FaceTime Makes IM as Safe as Talking Face-to-Face

No doubt about it: Enterprises that choose to support instant
messaging (IM) are faced with a host of security and privacy
challenges. Ignoring the technology will not help, as a rapidly
growing number of employees are already using IM. That’s where
FaceTime Communications’s IM Auditor comes into play. The
enterprise-grade server software monitors, archives, and analyzes IM
traffic, as well as enforces IM security and complies with legal
requirements (e.g., HIPAA and SEC) for instant message storage. The
product distinguishes itself by doing this through a comprehensive and
well-organized management tool set. And, to further sweeten the deal,
IM Auditor supports the IM clients employees are most likely already
using.

FaceTime follows the typical enterprise software business model and
takes suite approach to it IM offerings. IM Director represents the
core technology, although other products use the technology without
requiring IM Director. IM Director operates inside the firewall and,
as a product, takes responsibility for portals and collaborative
applications. IM Auditor is built on the IM Director technology and
also operates inside a firewall. It is responsible for monitoring and
recording IM activity (primarily the conversations) to meet IM
security and archiving requirements. A third product, IM Guardian
operates outside the firewall (usually in a DMZ) and is designed for
network and IM application protection. Other modules in the suite
include IM Call Center and IM Presence Manager.

Installation With Forethought

Installing IM Auditor is not difficult, but some planning should go
into its configuration. FaceTime’s documentation is quite good at
emphasizing and illustrating the various options, including failover
and clustered and distributed configurations. IM Auditor installs on
Windows 2000 or 2003 servers, requires MSMQ (Microsoft Message
Queuing) and a database storage system (it supports MS SQL Server 2000
or Oracle 9i).

Because performance is vital in enterprise IM environments, for the
most part, IM Auditor should be installed on a dedicated machine (one
that is separate from the database and actual IM server). IM Auditor
has two modes for operation, the recommended one being as a proxy
server (i.e., clients use this server’s address). An alternate mode
uses network DNS to reroute public network instant messages to IM
Auditor.

As a proxy server, IM Auditor uses SOCKS for public network IM
traffic and SIP for traffic from Microsoft Live Communications
Server. We worked with the SOCKS connections, using the wizard-driven
installation, and found the process to be very smooth. A false start
of our own making on the database connection (when using Microsoft SQL
Server 2000, we didn’t calculate correct database size and were
surprised by how much storage is required for IM archiving)
highlighted the importance of planning ahead. IM Auditor can also be
configured for direct routing from an IM server (e.g., Microsoft
Exchange and Reuters Messaging) using a FaceTime connector.

In short, there is nothing in the IM Auditor setup that is not
expected in the enterprise environment.

Authentic Administration

The Web-based administration module, IM Auditor Manager, provides
some of the best organized tools we’ve seen, in terms of content,
layout, and user interface as they apply to server configuration,
ongoing monitoring, and user management.

We found IM Auditor exceptionally strong in user management
(importing, grouping, and permissions). User information can be
entered manually (including user self-registration) as well as from
information imported through external sources (primarily LDAP-capable
network directories but also from text files). IM Auditor provides the
right kind of tools to handle thousands of users (and their buddies)
without requiring thousands of administrative hours.

Client Support

One the advantages of the IM Auditor’s approach is that users may
continue using their favorite public network IM client (e.g., those
from AOL, MSN, Yahoo, and ICQ). This latest version of IM Auditor
completes support for most of the “add-on” capabilities of IM, such as
video, audio, and file attachments. Note that feature support depends
on the client/public network. Also new in this version is a spim (IM
spam) filter that is a model of simplicity: Any message not from an IM
Auditor system or an employee/user ID (or user buddy list) will
automatically be challenged to enter a reply; if there is no reply,
the message is dumped. Although we were not able to perform a stress
test feature, we did not receive any spim during the time of testing
&#151 the concept seems solid.

The Business End

The business end of a product like IM Auditor is the ability to
monitor, archive, and analyze IM traffic (for the most part, the
conversations). In real time, IM Auditor does a limited amount of
traffic monitoring and can block “restricted phrases,” such as
profanity or business code words. Less immediately, IM Auditor can
generate e-mail alert messages for problems with IM traffic and
restricted phrases.

The management of restricted phrases and the review of IM
conversations, both key functions, are helped by IM Auditor’s
extensive use of roles. For example, the roles Global Reviewers, Group
Supervisors, and Employees can share the workload (and some of the
responsibility). Each role has limits on what can be reviewed and what
it can do. For example those with an Employees role may view their own
transcripts but cannot edit them. IM Auditor provides more than
adequate tools to search, filter, and annotate the conversations under
review.

IM Auditor’s reporting features are relatively flexible, covering
IM usage by top users, group usage, and network usage with a range of
dates and conditions. Some reports also generate graphs. Summaries can
be generated for daily and weekly conversations, and IM conversations
can be easily exported via e-mail to corporate e-mail compliance
software.

The Control Costs

The pricing structure for IM Auditor may seem steep (at $7,500 per
server it translates to about $10 per user), but it is in line with
the going rate for this type of product. In addition, in the
enterprise environment, IM Auditor may be only one piece of an IM
infrastructure, making IM support costly overall. Support is becoming
necessary, however, as ignoring or banning IM (which is akin to
sitting on the tracks and waiting to be hit by the train) will be
neither as cost-effective nor as strategic as being proactive with IM
applications and strategic IM use.

Supporting the aggressive use of IM is where companies, like
FaceTime, and their product suites are distinguishing themselves.

As a scalable enterprise-level tool, FaceTime IM Auditor is on the
mark when it comes to IM management. Its range of tools and features
comply with privacy and security requirements. Our testing experience
found the software to be a top product in a rapidly growing field.

Pros: Designed for complex and demanding enterprise
environments, including failover; Superior tools for data entry and
management of users/buddies.
Cons: Lack of a Linux or Unix version may be a disadvantage in
some corporate settings.

Article courtesy of ServerWatch

Latest Articles

Follow Us On Social Media

Explore More