Forefront TMG and UAG Phase out/alternatives – Part 2

Hi again folks,

following the Part 1 of Forefront TMG and UAG Phase out/alternatives I will complete the series with the description of the available solutions for each ISA/TMG/UAG feature.

2. Finding the alternatives for each TMG/UAG features

Finding alternatives is far from being an easy exercise, there are many things to consider, I’ve already covered a few on my previous post, but some additional fundamentals may influence your decision, such as:

– Know-how of your team on determined technology/vendor, that may reduce the learning curve, training costs and the risk caused by faulty operations/implementation;

-Good vendor relationship and supportability are key elements for a less bumpy transition;

– Easy of use and manage (centralized) to make your team productive and fast responsive to the increasing business demand;

– Can’t restrict an Heterogeneous and interoperable ICT;

– A convergence of features on fewer solutions/vendors may simplify the management/operations burden and reduce Capex/Opex;

– Capable to respond to the new world order of Cloud, Big Data, Mobility and Social;

– Ultimately, respond to the business needs. All I’ve mentioned previously means nothing if you do not commit to the business goals. If you fail to do so, as a CIO/CSO you may turn yourself a shooting target, CEO’s, CFO’s and CMO’s are getting less tolerant with ICT misalignment, roadblocks and unresponsiveness.

 

I’ll leave you with the decision to be made, so to make your life easier I’ve created a table with the right mapping of available solutions that replace each feature of ISA, TMG and UAG.

On the following table you have:

– Mapping of available security features on ISA, TMG and UAG;

– Column “Transition path” is related to the available solutions that can replace each feature of ISA, TMG and UAG, you may opt for Microsoft Technology if available (highlighted with a Link for detailed information) or a 3rd-Party Vendor;

– Column “Security solution type” with the acronym of the standard names of Security solutions available on the market. On this column you have more than one type, that’s because there are different types of solutions that can respond to that particular feature, select one;

    • Features
ISA TMG UAG Transition path Security solution type ( * )
Route X X   Windows Server 2012 RRAS
– 3rd party vendor
WAI, ENF or UTM for SMB’s
NAT X X   Windows Server 2012 RRAS
– 3rd party vendor
WAI, ENF or UTM for SMB’s
Edge Firewall X X   3rd party vendor ENF or UTM for SMB’s
     Stateful Packet filtering X X   3rd party vendor ENF or UTM for SMB’s
Application Layer Firewalling X X X 3rd party vendor WAF, ENF or UTM for SMB’s
     HTTP Filter X X X 3rd party vendor WAF, ENF or UTM for SMB’s
     HTTPS Inspection   X X 3rd party vendor WAF, ENF or UTM for SMB’s
Intrusion Prevention and Intrusion Detection system X X   3rd party vendor WAI, ENF or UTM for SMB’s</
td>
Web proxy and Web caching Server X X   Web proxy:
– 3rd party vendor
Web Caching Server:
Windows Azure Caching Services for Cloud solutions integration
IIS Application Request Router
– 3rd party product
SWG, PaaS or UTM for SMB’s
     URL Filtering   X   – 3rd party vendor SWG or UTM for SMB’s
     Malware Inspection   X   – 3rd party vendor SWG or UTM for SMB’s
Forward Proxy X X   – 3rd party vendor WAF, ADC or UTM for SMB’s
Reverse Proxy X X X WS 2012 R2 Web Application Proxy (basic)
– 3rd Party product
WAF, ADC or UTM for SMB’s
VPN Server (Client VPN and Site to Site VPN) X X   Windows Server 2012 RRAS
– 3rd party vendor
WAI, ENF or UTM for SMB’s
E-Mail Protection Gateway X X   Exchange Online Protection
– 3rd party vendor
SEG, SWG, SaaS or UTM for SMB’s
SSL VPN     X – 3rd party vendor SRA
Direct Access     X Windows Server 2012 Direct Access
– 3rd party vendor
WAI

( * ) – Glossary:  Go to section ‘1.3 Get familiar with security industry solution types’ on Part 1

 

3.  3rd Party Vendors

In this section you have a table with the available solutions of 3rd Party vendors for each type of Security solution.

If you already had identified from the above section which type of solutions you need to replace each feature of ISA, TMG and UAG, after completing all the feature set you probably ended up with a few solutions that you may need to implement.

Some types of solutions may cover more than one feature, it maybe wise that you can converge as many features has you can in one type of solution as long as it can respond to the business requirements.

Some 3rd Party vendors can easily integrate different solution types from their portfolio, sometimes we are just talking about licensing a particular module or service and don’t even need to provision dedicated Hardware.

Here are the tables of each Security solution type and their designated 3rd Party solutions:

WAI – Wired and Wireless Access Infrastructure
Vendor/Solution Reference
Cisco Switches http://www.cisco.com/en/US/products/hw/switches/index.html
Cisco Routers http://www.cisco.com/en/US/products/hw/routers/index.html
Cisco Prime Infrastructure http://www.cisco.com/en/US/products/ps12239/index.html
Cisco Mobility Services Engine http://www.cisco.com/en/US/products/ps9742/index.html
HP FlexCampus Network Solutions http://h17007.www1.hp.com/us/en/networking/solutions/campus-lan/index.aspx#tab=TAB1
Aruba Networks Unified Networks http://www.arubanetworks.com/solutions/unified-networks/
Aruba Networks Mobility Access Switches http://www.arubanetworks.com/products/mobility-access-switches/
Aruba Networks Wireless Lan http://www.arubanetworks.com/products/wireless-lan/
Aruba Networks ClearPass http://www.arubanetworks.com/products/clearpass/?click=footer
Others Alcatel-Lucent Enterprise, Motorola Solutions, D-Link, Dell, Huawei, Adtran, Juniper Networks, Xirrus, Netgear, Fortinet, Enterasys Networks
ENF – Enterprise Network Firewall
Vendor/Solution Reference
Check Point Next Generation Firewall http://www.checkpoint.com/products/firewall-next-gen/index.html
Checkpoint Software Blade http://www.checkpoint.com/products/softwareblades/architecture/index.html
Checkpoint Security Appliance http://www.checkpoint.com/products/appliances/index.html#overview
Palo Alto Networks Firewall Platforms https://www.paloaltonetworks.com/products/platforms/firewalls.html
Palo Alto Network Virtualized Firewalls https://www.paloaltonetworks.com/products/platforms/virtualized-firewalls/vm-series/overview.html
Fortinet Next Generation Firewalls http://www.fortinet.com/solutions/next_generation_firewall.html
Fortinet High Performance Firewall / VPN http://www.fortinet.com/solutions/firewall.html
Cisco Firewalls ASA http://www.cisco.com/en/US/products/ps5708/Products_Sub_Category_Home.html
Juniper Networks SRX Series Services Gateways http://www.juniper.net/us/en/products-services/security/srx-series/
Juniper Networks SSG Series Secure Services Gateways http://www.juniper.net/us/en/products-services/security/ssg-series/
Juniper Networks ISG Series Integrated Security Gateways http://www.juniper.net/us/en/products-services/security/isg-series/
Others Dell SonicWall, StoneSoft, Mcafee, Watchguard, Sophos, Huawei, Barracuda Networks, Netasq, HP
UTM- Unified Threat Management
Vendor/Solution Reference
Fortinet Unified Threat Management http://www.fortinet.com/solutions/unified_threat_management.html
Check Point GAiA http://www.checkpoint.com/gaia/
Dell SonicWall TZ Series Unified Threat Management Firewall (Small) http://www.sonicwall.com/emea/en/products/TZ-Series.html
Dell SonicWall NSA Network Security Appliance Series (Mid-range) http://www.sonicwall.com/emea/en/products/NSA-Series.html
Dell SonicWall SuperMassive Series (Enterprise) http://www.sonicwall.com/emea/en/products/SuperMassive-Series.html
Watchguard XTM Next-Generation Network Security http://www.watchguard.com/products/xtm-main.asp
Sophos Unified Threat Management http://www.sophos.com/en-us/products/unified-threat-management.aspx
Others Cisco, Juniper Networks, Cyberoam, Netasq, Huawei, gateprotect, Clavister, Kerio
SWG – Secure Web Gateway
Vendor/Solution Reference
Cisco Web Security Appliance http://www.cisco.com/en/US/products/ps10164/index.html
Cisco Cloud Web Security http://www.cisco.com/en/US/products/ps11720/index.html
Blue Coat ProxySG http://www.bluecoat.com/products/proxysg
Blue Coat ProxyAV (ProxySG AV Add-on) http://www.bluecoat.com/products/proxyav
Blue Coat Web Flter (ProxySG Web Filter Add-on) http://www.bluecoat.com/products/webfilter
Blue Coat Secure Web Gateway Virtual Appliance http://www.bluecoat.com/products/secure-web-gateway-virtual-appliance
Blue Coat Web Security Service (Cloud Service) http://www.bluecoat.com/products/web-security-service
Websense Websecurity Gateway (Appliance) http://www.websense.com/content/web-security-gateway-features.aspx
Websense Websecurity Gateway Anywhere (Hybrid) http://www.websense.com/content/web-security-gateway-anywhere-features.aspx
Websense Cloud Websecurity Gateway http://www.websense.com/content/cloud-web-security-gateway-features.aspx
Zscaler Cloud Web Security http://www.zscaler.com/product-cloud-security/cloud-web-security.php
Barracuda Web Filter (Appliance) https://www.barracuda.com/products/webfilter
Barracuda Web Filter Vx (Virtual) https://www.barracuda.com/products/webfiltervx
Barracuda Web Security Service (Cloud) https://www.barracuda.com/products/websecurityflex
Mcafee Web Gateway (Appliance) http://www.mcafee.com/us/products/web-gateway.aspx
Mcafee SaaS Web Protection (Cloud) http://www.mcafee.com/us/products/saas-web-protection.aspx
Symantec Web Gateway http://www.symantec.com/web-gateway
Symantec Web Security.Cloud http://www.symantec.com/web-security-cloud
Others Trend Micro, Trustwave-M86 Security, Sophos, ContentKeeper Technologies, Sangfor, Phantom Technologies, EdgeWave, Optenet
WAF – Web Applicaiton Firewall
Vendor/Solution Reference
F5 – Big IP (WAF module – license) http://www.f5.com/products/big-ip/
Imperva SecureSphere Web Application Firewall http://www.imperva.com/products/wsc_web-application-firewall.html
Barracuda Web Application Firewall: https://www.barracuda.com/products/webapplicationfirewall
Barracuda Web Application Firewall for Applications hosted on Windows Azure (NEW) https://www.barracuda.com/WAFonAzure
Radware Web Application Firewall http://www.radware.com/resources/rclp.aspx?campaign=1632124&utm_campaign=seer%20msn%20application%20security%20search=&wt.srch=1&utm_source=msn&utm_medium=cpc&utm_term=barracuda%20web%20application%20firewall&wt.mc_id=seer%20msn%20application%20security%20search
Citrix NetScaler AppFirewall http://www.citrix.com/products/netscaler-appfirewall/overview.html
Others Breach Security, Deny all, Cisco, ModSecurity, Protegrity
ADC – Application Delivery Content
Vendor/Solution Reference
F5 – Big IP http://www.f5.com/products/big-ip/
Cytrix NetScaler 10 http://www.citrix.com/products/netscaler-application-delivery-controller/overview.html
Radware Alteon http://www.radware.com/Products/ApplicationDelivery/Alteon/default.aspx
Barracuda Load Balancer ADC https://www.barracuda.com/products/loadbalancer
Others Riverbed, A10 Networks, Brocade, Array Networks, Coyote Point, Cisco, Sangfor
SRA- Secure Remote Access
Vendor/Solution Reference
Dell SonicWall SSL VPN Secure Remote Access http://www.sonicwall.com/emea/en/products/Secure-Remote-Access.html
Barracuda SSL VPN https://www.barracuda.com/products/sslvpn/
F5 – SSL VPN http://www.f5.com/it-management/solutions/ssl-vpn-security/overview/
F5 – Big IP Edge Gateway http://www.f5.com/products/big-ip/big-ip-edge-gateway/overview/
Juniper Networks SA Series SSL VPN http://www.juniper.net/us/en/products-services/security/sa-series/
Others Array Networks, Check Point, Citrix, Cisco, Cryptzone, Nexus, Palo Alto Networks, Sangfor Technologies

 

Please note that the mentioned 3rd party solutions and links may be subject to change.

 

4.  Should I stay or should I go

One of the major concerns is about the right time to start dephasing ISA, TMG and UAG.

Per Microsoft Support Lifecycle of these products, ISA Server still has extended support, TMG and UAG have Mainstream support until 2015 and extended support until 2020.

Products Released
Lifecycle Start Date Mainstream Support End Date Extended Support End Date
Internet Security and Acceleration Server 2006 Enterprise Edition
10/17/2006 01/10/2012 01/10/2017
Internet Security and Acceleration Server 2006 Standard Edition 10/17/2006
01/10/2012
01/10/2017

 

Products Released
Lifecycle Start Date Mainstream Support End Date Extended Support End Date
Forefront Threat Management Gateway 2010 Enterprise
12/1/2009 4/14/2015 4/14/2020
Forefront Threat Management Gateway 2010 Standard 12/1/2009
4/14/2015
4/14/2020
Products Released
Lifecycle Start Date Mainstream Support End Date Extended Support End Date
Forefront Unified Access Gateway 2010
1/26/2010 4/14/2015 4/14/2020

 

So, should you rush to the dephase process or hold your horses for a while?

Some time ago you had to respond to business needs, you defined your ICT priority areas and had to accommodate on your budget the investment of ISA, TMG or UAG, so you obviously have a ROI to achieve.

Despite the fact that there is a ROI to be accomplished, ISA Server is out of development and you can’t expect too much being developed during the Mainstream support of TMG and UAG.

Being secure stands for evolving into the dynamics of changing threats, regulations, compliance and business needs, which basically mean that you need to evaluate if your Forefront solutions can respond to these challenges, if they can’t, no matter if your ROI has been achieved it is prudent to move forward to a new solution.

All said, for the majority of organizations the sense for a transition process is NOW, again one size does not fit all, you need to evaluate your particular situation.

 

 

This completes the series of Forefront TMG and UAG Phase out/alternatives.

 

R-Tape Loading error,
Luís Rato

Anúncios

~ por Luis Rato em 4 de Janeiro de 2014.

Deixe uma Resposta

Preencha os seus detalhes abaixo ou clique num ícone para iniciar sessão:

Logótipo da WordPress.com

Está a comentar usando a sua conta WordPress.com Terminar Sessão / Alterar )

Imagem do Twitter

Está a comentar usando a sua conta Twitter Terminar Sessão / Alterar )

Facebook photo

Está a comentar usando a sua conta Facebook Terminar Sessão / Alterar )

Google+ photo

Está a comentar usando a sua conta Google+ Terminar Sessão / Alterar )

Connecting to %s

 
%d bloggers like this: