We just raised a $30M Series A: Read our story

Microsoft Forefront [EOL] OverviewUNIXBusinessApplication

What is Microsoft Forefront [EOL]?
Our agile methodology and our integration expertise brings you the best catalyst to craft solutions of exceptional quality and distinctive success.

Microsoft Forefront [EOL] is also known as MS Forefront [EOL].

Microsoft Forefront [EOL] Customers
EUROVIA CS, a. s., King Abdullah Bin Abdulaziz Public Education Devel, Bank Alfalah Ltd., CLEAResult, St. Lucie County Public Schools, Wiltshire Council
Microsoft Forefront [EOL] Video

Archived Microsoft Forefront [EOL] Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
ITCS user
Systems Consultant at a tech services company with 501-1,000 employees
Consultant
There is simplicity in the management of the product compared to its competitors

What is most valuable?

  • Web proxy services along with the integrated firewall
  • VPN
  • Intrusion prevention
  • Malware inspection
  • URL filtering

The simplicity of managing the product compared to its competitors, like BIG-IP F5 and Citrix NetScaler.

How has it helped my organization?

The ease of deploying mobile functionality through the web proxy has significantly improved and encouraged the use of mobile workspaces.

What needs improvement?

The product has unfortunately reach its End-Of-Life (EOL) at Microsoft and is now replaced by several products.

For how long have I used the solution?

I have used it for about five years as an employee at The National Land Survey of Sweden (Lantmäteriet).

What do I think about the stability of the solution?

It was very stable.

What do I think about the scalability of the solution?

No issues, but you had to plan ahead before deploying redundancy with a Threat Management Gateway (TMG) cluster.

How are customer service and technical support?

I never had to use tech support for the product.

Which solution did I use previously and why did I switch?

We used Microsoft ISA Server 2004 before and upgraded to TMG 2010 to support Publishing Exchange 2010.

How was the initial setup?

The initial setup was easy as the product had wizards to deploy services.

What's my experience with pricing, setup cost, and licensing?

No advice regarding this product as it has reached its EOL. Regarding competitive pricing and the same functionality for load balancing and proxy, I recommend KEMP’s products.

Which other solutions did I evaluate?

No. As there were no other products at the time that had support for Exchange 2010 when TMG 2010 was released.

Disclosure: My company has a business relationship with this vendor other than being a customer: My current company is a Microsoft Partner.
it_user774165
Manager at a consultancy with 501-1,000 employees
Consultant
Has the possibility to code “any” feature requirement, but the web UI needs to be updated to this century

What is our primary use case?

Impossible to give one value because so many things have an effect on the product selection:

  1. Price
  2. Server platform
  3. Amount of built-in integrations (implementation work amount)
  4. Requirements for coded integrations (implementation work amount)
  5. Implementation work and time
  6. Use cases specialties
  7. Role management for users
  8. Service agreements for vendors/sub-vendors
  9. Deprovisioning use cases for selected entities
  10. (Real-)time requirements for provisioning events

What is most valuable?

  1. Price / licensing model
  2. Implementation speed and work amount for first phase
  3. Solid and stable provisioning engine
  4. Possibility to code “any” feature requirement.

How has it helped my organization?

We do not use this product. We implement it for the customers.

What needs improvement?

  1. Real-time provisioning events/triggering
  2. Role management
  3. Role/access/permissions revisioning/verification events (e.g., annually permissions have to be renewed).
  4. Permission deprovisioning for certain use cases (work amount might be high).
  5. No built-in entity model for Service Agreement management and tying those to users and their permissions.
  6. Web user interface from 1990s. Users laugh at it.

For how long have I used the solution?

Four years.

What do I think about the stability of the solution?

  1. SQL deadlocks quite easily, but same happens for a plethora of other IDM products.
  2. Web sessions often timeout after just minutes and there is no clear indication where to tune it.

What do I think about the scalability of the solution?

Product has been enough for our customers’ requirements.

How are customer service and technical support?

A six out of 10.

Which solution did I use previously and why did I switch?

FIM 2010, SailPoint, and Efecte Identity.

How was the initial setup?

Normal IDM complexity. Always something, but it always can be solved.

What's my experience with pricing, setup cost, and licensing?

Remember that only ‘warm-bodies’ are counted. It is my understanding that the product could be used for ‘machine id’s’ for free, because those do not count as real users.

Which other solutions did I evaluate?

SailPoint and Efecte Identity.

What other advice do I have?

Requirements, use cases, and requirements. Then, how much the customer has budget for it. Do not forgot the expectations of management. Other products fulfill other requirements. It is all about knowing what you buy and get, then settling for what you have bought.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user217485
Cisco Network Engineer with 51-200 employees
Vendor
There are a few tweaks I would explore although this has been an outstanding product line.

What is most valuable?

Having experienced the frustrations of poorly designed/executed interfaces first-hand, one of the most valuable features for me is the graceful, responsive, and compatible web-UI. It works well across all browsers that I’ve tried, and even on mobile browsers. The snort engine, which is the muscle behind the Sourcefire IPS technology, has always been a joy for me to work with. I have almost 10 years of experience with snort and the power, customization, and ease-of-use has yet to be replicated. Lastly, I find great value in the context-sharing behavior across technologies with Sourcefire. Each active technology on the sensor enjoys access to the context of the others, and this has the great benefit of increasing accuracy and efficacy of automated response functions.

How has it helped my organization?

The network host/user/application visibility gained by leveraging FireSIGHT have produced collateral benefits that are time/money saving. The helpdesk uses this information often to troubleshoot issues rather than having to set up and configure WireShark or configuring an access-list to log specific traffic. The system gleans so much information from network traffic that it can simultaneously act as an organization’s SIEM and IPAM while performing role its purposed role of comprehensive threat defense.

What needs improvement?

I’d personally like to see some additional customization capabilities in the reporting section. This is already extremely customizable, more so than most other technologies, but specifically regarding formatting I think there is opportunity for improvement.

For how long have I used the solution?

I started using Sourcefire technologies in early 2013 – upon the change in ownership my focus on this technology group was increased significantly. I’ve worked with Sourcefire products and technologies both before and after they were acquired by Cisco Systems. When I first started working with FirePOWER it was on version 5.2, and the earliest version of FireAMP for Endpoints for me was v4.4. Sourcefire has had many options regarding platform/chassis. I’ve personally deployed all defense center variations except for the DC4500, all 3D sensor variations as well as all AMP sensor variations. Additionally, I’ve deployed the virtual defense center and 3D sensor appliances.

What was my experience with deployment of the solution?

I’ve deployed a lot of these products, and I’ve come across just one technology-related complication; if the sensor is not shut down gracefully there is a chance that the ‘sftunnel’ function, which secures communications between the sensor and the defense center, may become corrupt and require expert-user intervention/support. This has happened to me just twice across in over 80 deployments. I suppose I could take better care to gracefully shut down the sensor each time to alleviate the condition entirely. Any other complications have been the result of my configuration and/or typographical error.

What do I think about the stability of the solution?

I have never encountered any stability issues, I do always ensure that my sensors’ inline-pairs have configurable bypass modules – this ensures that if the sensor were to fail entirely my traffic will still flow through the inline appliance.

What do I think about the scalability of the solution?

No I have not.

How are customer service and technical support?

Customer Service:

Unless you work with Cisco directly, it all depends on the Cisco partner you’re working with. My experiences have been great thus far.

Technical Support:

Old-school Sourcefire technical support was unbelievably excellent – an absolute pleasure to work with them every time. The technical support has since moved to Cisco TAC, which is hit or miss regarding the proficiency of the engineer you get – with taking advantage of the available case escalation in those instances I would rate the current technical support as 7/10.

Which solution did I use previously and why did I switch?

I’ve previously worked with and deployed Checkpoint, Juniper, and Palo Alto security technologies. The switch was due to the empirical track record. Sourcefire has a much lower security-incident rate than the others, especially Palo Alto which has been the primary security technology in many of the recent high-profile breaches.

How was the initial setup?

It was very straight-forward, though my level of focus on security technologies affords me the time necessary for sufficient preparation.

What about the implementation team?

The deployments I’ve completed have been both in-house and as the vendor team for our clients. My level of expertise would have to be rated by those clients.

What was our ROI?

ROI is extremely difficult to estimate in the network security world – you can see that your security posture is preventing threats from succeeding but what you cannot see is what the threat’s end-game is if it were to succeed in the initial intrusion/exploit. So for any given successful threat defense, I could have prevented defacement of my web-interface or I could’ve prevented the large-scale loss of digital property. Given the collateral benefits that Sourcefire provides, such as being a very efficient tool for our helpdesk as previously mentioned, the ROI is often much better than originally anticipated.

What's my experience with pricing, setup cost, and licensing?

Difficult to answer due to the large number of deployments.

Which other solutions did I evaluate?

Certainly, I’ve evaluated

  • Checkpoint
  • Juniper
  • Palo Alto firewalls

I've also looked at the follow NG solutions (FW, IPS, AVC, URL, Malware Protection).

  • Checkpoint
  • Palo Alto

What other advice do I have?

Start with the end in mind – prepare for your implementation and have a plan for reacting to complications or failure. Also, position your sensors strategically to get the most comprehensive visibility in your environment; if you cannot see it you cannot defend it.

Disclosure: My company has a business relationship with this vendor other than being a customer: Cisco Gold Partner
it_user217461
Technical Solutions Architect at a university with 501-1,000 employees
Vendor
The way that it automates the provisioning of accounts is valuable but there were some deployment issues.

What is most valuable?

The way that it automated the provisioning of accounts for employees and students and the quick response time.

How has it helped my organization?

One of the biggest pain points was that username changes were not automated and caused problems. Now username changes are just so easy.

For how long have I used the solution?

I've used it since September 2012.

What was my experience with deployment of the solution?

Yes, but, they were not show stoppers.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

We did not need to scale, however, it is holding up with the regular growth.

How are customer service and technical support?

Customer Service:

We have engaged Microsoft consultants to give us direction. That has greatly helped.

Technical Support:

The technical support by the consultants was very good.

Which solution did I use previously and why did I switch?

Yes, we used Sun IDM. However, Oracle was killing their product and the licenses would cost a lot, besides the cost of implementation.

How was the initial setup?

The initial setup was mostly straightforward, since we had a game plan.

What about the implementation team?

We had a partnership between Microsoft and an in-house team.

What was our ROI?

Our ROI is that we can provision users accounts within 30 minutes of them being put into the system.

What's my experience with pricing, setup cost, and licensing?

The original setup cost was all inclusive about $100k.

Which other solutions did I evaluate?

Yes, we did evaluate other options. However, since we used Active Directory and Exchange, it was much easier to go to Forefront Identity Manager.

What other advice do I have?

  • Have a proper game plan
  • Know your business processes
  • Have good consultants
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user216543
Systems Administrator at a energy/utilities company with 501-1,000 employees
Vendor
​I wouldn't consider this appropriate for fewer than around 2,000 users, unless you are synchronizing multiple databases.

How has it helped my organization?

To be honest - it hasn't. It was sold and installed for us at a large sum, with questionable implementations. Personally, I could have done something almost as effective with PowerShell scripts.

For how long have I used the solution?

I've used it for six months.

What was my experience with deployment of the solution?

I was not here for deployment, but a mistake by the vendor caused a duplication of accounts for the entire enterprise

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

Unsure.

Technical Support:

Awful. Vendor did not want to hear about it. However, our project team signed it off despite the operation team warning against it.

Which solution did I use previously and why did I switch?

No previous solution used.

How was the initial setup?

The biggest difficulty was aligning our requirements with HR.

What about the implementation team?

We used a vendor team whose expertise was 8/10.

What was our ROI?

Pretty awful. A large initial investment with something that could have been done by one person full time over six years with less hassle. As it stands, around 0.25FTE is still spent on it by a higher salaried individual. Including ongoing server costs and time maintaining, the ROI would actually be negative

What's my experience with pricing, setup cost, and licensing?

It cost us approx. US$250k to set up and is roughly US$200 day to day. Also, we pay for premier support and, occasionally, for consulting.

Which other solutions did I evaluate?

No other options evaluated.

What other advice do I have?

I wouldn't consider this appropriate for less than around 2000 users, unless you are synchronising multiple databases

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chandan R
Senior Consultant at a tech consulting company with 1,001-5,000 employees
Consultant
It has automated the entire user and group management process but more out of box connectors are needed.

What is most valuable?

  • Synchronization
  • End user functionality
  • Portal
  • Service
  • Self service password reset
  • Password management
  • Password sync
  • Group management via Outlook
  • Reporting

How has it helped my organization?

It has automated the entire user and group management process, thus reducing manual work and help desk cost to a great extent.

What needs improvement?

More out of box connectors and conducting awareness of the product along with more marketing. This would enhance the tools capabilities by keeping in mind other similar products from other vendors.

For how long have I used the solution?

I've used it for seven years.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

Not with the latest version.

What do I think about the scalability of the solution?

Not with the latest version.

How are customer service and technical support?

Customer Service:

Good.

Technical Support:

Good.

Which solution did I use previously and why did I switch?

This is my first tool.

How was the initial setup?

Pretty Straightforward. Microsoft always builds products with easy Next->Next options.

What about the implementation team?

I work for a company that provides services for such tools, so we implement it ourselves.

What was our ROI?

You would get back the initial investment within three to four years.

What other advice do I have?

Be sure on sizing.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user3870
Senior Manager of Engineering with 1,001-5,000 employees
Vendor
One of the best products to use when protecting your network from dangerous risks

Valuable Features:

Many of our customers use Forefront Client Security which simplifies administration though a central management console. This is great, as we are able to; monitor installs, virus definition updates and produce reports.All virus definition updates/engine updates can be downloaded and installed automatically, using windows server update services. This is ideal when you have a large network. To date we have not had a virus infecting a desktop with Forefront installed - this is the main reason why we will not use another anti-virus solution.

Room for Improvement:

When using Forefront in a domain network, it is quite difficult to create the group policies needed for definition/engine updates using WSUS.For a managed Anti-Virus, Forefront is one of the best choices. Standard desktops use Microsoft Security Essentials which is free but limited to 10 licences on a small network and cannot be centrally managed.From an IT Support perspective -make sure desktops have user account control enabled just to avoid users running programs that forefront has alerted as dangerous.

Other Advice:

From experience it's always best to use a Microsoft product for your desktop protection (Only if your running Windows of course).
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user1020
Head of Data Center at a university with 1,001-5,000 employees
Vendor
A very good anti-virus solution if you have a Microsoft license subscription. Just make sure to have an internal update server to help speed-up definition updates and reduce bandwidth consumption.

Valuable Features:

We have been using Microsoft Forefront for almost three (3) years now and so far we are very satisfied with it. From a cost perspective, it very economical when packaged with our Microsoft software licenses. Microsoft's new license subscription option for schools even made it more value for money, as we can now install it on all university computers.Performance wise, it's one of the most effective anti-virus solutions we have ever used. It's very effective in cleaning viruses and malware without removing system files. As a result, we can recover servers faster and without the need to do a repair installation. We have used Free, Open source and Kaspersky anti-virus before, but Microsoft Forefront has the best integration between the OS and Anti-virus application.

Room for Improvement:

In our experience, you really need a local Windows Update Server so that product and definintion updates can be easily downloaded. Without it, the client seems to update very slowly and may take a lot of time. Also, you need to have a license agreement with Microsoft for you to be able to use Forefront. It's technically the same as Security Essentials, but you can centrally management Forefront instances installed on different computer on the campus.I would definitely recommend Microsoft Forefront if you have a Microsoft license agreement. It will not only save you on cost, it will also give you an enterprise anti-virus system which can be centrally administered as well.

Other Advice:

Just make sure you set-up an internal Windows update server to prevent each client from consuming a lot of bandwidth downloading updates from Microsoft's servers. It is not required but also highly recommended to set-up a management and reporting server to be able to have a picture of all threats being faced in your company.
Disclosure: I am a real user, and this review is based on my own experience and opinions.