Microsoft Threat Management Gateway has some drawbacks
Microsoft is now a few weeks into the second beta release of its Threat Management Gateway, the
successor product to Internet Security and Acceleration Server. But the software giant's
conservative approach to security results in some drawbacks for IT.
|To get security news and tips delivered to your inbox, click
here to sign up for our free newsletter.
TMG is a Web security product particularly suited to protecting medium sized businesses against
malicious code penetrating the network from http and https traffic. Microsoft positions TMG as a
firewall to block malicious code and filter access to unauthorized URL, as well as providing
front-end security to Web-based applications including Exchange and SharePoint.
Microsoft and nearly any other company on the planet, knows how to build products for mid-tier
businesses. In high tech, vendors often prematurely rush features to market in efforts to win
awards from reviewers and impress prospects with the depth of their feature checklist. Microsoft
takes a very conservative approach with its security products to minimize customer administrative
costs and provide fundamental security that works for the duration of the Microsoft relationship.
This long term view has benefits and drawbacks for IT that can be illustrated by TMG:
+TMG implements basic Web security features, and does them
well. Microsoft TMG focuses on leveraging a forward proxy approach to provide anti-malware and
URL filtering for a secure Web experience. TMG does not attempt to reach to solve problems
associated with spam or data leakage, for example. + TMG does not significantly add to
administrative burdens. The straightforward nature of TMG means that IT does not require an
advanced degree in security to configure the solution for protection against Web traffic.
Operational expenses often out-weigh product costs in mid-tier organizations so keeping it simple
to manage is an important evaluation criterion for IT. Even the virtual appliance packaging means
that IT can repurpose existing hardware in adding Web security to their organization. + TMG
leverages the strategic Microsoft relationship. IT only has time to manage so many vendor
relationships and Microsoft will always be a vendor that IT must work with. Microsoft offers an
investment-protection migration path from ISA Server to TMG, and is committed to tighter ForeFront
integration. These could be important elements in IT's multi-year security plan. - TMG is slow
to offer envelope-pushing features. Microsoft's conservative approach to product features can
lead to lost opportunities for tighter security or administration. For example, TMG integrates
nicely with ForeFront Stirling for audit reporting, but not for policy enforcement. Similarly, TMG
inspects content for malicious code but does not detect the presence of sensitive data or provide
PCI features. - TMG focuses on the most critical mass-market features. An enterprise with
complex security or performance requirements may need to evaluate other vendors for Web security.
Organizations that require special features such as clustering for availability, Web application
protection for PCI compliance, service provider performance, or integration with complex management
tools may need to evaluate alternative solutions.
To be sure, Microsoft has a vested interest in a conservative approach to security. Product
complexity leads high support and engineering costs, which with the size of Microsoft's base poorly
implemented product features could jeopardize customer relationships and result in extensive
expenses. Threat Management Gateway exemplifies Microsoft's approach to effectively administered
security for mid-tier organizations.<
Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry
analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren
Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also
served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be
reached by sending an email to firstname.lastname@example.org.