The changing messaging landscape
For the most part, businesses around the world understand the challenges of viruses and spam in their e-mail communications. Most have replaced disparate anti-virus and anti-spam point products with combined solutions. Many companies are also in the process of switching away from first-generation anti-spam solutions that rely solely on outdated content filtering technologies. The switch is in response to rapidly evolving threats such as directory harvest attacks, phishing and zombie attacks that require more sophisticated analysis of connection behavior, as well as more rigorous content filtering. Businesses have also come to realize the cost and operational burden of managing in-house software and hardware solutions, and have outsourced their e-mail security to the expertise of a managed service provider.
While the rapid and continued evolution of e-mail threats has been well publicized in the past year, corporate IT departments still face urgent challenges in securing and managing aspects of their messaging systems beyond traditional e-mail.
Messaging beyond e-mail
The newest messaging threat stems from the widespread use of instant messaging (IM) by employees. The usefulness and availability of public IM services, such as Yahoo, AOL and MSN for business collaboration, have led to the rapid adoption by end users, with no control or oversight by IT departments. Because IM is a relatively new, yet popular communications medium, hackers have latched onto IM as an easy vector into the organization, introducing worms that turn PCs into zombies in a matter of seconds.
Unlike e-mail viruses, IM worms spread very rapidly. In fact, a comparison of three recent virus types by The IMlogic Threat Center revealed IM worms have vastly shortened the time available to respond to such threats. Code Red -- a TCP/IP-borne worm -- for example, took 14 hours to infect 500,000 hosts. The Slammer virus, an e-mail-borne worm, infected the same number of hosts in 20 minutes. IM worms, according to IMlogic, can infect 500,000 hosts in an astounding 30 to 40 seconds. In reality, nothing short of real-time IM analysis and blocking can prevent these threats from spreading through a corporate network in only a few seconds.
IM may not be part of your infrastructure but it is your problem
From the corporate security and messaging administrator's perspective, IM creates a significant problem. Users have typically installed the software themselves, leaving IT professionals with no control. IT departments are battling against a lack of supervisory and identity management capabilities, as well as a lack of standards and security procedures. Historically, IM has not been a communication system initiated or maintained by IT departments, so most IT managers have not delved deeply into the implications of its use. Already overwhelmed with security and compliance demands, few IT managers have the time or resources to scrutinize their organization's IM usage and the security issues it represents. However, unmanaged, it faces many of the same threats as an unprotected e-mail system, including vulnerability to worms and viruses, loss of intellectual property through file transfers, and exposure to liability or litigation based on improper employee communications.
Despite this, IM grows ever more popular as a business productivity tool. Analysts estimate more than 200 million employees worldwide currently use it. However, the risks presented by IM have become so serious, many companies are now looking to remove instant messaging systems from the corporate infrastructure. This in itself causes problems, as many firms have discovered it is next to impossible to shut down. In fact, most IT departments admit they do not have the internal expertise to understand the scope of IM usage within their organization.
IM threats must be managed
The challenge facing IT departments is that IM traffic bypasses typical corporate network defences and, as a result, it is extremely difficult to block messages. IT can choose to block all IM access at the firewall or it can choose to let users access IM indiscriminately. However, there is no management middle ground. In many cases, simply shutting down IM access entirely produces an outcry from users -- including top executives -- complaining their productivity has been affected. Furthermore, many IT departments who believe they have locked down IM usage have found they have not been successful. As such, networks continue to be exposed and highly vulnerable to a variety of worm and virus attacks.
Many IT security and messaging professionals are now looking for a cost-effective alternative that enables users to continue using IM through major carriers while assuring protection from IM threats. To contain the problem, it is clear companies would like to be able to manage IM in the same way they manage e-mail. Management solutions need to include security and anti-spam technologies as well as the following IM specific capabilities:
- block IM threats such as worms, viruses and spim (instant message spam),
- filter or block file attachments to IM to prevent loss of intellectual property,
- monitor and manage how IM is used in their corporate environment and
- do so without incurring the significant upfront and recurring cost to build out and maintain a new infrastructure around IM.
To manage IM effectively, businesses need to implement a cost effective solution, without the extra expense and complexity of adding hardware or software to company infrastructure. At the same time, it is crucial to ensure that staff are not burdened with extra tasks and duties that will reduce productivity.
Security and messaging professionals should demand a managed service that stops threats, such as IM worms, before they enter company networks, via the major IM carriers. That means blocking infected or spoofed IM messages at the firewall before the user unknowingly activates a worm by clicking on a bogus URL. If left unmanaged, IM presents firms with an ever-increasing security threat. There is no reason why enhanced productivity should result in compromised digital security.
Postini is exhibiting at Infosecurity Europe 2006, which is Europe's number one Information Security Event. Now in its eleventh year, Infosecurity Europe continues to provide an unrivalled education program, new products and services, with over 300 exhibitors and 10,000 visitors from every segment of the industry. Held on the April 25 – 27, 2006 in the Grand Hall, Olympia, this is a must-attend event for all IT professionals involved in Information Security.