Secure & Enable the New Internet
Contact Us divider How to Buy dividerFaceForward Blog
Home | IM Security
Contact Sales
 

Instant Messaging Security

Controlling IM Security Risks

IM usage in business – whether sanctioned or not - is growing rapidly. IM and other real-time communications are network-enabled applications that often operate outside the control of the corporate IT department. While they offer business value, these not-so-secure channels are increasingly becoming the vectors of propagation for malicious applications and code leaving IT to address how to enable business productivity from IM while also controlling risk.

IM security risk falls into three main categories:

  • Inbound threats
    IM creates new vectors for the distribution of malware (viruses, worms, spyware, rootkits, and more) and SpIM (Spam over IM) which can cause a major drain on productivity and resources. Read about security incidents involving the use of chat, IM and P2P networks and learn more about malware and spyware prevention.
  • Outbound threats
    IM opens new 'holes' through which information can leak or be leaked, leading to user privacy concerns and the potential loss of intellectual property
  • Non-compliance with corporate and regulatory requirements
    IM creates invisible communications channels that operate below the radar of conventional information security measures, exposing the organization to regulatory compliance breaches. Read more about IM compliance and e-Discovery.

Technical Challenges of IM Security

Real-time communication and Web 2.0 applications are largely invisible to existing information security infrastructure such as firewalls, intrusion prevention and detection devices, and proxies because they are specifically designed to evade detection and provide ubiquitous access. Existing security measures do not adequately address the protocols and behaviors used by these applications.

Blocking IM is no longer an option:
  • IM clients use port crawling - the ability to exploit any open port on the firewall - so blocking the 'usual' port for the particular application doesn't work.
  • Every IM network provider has its own unique set of IP addresses to which clients can connect. These IP addresses change frequently or at random without notice, so firewalls and proxies cannot apply blocking policies using the typical black list of IP addresses.
  • IM protocols are proprietary and constantly evolving to deliver new and more advanced features to users; firewalls and proxies do not evolve at this pace, nor do IT organizations want to be constantly updating protocol signatures on the firewall.
  • The synchronous nature of real-time connections is much different from the asynchronous web browsing and email traffic; firewalls and proxies were not designed to inspect and analyze real-time communication traffic, so network performance suffers.

Beyond the technical considerations, blocking IM will also result in unhappy employees who will attempt to bypass controls, which may cause more problems than it solves.

The Leader in IM Security

Ranked #1 in IM market share by IDC for five consecutive years, FaceTime is the acknowledged leader in IM security and compliance management with almost five million seats under management, and an industry-spanning customer list that includes nine of the top ten US banks. FaceTime offers the only comprehensive IM and Web application security solutions that prevent malware and secure IM use, providing full visibility and granular control for all major real-time and Unified Communications applications:

  • Public IM Networks (AIM, Yahoo, MSN, GoogleTalk, ICQ, and more)
  • Enterprise IM Networks (OCS, LCS, Sametime, Antepo, Jabber, Parlano MindAlign)
  • Professional Community Networks (Bloomberg, Communicator Inc., PivotSolutions)
  • Web Conferencing (WebEx)

FaceTime offers comprehensive IM security:

  • Protection against inbound threats from viruses, worms, spyware, SpIM, and more by monitoring and managing real-time communication, Unified Communications and Web application channels
  • Prevention information leakage through content filtering, logging and archiving for all text conversations and file attachment content
  • Ensuring compliance through TrueCompliance™ strict policy enforcement and user/group level access controls

By integrating seamlessly with existing IT and information security infrastructure such as Active Directory, storage systems and anti-virus, FaceTime also enables maximum return on your existing technology investments.

Learn more about IMAuditor, the leading enterprise-class solution for the security, compliance, management and control of IM and Unified Communications applications.

Learn more about Unified Security Gateway, an all-in-one appliance that enables and enforces safe and productive use of the Web, real-time communications and Web 2.0 applications to protect the network against inbound malware, mitigate information leakage risks, and ensure compliance with corporate, regulatory and e-discovery requirements.

Customer Service Rating by LivePerson

Literature

Spyware Cost Calculator
Find out how much spyware is costing your organization.
 
Free Assessment
Free Assessment
FaceTime Wins SCMag Award
SANS Top 20 Internet Security Attacks
Home  | Company  | Solutions  | Products  | Partners  | Support  | News & Events  | Security Labs  | Site Map  | RSS Feeds  | Contact Us
© Copyright 2003-2009, FaceTime Communications, Inc. All rights reserved.   Privacy Policy