FaceTime made its name over the years first as an instant messaging security specialist, eventually adding peer-to-peer (P2P) networks to its repertoire of threats to manage. Times have changed, though, and IT managers find themselves dealing with more sophisticated security challenges, and more vectors for attack. FaceTime has changed with the times, too, and the company’s latest version of its Unified Secure Gateway (USG) catches it up with the world of social networking and Web 2.0.
The USG 3.0 is a Web gateway appliance that offers URL filtering and anti-malware features along with logging, reporting and remediation. Where it used to concentrate on instant messaging (IM) and P2P traffic, it now includes coverage for social networking, Internet video and virtual worlds such as Second Life and World of Warcraft. To ease integration with existing proxy configurations, the USG uses an ICAP-based connector, but can also be deployed in pass-by mode to save admins the effort of reconfiguring their networks.
The device comes with a number of licensing options based on the coverage provided. The Basic license covers Web applications, with additional licenses adding basic Web content, public IM and unified communications. Additional recurring fees include annual maintenance and support and subscriptions for anti-malware and anti-virus. According to the company, a single device can support up to 10,000 users, though virtualization and load-balancing options enable support for larger organizations.
Learning from IM, Identifying New Threats
According to Nick Sears, FaceTime’s vice president for Europe, the Middle East and Africa (EMEA), the company’s “vision has expanded” because the array of ways end users work with the Internet has grown. Sears said the convergence of formerly separate application types, such as Skype’s utilization of voice, IM and P2P traffic, required a new look. FaceTime’s experience with IM traffic, which utilizes a number of different protocols and transports, helps the company work with the non-standard, non-centralized world of social networking and Web 2.0.
Additionally, Sears said, there’s a growing disconnect between the ways IT managers perceive their users are behaving and the actual use patterns. Sears sited a comparison between a FaceTime survey of IT managers and usage data gleaned from the company’s five million managed users that indicated IT managers wildly underestimate the use of some applications on their networks. Where IT managers estimated no more than 35 percent of their users used Web-based IM, FaceTime’s data indicated closer to 97 percent usage. With voice over IP (VoIP), IT managers claimed only 40 percent usage, while FaceTime data indicated 100 percent among users.
Sears said IT managers have also changed their perceptions of how to best handle traffic from IM, social networking and other sources. “Two years ago, IT just wanted to block it. Now it wants to control access and mitigate risk.”
Shades of Gray in Threat Management
To that end, the USG takes a nuanced approach to the traffic within its purview. Rather than offering a blanket ban of Facebook traffic, which is gaining an increasing presence in businesses and which can, according to Sears, account for upwards of five percent of employee work time each day, the USG offers fine-grained access control to over 50,000 Facebook applications.
Similarly, rather than limiting its control of potentially harmful or offensive Web content to simple URL filtering, the USG does content analysis in real-time. The appliance provides an archive of the requested content to managers, allowing them to make independent decisions on whether filtering was appropriate or not, and it also provides “coaching,” warning users of potential problems with some kinds of content while still allowing access.
The USG also integrates with corporate LDAP directories, allowing admins to create group policies instead of subjecting all the users on their network to a one-size-fits-all filtering solution. The USG’s LDAP integration also assists in the construction of “ethical firewalls,” which allow admins to regulate communications between groups of users.
Besides protecting end users from malicious or unapproved content, the USG offers a comprehensive set of reporting tools; logging and archiving traffic both to identify false positives when challenged by users, and to provide the necessary regulatory compliance organizations have been required to observe in the past several years.
In addition to concretely identifying the network traffic consumption of individual users by protocol or service, the USG offers a visualizer that provides an overview of all traffic types, helping administrators identify aggregate usage patterns.