Carl Weinschenk spoke with Ari Tammam, vice president of Channels for Promisec.
Weinschenk: How should businesses think about P2P applications?
Tammam: The only P2P application that is used in business will be a type of IM communications. It's much quicker than e-mail. Outside of that, there is no real need to have file-sharing applications. We have FTP for business-to-business communications. You don't need sharing of entertainment files [in the office]. Anything outside of IM should really be eliminated. That way, you mitigate and limit the threat.
Weinschenk: What type of responses should organizations consider?
Tammam: It's easy to stop people from using P2P with our software or others out there. It limits the usage or monitors the content. Another way to do it will be to limit the user's access to their own machine so they can't download or run any application they want.
Weinschenk: Are companies doing this?
Tammam: I think more and more businesses are beginning to understand, especially larger businesses. [Still], a lot of them seem to think the threat is pretty minor, that it will never happen to them. In some organizations, they need to let people have expansive P2P applications. Instead of outlawing it, they should limit and monitor it. I think people are taking a much more serious look at it. Some people lock down the entire network and are not allowing anything. Others are allowing more freedom to let people work normally, but need to have tools in place to monitor the network. We have client banks and financial networks that lock down certain parts of their networks, for instance.
Weinschenk: What are the biggest risks associated with P2P in the enterprise?
Tammam: Wasted time and security breaches definitely have dollar values to them. In explaining both of them, you are talking to different people in the company. Can you say, "If you mitigate P2P you will see X improvement on bottom line"? That's a difficult thing. You could estimate a load of things, a lot of assumptions or variables if you take real-life examples, but I don't think you could [convince] many companies in this way. What you could do is show actual activity in which people are working or chatting with friends or playing a game. That is not necessarily all P2P.
Weinschenk: What, precisely, does your software do?
Tammam: What we do is identify and control any P2P activity on an end point by removing the app or killing its process. One company we deal with outlaws everything except IM. We give a heads-up on the state of the entire network. Then we give the administrator the tools to stop or to completely eliminate the app from the end point.
Weinschenk: Is the norm to kill all P2P apps?
Tammam: Most companies just want to see what's out there. What they are surprised to see is how much is going on. People have shared folders that they shouldn't have. That is an indication of P2P because they always create shared folders. Some invoke remediation tools at their disposal. For instance, one client - a hospital in the UK - just kills the process.
Weinschenk: It sounds like quite a cat-and-mouse game. What kind of cooperation do you get from high-level executives?
Tammam: Senior executives feel they are a law unto themselves and don't have to abide by what lower-level staff says. That's where a lot of back-and-forth happens - between IT administrators and senior managers. The extent depends on the bravado and charisma of the executive involved. You have other situations, including the recent case of Japanese soldiers sharing porn, and mixed with that was information about American missile defense that was being taught to senior officers.
Weinschenk: What other things does your software look at?
Tammam: The high-level view is not to limit the view to one threat like P2P. There are a lot of other internal threats that people aren't aware of. Let's say people have unauthorized shared folders or drives or people are connecting to multiple networks such as public and private networks in an organization. These are internal threats that are a problem. There also are technical errors, human errors, misconfigurations of new devices. Things like that need to be identified as well. The basic idea is to enforce security and network management across the entire organization so problems are spotted before they become a security breach.