Security Briefs: Risky IM; Pushing All-In-One Security Management Consoles

With IM use increasing 200 percent per year, unmanaged enterprise IM is a growing security risk. Plus, Check Point pushes one-console management for perimeter, internal, Web, and endpoint security.

Is IM use in your enterprise a security risk? Many organizations can’t answer that question because they don’t know how their employees use IM.

For perspective, consider this: IM use in the enterprise is rampant, and the number of IM aficionados continues to grow. Enterprise IM users currently number 40 million, reports IDC, which anticipates 140 million IM users by 2009.

Yet many companies don’t secure the public IM clients their employees use nor require employees to standardize on secure, enterprise IM clients. “Still today, the vast majority of usage is public IM, which is generally unmonitored and uncontrolled and flying under the radar of the IT department. It’s grassroots,” notes Jon Sakoda, senior director of product management for the Enterprise Messaging Management Group at Symantec. The company just released IM Manager 8.0, its first product for managing IM. (If you’re counting, the product is an update of IMlogic IM Manager version 7.5; Symantec acquired IMlogic earlier this year).

Of course, public IM clients are inherently Internet-connected clients, which makes them a security threat. “IM is a pipe between your network and the outside world, and obviously with any pipe there are risks—viruses, spam, worms—that can infect a corporate entity from the public Internet, going inbound to an organization,” says Sakoda. “But similarly there’s also the challenge of protecting corporate assets from exiting the company.”

That’s why as use of IM increases, so does the need to manage it, to mitigate both “security risks and compliance requirements,” says Carlin Wiegner, a messaging and Web security solutions senior director at Symantec. “Enterprises need a way to secure, manage, and archive all aspects of enterprise messaging while also insuring compliance with IT policies and government regulations.”

In the future, IM clients will get new capabilities, and that will create additional management challenges. “As the instant messaging clients have evolved to be more than just text chat and file transfer, [encompassing] richer voice over IP, and IP services, it’s important for enterprises to control those functionalities,” notes Sakoda.

- - -

Toward Easier Endpoint Security Management

The endpoint security market is maturing rapidly. As of the end of 2005, 31 percent of enterprises already had network quarantine capabilities, and 16 percent were planning to pilot them by the end of 2006, reports Forrester Research. “The uptake of network quarantine indicates a shift from traditional perimeter security that relies on network firewalls, to a more distributed environment that emphasizes secure authentication coupled with endpoint security.”

One challenge in distributed environments, however, is maintaining control of it all. Hence, as the network quarantine market matures, expect associated management console capabilities to likewise improve. For example, take Check Point, which announced its NGX security architecture now works with its endpoint security products (including a personal firewall, antivirus, anti-spyware, IM security, and e-mail security.)

As a result of such integration, all Check Point devices, plus its endpoint security products, can now be centrally managed, updated, and reported on by the company’s SmartCenter management console. The company says it’s the first vendor to offer one console able to administer perimeter, internal, Web, and endpoint security.

Simply put, “there’s a need to audit security across your entire network,” notes Jane Goh, the product marketing manager for Check Point Software, and a centralized management console not only manages devices; it can also generate needed reports on security effectiveness. “This is good for ROI, troubleshooting, picking up trends, and I think it really facilitates security management if you can generate these reports and e-mail them to stakeholders.”

Centralized consoles also make for easier operations management. For example, “one problem today is the patch cycles with all point solutions,” notes Goh, and having a centralized management console can help you roll out patches more quickly.

Related Articles:

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.