IMlogic Focuses on IM Security and Compliance

By Michael Hall | Feb 14, 2005 | Print this Page
http://www.enterprisenetworkingplanet.com/netsysm/article.php/3482941/IMlogic-Focuses-on-IM-Security-and-Compliance.htm

With instant-messaging-based malware and spim appearing at a rate similar to that of e-mail during its ascent in the '90s, network managers are hard-pressed to both facilitate an increasingly popular means of communication and keep their networks secure. Add to that the regulatory concerns of archiving and maintaining internal "ethical firewalls," and it's clear that the ease of IM is limited to its users.

Into that situation comes a recent class of software aimed at helping enterprise managers button down IM without compromising its effectiveness. IMlogic's IM Manager, a new version of which was released today, is aimed at handling those requirements. The new offering leverages partnerships with security companies to enhance its real-time anti-malware capabilities.

IM Manager is able to monitor and regulate traffic from a variety of public and private networks, including Yahoo, AOL, MSN, Parlano, Jabber, Microsoft Live Communications Server 2005, and IBM's Lotus Instant Messaging and Workplace. The product is designed to run on Windows Server 2003 as well as some Linux distributions, though information on which were unavailable as this story was filed.

The product is one of several on the market that have gained prominence since last June, when AOL and Yahoo both announced a general retreat from attempts to enter the enterprise IM market on their own, preferring instead to work with independent partners like IM Logic and its IM management rival Akonix to push their brands into the enterprise.

IMlogic CEO Francis deSouza said development on IM Manager has been increasingly focused IM security and compliance. The product offers several features in those areas, including integration with the IMlogic Threat Center and a "compliance rules engine."

According to deSouza, instant messaging security trends closely mirror that of e-mail: "The trajectory is the same as with e-mail in the late '90s," he said, with occurrences of malware in the form of viruses and trojans as well as the flow of spim (define) roughly doubling every six months.

The IMlogic Threat Center is operated as a joint effort between IMlogic and several companies with heavy investments in instant messaging, including AOL, Yahoo, Microsoft, and IBM; as well as several security companies including Sybari (which Microsoft intends to acquire, McAfee, and Symantec.

Part of the threat center's approach to handling IM-based malware inolves a global network of honeypots (define) that identify IM viruses and worms soon after they hit the Internet and provide an opportunity for partners to distribute protection against the malware to IM Manager installations automatically.

In addition to its real-time malware tracking, IM Manager interoperates with Symantec's AntiVirus Scan Engine and Enterprise Security Architecture offerings.

Ensuring Compliance
The other key thrust of IMlogic's offering is "compliance," a broad term that covers a variety of regulatory issues facing companies. Compliance issues include archival requirements from legislation such as Sarbanes Oxley, and matters of communication between groups within firms that should not be interacting, such as researchers and traders at a brokerage firm.

deSouza said IM Manager enforces communications compliance with several tools, including group management and tools for creating trusted domains.

With group management, IM Manager administrators can assign IM users to groups either within the application itself or by leveraging existing LDAP and Active Directory stores. Admins can then configure rules that wall selected groups of users off from each other, or regulate which external domains users may or may not communicate with. Regulation can take the form of blocking traffic or through real-time monitoring of communications.

Another concern, said deSouza, is "leakage of IP," and he said that IM Manager provides tools to keep "good stuff from going out" of an organization via IM. IM Manager offers tools for monitoring traffic and either blocking restricted content, or sending notifications to both admins and users notifying them of a potentially inappropriate communication.

IM Manager also allows companies a way to control the IM clients in use on their networks. deSouza said that while some IM Logic customers prefer or need multi-network third party clients, "they aren't really sanctioned by the networks, " and can create management issues. IM Manager allows admins to identify and block traffic from such clients.

Partnerships Key
Sensitivity to the preferences of the public IM networks, said deSouza, is key to his company's efforts. He noted that IM Logic works closely with the network operators, often on a daily basis, and that "it took over a year to put those relationships in place."

deSouza sees IMlogic's role in the instant messaging arena as similar to that of firms that build telephony-related devices such as caller i.d. boxes and voicemail aware telephones, working with networks and their developers to "expose functionality."