Home » Data Protection » Network Security

How to Evaluate and Use Enterprise Instant Messaging Security Tools

As popular as instant messaging has become, most enterprises have neither policy nor technology in place for securing IM. Here's expert advice for getting the message.

Buzzword Alert
According to Maurene Caplan Grey, founder of Grey Consulting in Kent Lakes, N.Y., any communication that travels over IP is a candidate for some type of security breach, including Web mail, blogs, IM, VoIP, P2P networks and Web conferencing. This has led IM security vendors to add more coverage to their wares, beyond IM. As often happens, a buzzword has emerged to describe this effort: unified communications strategy. Caplan Grey says to ignore the buzzword and focus on what types of communications the vendor protects today, what that protection means, what they plan to protect in the future, its affiliations and OEM partners.

Evaluation Criteria
Key aspects of IM security include archiving, authorization, compliance, manageability, content inspection, spam-over-instant-messaging (SPIM) protection, IM identity registration, monitoring and integration with other security systems.
Increasingly, companies want to manage IM in accordance with other messaging media. Look for integration with enterprise IM systems, public IM systems, e-mail archival solutions, antivirus systems, corporate directories and firewalls.

Dos and Don'ts for Securing Instant Messaging
DON'T think your bases are covered with a corporate IM system. Corporate IM provides some controls and security, but analysts say additional security is needed to fully address the risks of IM. This includes restricting and/or managing public IM and complying with regulations that require auditing and archiving.

At CEVA Logistics, employees were previously allowed to instant message using Microsoft Live Communications Server with security provided by the company's Check Point Software firewall.

But when CEVA Global Network Operations Manager Tony Taylor grew concerned about complying with the Sarbanes-Oxley Act's auditing regulations, he tried taking IM away from employees altogether. In the end, because some customer contracts stipulated the use of real-time IM communications, he decided to implement FaceTime's IMAuditor. "It allowed us to secure the LCS environment, and people can also use third-party IM clients," Taylor says.

DO ensure that ever-changing IM protocols are supported. Consumer-based IM protocols are proprietary and constantly evolving, so it's important for the IM security vendor to be able to continuously update protocol signatures on the firewall.

DO consider encryption. Some vendors, such as Presensoft and Secure Computing (with its CipherTrust IronIM), offer encryption for IM transmissions. In addition, FaceTime stores IM messages in an encrypted database.

DO get a sense of how forward-thinking the vendor is. The world of IP messaging is constantly evolving, from IM protocols to downloadable applications, and so are the attacks that threaten security. That's why it's important to ask vendors about future plans—the next new threat they're working on and what you should be thinking about over the next year. "You need to find out what's on their road map," Caplan Grey says. "Get a picture of who's the most forward-thinking and who has the funds and R&D staff to execute on those plans." And because threats to IP messaging are often blended threats (for instance, enticing users to click on a URL that exposes them to bots or identity theft), vendors need to provide security across different media, in a similarly blended way, she says.