Symantec Endpoint Protection 11.0 vs.

Microsoft Forefront “Stirling” Client Security

Product Battlecard

Overview of Microsoft “Stirling” Forefront Date Created February, 2009

Last Updated March 13, 2009
Client Security1 Audience
Symantec Worldwide Customers and
Microsoft plans to release a new version of the Forefront product Partners, except China and Vietnam
line codenamed Forefront “Stirling” in the first half of 2009. The product is currently in beta. In addition to Forefront Client
Security, Microsoft offers Forefront Security for Exchange & SharePoint and Forefront Threat Management Gateway (formerly
ISA Server) under the Forefront brand.

Quick Comparison
La

Functionality 2 AV AS FW IPS DC GEB TS AC

Symantec Endpoint Protection 11.0 ● ● ● ● ● ● ● ●
Microsoft Forefront “Stirling” Client Security ● ● ● ○ ● ○ ○ ●

Key Symantec Endpoint Protection 11.0 Differentiators

Symantec Key
Differentiators/Advantages
Proactive protection
technologies
Symantec is continually
identifying new threats and
developing effective
protection technologies.
Commitment to security
Symantec has been
committed to security for
consumers and businesses
for over 20 years.
Business Benefit
Protection against today’s
threats
• Protection against
dynamic malware
• Protection against
drive-by downloads
• Our commitment to
security means
customers can be
confident their
investment will meet
their current and future
security needs
• Customers benefit from
Microsoft Claim & Symantec Response
Microsoft claim
Forefront “Stirling” effectively detects packed malware with
static signatures developed in a “sandbox” environment. 3
Symantec response
• Static signatures may protect against malware using
packers, but likely will not be effective against new threats
like drive-by downloads, dynamically changing malware
and obfuscation techniques.
o In most environments, antivirus is not enough.
Symantec goes beyond static signatures and includes
network intrusion prevention technology to protect
underlying vulnerabilities and behavioral based
detection to protection against new attack
technologies. 4
Microsoft claim
Microsoft continues to provide malware protection for
consumers with a free antivirus offering codenamed ‘Morro.’
Symantec response
• Microsoft announced exit from the consumer security
market and the end of OneCare 2.0 in 2009.
• Microsoft admits Morro will only provide basic protection.
5

Single integrated product
Symantec Endpoint
Protection is an integrated
product designed from the
ground up to protect
intelligence gained from
millions of consumers
• Easy to deploy
• Lower management
cost
• Less training required
• Microsoft Defender and the Malicious Software Removal
tool have not put the need for antispyware to an end.
Microsoft claim
Forefront codename "Stirling" is an integrated security system
that delivers comprehensive, coordinated protection across
endpoints, messaging and collaboration servers, and the
network edge that is easier to manage and control. 6

Copyright © 2009 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo and any other trademark found on the Symantec Trademarks
List that are referred to or displayed in the document are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other
countries. Other names may be trademarks of their respective owners. All product information is subject to change without notice.
Page 1 of 3
 Symantec Endpoint Protection 11.0 vs.
Microsoft Forefront “Stirling” Client Security
Product Battlecard
Symantec Key Business Benefit Microsoft Claim & Symantec Response
Differentiators/Advantages
endpoints from malware. Symantec response
• Forefront ‘Stirling’ is a collective of multiple products and
technologies and does not offer functionality many
environments need.
• Microsoft estimates that it requires four weeks of
professional services to deploy Forefront Client Security to
a typical 3000 user company. 7
• “Stirling” requires Windows Server Update Services 3.0,
Windows PowerShell 1.0, System Center Operations
Manager and multiple other components. 8
• Essential functionality like ‘Tamper Protection’ that
prevents users from disabling or uninstalling the product
can’t be configured in the console and requires manual
registry changes or the use of tools like GPO. 9

Business Value of Symantec Endpoint Protection 11.0

Symantec Endpoint Protection 11.0 combines Symantec AntiVirus with advanced threat prevention to defend against
malware for all endpoints. It seamlessly integrates essential security technologies in a single agent and management console,
increasing protection and lowering total cost of ownership.
• A single agent and console reduces the administrative effort required to deploy and manage endpoint protection,
driving down cost and producing lower TCO.
• Simplified deployment and maintenance; you only install and update one product.
• Easy NAC rollout. NAC functionality is included in Symantec Endpoint Protection. If you are considering a NAC
project you won’t have to deploy any software to the endpoints.

Key Questions to Ask

• Do you think a patchwork of different products and technologies is a good approach to security?
• Are you confident that companies who do not focus on their security products will continue their product lines?
• Are you interested in the purchasing price or in the total cost of ownership of a solution?

How to get more information

The Symantec Endpoint Protection site offers numerous resources, including:
• Third-party analysis and evaluation of leading security products
• Whitepapers, business value studies, valuation guides, trialware, and more
• Learn why antivirus is not enough

Copyright © 2009 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo and any other trademark found on the Symantec Trademarks
List that are referred to or displayed in the document are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other
countries. Other names may be trademarks of their respective owners. All product information is subject to change without notice.
Page 2 of 3
 Symantec Endpoint Protection 11.0 vs.
Microsoft Forefront “Stirling” Client Security
Product Battlecard

                                                            
1
Source: Symantec analysis of Microsoft product documentation, blogs, press releases and datasheets on Microsoft website in March 2009. Product
information is subject to change without notice.
2
Table Legend
AV Antivirus AS Antispyware
FW Firewall IPS Deep Packet Inspection IPS
An attack-facing network inspection technology as defined by Gartner in
G00127317 page 2, May 2005
DC Device Control GEB Generic Exploit Blocking
A vulnerability facing network inspection technology as defined by
Gartner in G00127317 page 2, May 2005
TS TruScan AC Application Control
An active behavioral containment technology as defined by Gartner in A behavioral application hardening technology as defined by Gartner in
G00127317 page 3, May 2005 G00127317, page 3, May 2005

3
Microsoft, “Understanding Anti Malware Technologies”, 2007
4
Symantec, Web Based Attacks, http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/web_based_attacks_02-
2009.pdf
5
Microsoft, Press Release “Microsoft Announces Plans for No-Cost Consumer Security Offering” November 18, 2008
6
Microsoft TechNet Stirling Homepage, March 1st, 2009 http://technet.microsoft.com/en-us/forefront/stirling/default.aspx,
7
Microsoft Partner Conference, Port Douglas Australia, August 5-7 2008
8
Microsoft Forefront Stirling System Requirements
9
http://blogs.microsoft.co.il/blogs/yanivf/archive/2009/01/09/temper-protection-in-forefront-client-security.aspx

Copyright © 2009 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo and any other trademark found on the Symantec Trademarks
List that are referred to or displayed in the document are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other
countries. Other names may be trademarks of their respective owners. All product information is subject to change without notice.
Page 3 of 3