Instant Messaging Security

IM networks are an increasingly common channel for the spread of malware such as viruses, worms and spyware. IM and other real-time communication applications, representative of what FaceTime has termed greynets - are network-enabled applications that operate outside the control of the corporate IT department. These not so secure channels are increasingly becoming the vectors of propagation for malicious applications and code. This highlights the dilemma facing both IT staff and security vendors - how to manage the greynet 'spectrum' to enable business productivity from good greynet applications such as IM while preventing malware and lowering risks to the business.

Business Risks of IM

IM usage in business - both sanctioned and not - is growing rapidly. And because IM opens up unsecured channels into the organization, the hacker and virus-writing communities have not wasted any time in exploiting this growth. In fact, research undertaken by FaceTime Security Labs shows that security incidents involving the use of chat, IM and P2P networks were up 2200% in 2005 over 2004. While IM delivers tremendous gains in productivity by enabling real-time communications between co-workers and business partners, it also brings significant risks. These risks fall into three major areas:

• Inbound threats
  IM creates new vectors for the distribution of malware (viruses, worms, spyware, rootkits, and more) and SpIM (Spam over IM) which can cause a major drain on productivity and resources. Read about malware and spyware prevention.
• Outbound threats
  IM opens new 'holes' through which information can leak or be leaked, leading to user privacy concerns and the potential loss of intellectual property
• Non-compliance with corporate and regulatory requirements
  IM creates invisible communications channels that operate below the radar of conventional information security measures, exposing the organization to regulatory compliance breaches. Read more about IM compliance and e-Discovery.

Technical Challenges of IM Security

Greynets are largely invisible to existing information security infrastructure such as firewalls, intrusion prevention and intrusion detection devices, and proxies because they are specifically designed to evade detection and provide ubiquitous access. These existing security measures do not adequately address the protocols and behaviors used by greynet channels.

• IM clients use port crawling - the ability to exploit any open port on the firewall - so blocking the 'usual' port for the particular application doesn't work.
• Every IM network provider has its own unique set of IP addresses to which clients can connect. These IP addresses change frequently or at random without notice, so firewalls and proxies cannot apply blocking policies using the typical black list of IP addresses.
• IM protocols are proprietary and constantly evolving to deliver new and more advanced features to users; firewalls and proxies do not evolve at this pace, nor do IT organizations want to be constantly updating protocol signatures on the firewall.
• The synchronous nature of real-time connections is much different from the asynchronous web browsing and email traffic; firewalls and proxies were not designed to inspect and analyze real-time communication traffic, so network performance suffers.

And from a human perspective, IM blocking will simply result in unhappy employees and attempts to bypass the system, which may cause more problems than it solves.

Why Choose FaceTime?

FaceTime offers the only comprehensive IM and greynet security solutions that prevent spyware and secure IM use, providing full visibility and granular control for all major real-time communications applications:

• Public IM Networks (AIM, Yahoo, MSN, GoogleTalk, ICQ, and more)
• Enterprise IM Networks (OCS, LCS, Sametime, Antepo, Jabber, Parlano MindAlign)
• Professional Community Networks (Bloomberg, Communicator Inc., PivotSolutions)
• Web Conferencing (WebEx)

FaceTime solutions facilitate the positive use of legitimate greynet applications, keeping employees productive while securing the enterprise against these new threat sources. By integrating seamlessly with existing IT and information security infrastructure such as anti-virus, FaceTime enables maximum return on existing investments.

Managing the IM Security Risk

FaceTime offers comprehensive IM threat risk protection:

• Protection against inbound threats from viruses, worms, spyware, SpIM, and more by monitoring and managing greynet communication channels
• Prevention information leakage through content filtering, logging and archiving for all text conversations and file attachment content
• Ensuring compliance through TrueCompliance™ strict policy enforcement and user/group level access controls

All security controls are backed by FaceTime Security Labs, the world's largest greynet threat research facility, which automatically ensures that the latest detection mechanisms are deployed as soon as they become available, minimizing the potential for zero-day infection.

FaceTime is the acknowledged leader in IM security and compliance management with almost three million seats under management, including eight of the top ten US banks and 17 of 24 FIMA members. The company has been ranked #1 in IM market share by IDC for four consecutive years, and received the SC Magazine Readers' Trust award for IM Security in 2006 and 2007.