Home » Data Protection » Network Security

How to Evaluate and Use Enterprise Instant Messaging Security Tools

As popular as instant messaging has become, most enterprises have neither policy nor technology in place for securing IM. Here's expert advice for getting the message.

DON'T overlook your current security providers. It's very likely that your current security providers—of Web filtering, firewall, virus protection, spam filtering, data leakage software, etc.—are building out their messaging security portfolios either through partnerships or acquisitions. That's why Caplan Grey urges users to ask current providers about their plans in this area. "You may be able to take advantage of licensing savings, integration or support advantages," she says.

DO ask how the system protects against malware: While vendors such as FaceTime, Akonix and Symantec continually update their virus signatures, protecting against IM viruses requires other evergreen tactics, according to a FaceTime spokesperson.
For instance, the product can unmask a bot by asking simple questions that require a human response, like, "What is 2 + 2?" "That could stop even zero-day threats before they're detected," she says. The system also keeps an eye out for anyone sending too many messages all at once, since that's usually a sign they're infected with something. "It's one thing to run signatures, but you also need proactive measures, which stops unwelcome behavior on the network," Firstbrook agrees. For instance, you'd want a system to detect and then isolate any computer displaying bot-like behavior, such as opening multiple sessions in a small time frame, he says.

DON'T treat IM security as an island. While vendors such as IMlogic, FaceTime and Akonix all got their start by offering dedicated IM security tools, the trend is to protect not just IM but all messaging from one platform, Firstbrook says. That's why Symantec's Enterprise Vault, for instance, archives data from e-mail, IM, content management and collaboration systems, and its antivirus system includes IM virus definitions.
In addition, FaceTime offers not just IMAuditor but also Unified Security Gateway, which integrates management, security and compliance for Web communications, consumer-driven Web applications (such as public IM, Skype and P2P) and enterprise IM platforms. Taylor currently uses IMAuditor, for instance, but is testing its USG product and plans to upgrade.

For its part, Secure Computing rolls IM control into its e-mail security appliance, and Akonix partners with FrontBridge Technologies to enable an integrated, hosted archiving and compliance solution for both e-mail and instant messaging. "You don't want to archive IM in a separate archive or treat it differently from a policy perspective," Firstbrook says. ##