The first round of Microsoft-branded Sybari products—Microsoft Forefront
Security for Exchange Server, Antigen for SMTP Gateways, Antigen Spam Manager,
and Antigen Enterprise Manager—are ready to hit the market. Eventually,
all of these products will be included with the Microsoft Forefront line of
security products, but the current versions offer a compelling solution for
Microsoft Exchange Server email infrastructures. Here's what you need to know
about the Antigen family of products.
Spam Protection at the Server Level
The Antigen products are designed to protect Exchange email servers, though
Antigen for SMTP Gateways also supports the SMTP server function in Windows
servers. (Microsoft is also working on Antigen products for Windows SharePoint
Services and IM.) An Antigen for Exchange product has existed for roughly 10
years, and it has always focused solely on managed enterprise servers, not consumer
or desktop products. Customers have always applauded Antigen because it only
minimally affects performance and easily integrates with Microsoft's management
technologies.
Unlike some antivirus solutions, Antigen doesn't rely on just one antivirus
engine. Instead, administrators can install and enable multiple antivirus engines,
as the situation demands, to obtain the best antivirus protection possible.
Sybari never saw itself as an antivirus engine lab, so it partnered with several
antivirus engine companies, and Microsoft continues to benefit from these established
relationships. Antigen also includes a new antivirus engine designed by Microsoft
that's based on its experience protecting millions of MSN and Hotmail accounts.
The Antigen email protection products come with five antivirus scanning engines:
Microsoft, Sophos, CA Vet, CA InoculateIT, and Norman. If you buy the Antigen
Messaging Security Suite, which includes Forefront Security for Exchange Server,
Antigen for SMTP Gateways, and Antigen Spam Manager, you also get Kaspersky,
AhnLab, Authentium, and VirusBuster engines. You can use any combination of
engines to get the best protection, but Microsoft recommends activating no more
than five antivirus scanning engines per installation.
Why would you need multiple engines? When a virus appears, companies that make
antivirus scanning engines race to be the first to market with new signatures.
By using multiple engines, you're more likely to quickly receive signatures
for all new viruses than you are if you rely on just one vendor.
What's New in Antigen
Antigen underwent Microsoft's grueling Security Development Lifecycle code review
to ensure that it utilizes the lowest possible security privileges and ships
with the most secure out-of-the-box configuration. These precautions are important
because hackers often use antivirus products as an attack vector. Antigen also
provides greatly enhanced support for Exchange clusters.
Recommendations
If you're already a Sybari customer, there probably aren't enough improvements
in Antigen to warrant an upgrade. But if you're still looking for an antivirus
solution that offers superior protection and deep integration with Active Directory
(AD) and other Microsoft management tools, consider Antigen. Future versions
will benefit from integration with other Forefront solutions and Exchange Server
2007's roles-based infrastructure.