IM Management: Facetime Casts a Broad Net
FaceTime sees itself as different to other IM security and management software vendors, despite offering the same basic functionality, for several reasons. Perhaps the most interesting of these is that the Foster City, CAL-based company doesn't really see itself as an IM company at all.
"Our mission – and the reason we are different from say Akonix or IMlogic – is that we are not just looking at IM , we look more broadly at real time applications including WebEx, collaboration software, peer to peer applications and SSL VPNs," says Srini Gurrapu, FaceTime's vice president of product management.
He believes that real time applications for conferencing, collaboration, VoIP and IM will all begin to merge together in more integrated applications. Therefore the challenge for IM security companies, he believes, is to understand that IM is just a subset of real time applications, and that it is protection and management tools to apply to all real time applications, not just IM applications, that customers are after. "If, for example, we don't have the technology to secure P2P channels, then we are not addressing the problems of our customers. So we need to have a more comprehensive offering than just IM tools," says Gurrapu.
The problem with managing and protecting against many P2P based applications - which can include IM - is that they can port crawl and their protocols change frequently, so they can be difficult to detect. To get around this FaceTime does not rely in signature recognition exclusively, but also uses behavior analysis – which includes detecting the presence "heartbeat" of many real time applications - deep flow analysis and statistical techniques to recognize unwanted applications for what they are as packets enter or leave the network.
For the moment, Gurrapu says Skype is causing the most headaches, although many of these will be overcome in the coming months. "Skype is the largest IM network and it gets anywhere," he says. "It does port hopping and tunneling, and carries payloads encrypted with AES. At the moment we can't manage Skype traffic because it is encrypted so we block it. In a forthcoming release we will be able to allow Skype VoIP but not FTP or messaging."
The company has a slightly bewildering array of products, but the most important of these is FaceTime Enterprise Edition. This is actually nothing more than a combination of two other products: IM Auditor, a security and management module available as a software package or as an appliance, and the RTGuardian perimeter security appliance.
IM Auditor is priced partly on a per user basis, while RTGuardian's pricing is based on the number of perimeter egress locations. As a guide, costs are as follows:
- Enterprise Edition -- starts at $7500
- IM Auditor -- starts at $5000
- RTG appliance -- $5000
IM Auditor is FaceTime's IM core management, control and compliance product Management and Control Using a web-based interface, IM Auditor allows enterprises to:
- Interoperate with and control in real time all popular IM networks and professional community networks
- Manage and secure WebEx chat sessions
- Map IM buddy names to employee IDs in standard corporate directories
- Enforce IM usage policies from a single point
- Make intelligent decisions based on anytime, anywhere web-based reports
- Message Hygiene and Security
- Prevent IM-borne virus and worm infections by forcing virus scans and blocking SpIM
- Protect against zero-day virus attacks
- Stop disclosure of proprietary information with integrated content filtering
- Combine with RTGuardian to protect against threats from spyware and unauthorized P2P connections
- Compliance Workflow and Archiving
- Log and archive all real-time communications, including WebEx chat text, in tamper-resistant binary form
- Administer "Chinese Walls" to enforce communication compliance standards between groups
- Web-based access to compliance workflow for reviewing and annotating conversations
- Enterprise Extensions and Integration
- Interfaces with existing firewalls and proxies
- Integrates with corporate database applications, email compliance and WORM storage systems, archiving, and anti-virus installations
- APIs for exploiting and extending real-time event management capabilities to other applications
- Enterprise-Grade Deployment
- Flexible deployment architecture with availability on Windows, Linux, Solaris
- Compatible with Microsoft Server solutions and Oracle database
- Multiple-language support enables:
- Disclaimers to be set for employees throughout the world
- Reviewers to see conversation transcripts in native languages
- Co-exists with standard IT infrastructure including load balancers and proxy servers
- Load-balance among redundant/stand-by directory servers, database servers, and corporate proxy servers
- Supported Applications:
- Enterprise Instant Messaging: Microsoft LCS, IBM Sametime, Antepo, Jabber, Parlano MindAlign
- Professional Community Networks: Reuters, Bloomberg, Communicator Inc., PivotSolutions
- Web Conferencing: WebEx
- Public Instant Messaging: MSN, AIM, Yahoo, GoogleTalk, ICQ and more
RTGuardian (RTG) is FaceTime's perimeter security solution for blocking the spread of spyware and adware in the enterprise and securing unauthorized IM and P2P usage. With RTG, enterprises can:
- Prevent spyware from spreading
- Prevent unauthorized IM and P2P connections
- Ensure safe and secure IM by blocking high-risk features
- Create a standardized profile of IM use within the enterprise
- Ensure non-stop protection with regular protocol updates
- IM and P2P protocol and client coverage: Expanding to 137 P2P clients variations, 18 P2P protocol groups, 25 IM client variations and a growing list of tunneling and anonymizer applications.
- Easy-to-Use User Interface: Allowing rapid set up, and ongoing administration and management.
- Multiple Appliance Configurations: Including the RTG100, RTG500 and RTG1000 designed for different through-put environments which take advantage of a new underlying Dell server architecture.
- Certified by Leading Security Vendors: Cisco Technology Developer Program Certified and Symantec SESA Certified.