Syntax, Inc.

Microsoft ISA

Microsoft ISA (formerly MS Proxy) has always been a unique category. The security community has tended to view this technology in the context of acceleration (i.e. caching) rather than as a firewall. But this bias overlooks a fundamental security axiom: layered defense. For larger organizations, the notion of having multiple devices to address specific needs is acceptable and often embraced. In a layered environment, ISA is usually not the “first” firewall on the perimeter, rather the “last” to see the traffic before it reaches critical assets. In this model, the first firewall is the fastest (stateful packet filter), whereas the last firewall is an application layer device tuned to the key resource. When you consider that the most common assets that are exposed to the Internet are either Microsoft web or e-mail servers, then who should know better how to proxy this traffic than Microsoft?