IM monitoring and logging

* Products that address IM security and compliance in the enterprise and SMB markets

Thanks to former congressman Mark Foley, the abusive use of instant messaging is in the news. Mr. Foley was found to have sent inappropriate messages to underage congressional helpers. Not only is this morally wrong; it is a crime. If prosecuted and convicted, he can go to jail for this activity.

But the buck doesn’t stop at Foley when it comes to blame. There are repercussions being felt by his employer (the U.S. federal government) in terms of culpability for Foley’s actions. Who knew he was doing this? Who tried to get him to stop? Should his employer have done more to stop or prevent this illegal activity? Is his employer liable for his actions in any way?

Foley’s case, of course, is exaggerated because it is being played out on a national stage, during an election year. Ordinary cases of IM abuse are usually not so high profile. But the scandal could easily be closer to home if an employee at your organization used company resources to send or receive offensive, threatening or damaging IMs.

Aside from the potential for abuse of IM, there are the security threats it poses for an enterprise. Viruses and other malware use IM as a vector for entering network environments that are otherwise protected against such threats. Gartner analysts say IT administrators who do not manage and protect public IM will experience 80% more IM-related security incidents than those that do.

For all the fears about IM, many organizations find it to be a very useful tool for increasing productivity, and they encourage employees to use IM. At the same time, there is a need to monitor what IM is being used for - perhaps to prevent the kind of abuse instigated by former Congressman Foley.

There are numerous products on the market today that address IM security and compliance in the enterprise and SMB markets. Among the products are software applications, such as IM Policy Manager from IM-Age Software and Symantec IM Manager, and physical appliances such as Barracuda Networks Instant Messaging Firewall and Facetime’s IMAuditor.

Whether hardware- or software-based, what these products have in common is the recognition that organizations must manage, monitor and control IM activity so as to assure compliance, prevent data leakage, prevent IM-based attacks, and monitor for inappropriate use.

Let’s have a quick look at just a few of the product choices:

Symantec IMlogic IM Manager offers user authentication against a corporate directory; granular policy management that includes content filtering and blocking; file transfer controls to safeguard employees and protect intellectual data; and integrated threat protection. You can log and archive IM conversations across disparate IM networks and utilize full audit capabilities for message review and retention, including the capture of key message statistics such as user attributes and network identity. IM Manager will work with AOL Instant Messenger, MSN Messenger and Yahoo Messenger as well as with a range of enterprise IM software. Also included in the product are archiving and management tools to help with compliance with the Sarbanes-Oxley Act and other regulations.

IM Policy Manager from IM-Age Software centrally logs, reports and alerts on IM conversations for public IM applications. You can block file transfers over IM to prevent data leaks and inbound malware, and secure IM usage by encrypting the messages before transmission.

The Barracuda Networks Instant Messaging Firewall is a secure IM server with an IM management solution in an appliance format. It offers IM traffic identification and logging; public IM management with networks such as AOL, Yahoo!, MSN and ICQ and Google's Talk service; a private and secure IM server/network; keyword identification and reporting; and Secure file transfer.

Facetime IMAuditor supports all public and enterprise IM clients, as well as industry-focused IM communities such as Reuters and Bloomberg, and Web conferencing applications such as WebEx. It allows you to Manage file transfer, collaboration, and other client-level activities for all real-time communications services. This application scans transferred files, including LCS file transfers, using your existing antivirus tools, and protects real-time communications channels against zero-day worm and virus attacks. Perhaps more than the other products mentioned above, IMAuditor has extensive enterprise capabilities designed to keep your users and network environment safe and secure.

By the way, if the Congressman Foley case entices you to monitor the IM conversations your children have at home, there are numerous consumer oriented products as well, including IM Einstein Home (from the same company delivering IM Policy Manager, above); IM Safer; and IamBigBrother. Stop the pedophiles and bullies before they harm your child.

Copyright © 2006 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022