IM and Security: No LOL Matter

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

I'd love to take credit for it, but can't: The CRN review linked to below started with the line that IM security is no LOL matter.


The two trends have been barreling into each other for a couple of years, and its only a matter of time before a major conflagration occurs. Indeed, it already may have. Regulators are demanding that companies be ever more vigilant about monitoring and documenting communications. All the while, difficult to secure and manage real-time communications tools, many of them consumer products, are seeping into the enterprise.


vnunet.com reports that one in four employees have sent information considered proprietary -- company plans, finance or password information -- over IM. The story doesn't say if that assessment is a best-effort guess or backed by hard research. Whatever the case, the dangers of such activities undoubtedly are real. The story points to a Societe Generale scandal in which IM was a main channel over which details of a trading plot were discussed.


FaceTime isn't the only company that says the problem of IM security is getting worse. Akonix reported at the end of last month that its IM Security Center had tracked 20 new pieces of malicious code during February, an increase of 43 percent compared to January. Some of the new worms are Barten, Defusxyd, Dung and MSNemy. Two variants each were seen for MSNemy and Imaut. It is going to get worse before it gets better: An Akonix executive is quoted as saying IM attacks will proliferate as companies add more related real-time media.


Of course, where there is an opening, vendors will follow. After its clever start, CRN reviews FaceTime's Unified SecurityGateway (USG). The review says that it connections to SPAN/TAP port of a switch. Two other ports are used to connect to a Web-based management software and as the bridge between the internal IM clients and the device. The reviewer says that it was easy to navigate policy setup. A default warning was presented when accessing a blocked site. IM management was detailed, and included a spam over IM (SPIM) setting.


Another vendor hoping to make headway by handling IM security is St. Bernard Software, which last month upgraded its iPrism security appliance by integrating it with its LivePrism managed security service.The hybrid system routes the IM traffic to the St. Bernard data center for processing. iPrism 6.0 enables IM filtering and the ability to offer user-specific polices.


The severity of the problem of IM security is made plain in this Instant Messaging Planet piece. The writer says, essentially, IM is a great launching pad for thieves looking to create botnets or perform a number of underhanded tasks. Often, the bad code is introduced in chat rooms and on social networking sites and propagates through accessing users' buddy lists. The ground is so favorable to virus and malware pushers that they can be selective in the geographic location and the size of the botnets formed through IM distribution. The only way to keep businesses completely safe, the writer says, is to eliminate the ability to execute files received over IM. This, however, would eliminate the advantage of IM in the first place.