FaceTime Enterprise Edition

FaceTime's system includes an RTGuardian appliance, which caused zero latency as it inspected inbound and outbound Internet traffic for malware and malware references.

Impressively, the RTG 500 caused zero latency as it inspected inbound and outbound Internet traffic for malware and malware references. When it detected unmanaged instant messaging and peer-to-peer protocols (such as Skype) or malware coming over IM or peer-to-peer, the RTG 500 prevented the unwanted computer programs from entering our network by spoofing the source and destination machine addresses to send each session partner a TCP Reset packet. The TCP Reset instructs both sender and receiver to cease the current transfer of data.

FaceTime's use of the TCP Reset packet is extremely clever. The RTG appliance was never a bottleneck, because it doesn't sit inline between the Internet connection and the network. The appliance merely listens to the conversation flow and, when it detects malware, commands the client and the spyware host to halt. In other words, the appliance never has to act as a relay station. While some upstream routers may be programmed to discard the TCP Reset on its way back to the spyware host, you can reconfigure the upstream routers. Most important, the client gets the message to stop requesting the spyware packets.

The RTG 500 thwarted 69 of 70 malware instances with which we attacked our network. The device dealt comprehensively with Web-, Skype- and IM-borne unwanted programs. The 1U device connects to a span port on a switch or any hub port. FaceTime typically distributes malware definition updates twice a week but sends them more when it identifies critical threats.

For each event, the device collects date, time, spyware ID (its name), category (spyware or adware), type of attack (infection, phone home), threat rating, source IP address and number of attempts made. SNMP support for network- management system integration is planned, FaceTime says.

The Greynet Enterprise Manager (GEM) component is a central console that consolidates, in one place, the administration of several remote RTG units. A handy feature of GEM is that it can detect and clean infected desktops without the use of an agent. The IM Auditor component helps the RTG 500 thwart and report on malware carried by IM protocols.


< Previous: How we tested antimalware | Next: Aladdin >

Learn more about this topic

Antispyware buyer's guide

FaceTime secures distributed enterprises’ use of IM

09/04/06

FaceTime readies spyware prevention

08/29/05

Companies target IM, peer-to-peer threats

11/15/04

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT