this stuff is crap. We installed the antispam product, and it took down our email server, and we lost all of our mail for three hours in the middle of the work day. When we called Microsoft, they said 'Yeah, take that off your server'," said the source, who requested anonymity.

"Any time Microsoft creates software from scratch, it takes a couple of revisions for them to get it right. And that's why I'm not sure that people are ready to buy their security from Microsoft," the source added.

Forefront is "a jumble of Microsoft security products" that's complex to install and doesn't take into account integration with third party applications that a customer might have, said Eric Schultze, chief security architect at Shavlik Technologies, a Microsoft ISV partner in Roseville, Minn.

"I'm not sure if Forefront is the perfect solution for small businesses yet, or even medium and large ones," Schultze said.

Still, Microsoft has big plans for its security business. This week at Microsoft's Worldwide Partner Conference in Denver, executives unveiled plans to invest $50 million in security sales, marketing and partner training efforts in the coming year.

The integration of security and management functions is growing trend in the industry, and Microsoft used the conference to highlight a new specialization called Secure Infrastructure, which unites its previously separate security and management specializations. Microsoft at the conference also introduced another new specialization called Identity and Secure Access.

Forefront Client Security, which launched in May, is built on Active Directory, which is important because it's a technology with which many partners are already familiar, said Mark Hassall, securityaccess partner marketing director at Microsoft.

Stirling, which Microsoft unveiled in June, represents a deeper integration of security across the client, server and network edge that facilitates a quicker response to threats, Hassall said.

For example, at the network edge, a server could notice individual machines making an unusually large number of connections, and could in turn notify Forefront Client Security, allowing administrators to look more closely at a particular machine, said Hassall.

Michael Sullivan, CEO of Quest Business Solutions, Dallas, sees Microsoft's decision to unite its security and management specializations as a reflection of its software-as-a-service goals.

"Customers want one place to go, and they want a secure infrastructure and to be billed on a monthly basis. Today, we have to bring in another security partner and bring in another antivirus, IPS, or data leak prevention product and plug it into the Microsoft platform to provide that," said Sullivan.

Another driving force for Microsoft's security business is its Security Software Advisor program, which rewards partners that influence the sale and deployment of Microsoft security solutions, but don't sell the actual licenses.

"[The program] is a reflection of the fact that not everybody gets the ability to sell the software and get the margin," said Hassall.

Shavlik's Schultze sees the Security Software Advisor program as a step in the right direction. "In the future, rewarding influencers will go a long way toward bringing in additional Microsoft partners and incentivizing them," he said.

The program, which now has more than 4,000 partner members, has evolved over time to incorporate infrastructure security and management security, said Hassall. "Management has become a pervasive part of any security solution," he said.