Greynet Security and Compliance for the Enterprise

MXtreme Overview

FaceTime enables the safe and productive use of greynets like instant messaging, Skype, web conferencing and P2P file sharing. Ranked number one in market share among instant messaging management vendors for the third consecutive year, FaceTime's award-winning solutions are used by more than 800 customers including nine of the ten largest U.S. banks. FaceTime Security Labs delivers the industry's first IMPact Index, which assesses "point-in-time" risks posed by viruses, worms and other malware propagating through greynet applications. FaceTime supports or has strategic partnerships with all leading public and private IM network providers, including AOL, Google, Microsoft, Yahoo!, Skype, IBM, Reuters, and Jabber.

  • Protect technology and intellectual assets

  • Comply with corporate and regulatory requirements

  • Optimize business value from existing systems

  • Increase employee productivity and lower costs

Only FaceTime offers Defense in Depth a comprehensive strategy for end-to-end security, compliance and management of greynets.

Business IT Solutions

  • Spyware Prevention - Stop spyware at the Internet gateway before it infects your network and puts corporate assets at risk

  • Instant Messaging Security - Stop data leaks and preserve network integrity by securing the use of public IM against exploitation by hackers, spyware, worms and viruses

  • P2P Control – Prevent unauthorized applications from hijacking legitimate protocols to serve as vectors for malware distribution.

  • Compliance – Log, archive and protect IM conversations and other shared content to meet compliance regulations.

  • Microsoft LCS Standardization – Enforce use of Microsoft LCS by blocking unauthorized public IM and P2P connections.

 

Spyware Prevention

Dealing with spyware and other malware has become a daily challenge for IT staff. There's no lack of potential solutions on the market, but finding an effective solution that also takes into account other security and compliance requirements is a whole other challenge. Most solutions only react to spyware once an infection has occurred. The real answer to the spyware problem has to be proactive prevention – simultaneously blocking spyware from entering the network and preventing pre-existing spyware installations from activating. Rather than address the spyware security problem with the traditional point solution' approach, FaceTime takes a broader view. Spyware applications are addressed as part of the spectrum of problems posed by greynets , which encompass both legitimate and unauthorized real-time communications applications that share a key common attribute – they are largely invisible to the traditional corporate security infrastructure. IM, P2P, Web browsing, and other real-time communications channels can:

  • Expose vulnerabilities and become vectors for spyware distribution

  • Establish undetectable outbound communications that may facilitate data leaks

  • Put organizations in breach of privacy legislation without their knowledge

  • Sap employee productivity and increase helpdesk costs

While spyware exists at the darkest end of the greynet spectrum, it still exhibits the same traits as legitimate greynet applications such as web conferencing or VoIP applications – evasive network behavior and stealthy end-user-level deployment. For this reason spyware, unlike viruses or worms, can be delivered by a plurality of vectors, and so poses a different prevention challenge – one that requires Defense in Depth. FaceTime Enterprise Edition pulls together strategies that effectively prevent spyware from invading corporate networks through an easy-to-manage approach that's backed by the industry-leading strength of the FaceTime Security Labs team:

  • Protect all major real-time communications channels – public and enterprise IM, industry-specific communities, VoIP and other P2P networks, and WebEx chat

  • Disable user access to known spyware infection sites

  • Prevent installation of spyware applications, regardless of the vector used

  • Block spyware downloads and drive-by installs of known spyware packages

  • Detect and block spyware's "phone-home" activities

  • Provide targeted remediation for infected PCs with no client software

  • Prevent spyware on both managed and unmanaged (remote) PCs

  • Clean only infected PCs with efficient targeted remediation, avoiding resource-draining false positives

  • Disable existing spyware installations and prevent re-infection with patent-pending inoculation

  • Identity-based access control and management to ensure comprehensive matching of user names and machine identities


Defense-in-Depth Spyware Prevention FaceTime's defense-in-depth approach to spyware prevention begins at the gateway. RTGuardian detects and blocks incoming infections and uncovers existing endpoint infections when the spyware starts trying to ‘phone home'. RTGuardian reports these endpoint infections to the Greynet Enterprise Manager (GEM), which initiates FaceTime's patent-pending targeted Active Remediation to clean the client and inoculate it against future infections. The results of this clean-up operation are recorded by GEM and aggregated with reports from all RTGuardian installations in the organization to provide a comprehensive view of the state of spyware in the enterprise.

Instant Messaging Security

IM networks are an increasingly common channel for the spread of malware such as viruses, worms and spyware. IM and spyware applications are both representative of what FaceTime has termed greynets – network-enabled applications that operate outside the control of the corporate IT department. This highlights the dilemma facing both IT staff and security vendors – how to manage the greynet 'spectrum' to enable business productivity from good greynet applications such as IM while preventing bad applications such as spyware.

Addressing the needs of businesses that must adhere to stringent corporate and regulatory compliance regulations, IMAuditor contains specific features needed to meet compliance requirements for electronic messaging.

Business Risks of IM

IM usage in business – both sanctioned and not - is growing rapidly. And because IM opens up unsecured channels into the organization, the hacker and virus-writing communities have not wasted any time in exploiting this growth. In fact, research undertaken by FaceTime Security Labs shows that security incidents involving the use of chat, IM and P2P networks were up 2200% in 2005 over 2004. While IM delivers tremendous gains in productivity by enabling real-time communications between co-workers and business partners, it also brings significant risks. These risks fall into three major areas:

  • Inbound threats
    IM creates new vectors for the distribution of malware (viruses, worms, spyware, rootkits, and more) and SpIM (Spam over IM) which can cause a major drain on productivity and resources.

  • Outbound threats
    IM opens new 'holes' through which information can leak or be leaked, leading to user privacy concerns and the potential loss of intellectual property

  • Legal and financial threats
    IM creates invisible communications channels that operate below the radar of conventional information security measures, exposing the organization to regulatory compliance breaches

Technical Challenges of IM Security

Greynets are largely invisible to existing information security infrastructure such as firewalls, intrusion prevention and intrusion detection devices, and proxies because they are specifically designed to evade detection and provide ubiquitous access. These existing security measures do not adequately address the protocols and behaviors used by greynet channels.

Blocking IM is no longer an option because:

  • IM clients use port crawling – the ability to exploit any open port on the firewall – so blocking the ‘usual' port for the particular application doesn't work.

  • Every IM network provider has its own unique set of IP addresses to which clients can connect. These IP addresses change frequently or at random without notice, so firewalls and proxies cannot apply blocking policies using the typical black list of IP addresses.

  • IM protocols are proprietary and constantly evolving to deliver new and more advanced features to users; firewalls and proxies do not evolve at this pace, nor do IT organizations want to be constantly updating protocol signatures on the firewall.

  • The synchronous nature of real-time connections is much different from the asynchronous web browsing and email traffic; firewalls and proxies were not designed to inspect and analyze real-time communication traffic, so network performance suffers.

And from a human perspective, IM blocking will simply result in unhappy employees and attempts to bypass the system, which may cause more problems than it solves.

Why Choose FaceTime?

FaceTime offers the only comprehensive IM and greynet security solutions that prevent spyware and secure IM use, providing full visibility and granular control for all major real-time communications applications:

  • Public IM Networks (AIM, Yahoo, MSN, GoogleTalk, ICQ, and more)

  • Enterprise IM Networks (LCS, Sametime, Antepo, Jabber, Parlano MindAlign)

  • Professional Community Networks (Reuters, Bloomberg, Communicator Inc., PivotSolutions)

  • Web Conferencing (WebEx)

FaceTime solutions facilitate the positive use of legitimate greynet applications, keeping employees productive while securing the enterprise against these new threat sources. By integrating seamlessly with existing IT and information security infrastructure such as anti-virus, FaceTime enables maximum return on existing investments.

Managing the IM Security Risk

FaceTime offers comprehensive IM threat risk protection:

  • Protection against inbound threats from viruses, worms, spyware, SpIM, and more by monitoring and managing greynet communication channels

  • Prevention of outbound threats caused by information leakage through content filtering, logging and archiving for all conversations

  • Ensuring compliance through TrueCompliance™ strict policy enforcement and user/group level access controls

All security controls are backed by FaceTime Security Labs, the world's largest greynet threat research facility, which automatically ensures that the latest detection mechanisms are deployed as soon as they become available, minimizing the potential for zero-day infection.

FaceTime is the acknowledged leader in IM security and compliance management with almost two million seats under management, including eight of the top ten US banks and 17 of 24 FIMA members. The company has been ranked #1 in IM market share by IDC for two consecutive years, and received the SC Magazine Readers' Trust award for IM Security in February 2006.

Compliance

With the increased use of workplace IM and P2P comes the associated risks and challenges of protecting sensitive company information. Mandated measures for monitoring and protecting proprietary and confidential information were once industry best practice, now laws require them across multiple industries. Challenges associated with information sharing occur throughout the enterprise, but effective IM management and P2P control pose a unique set of challenges—logging and archiving, unauthorized use, circumvention, and network security risk, are just a few issues. Adding to the complexity and urgency to meet these requirements, government agencies are cracking down and imposing harsh financial penalties on those that do not comply with regulations. Even companies in non-regulated industries are adopting corporate compliance standards as best practice ensuring all electronic communications comply with company policy and are logged and archived for potential legal discovery needs or other purposes. FaceTime addresses the following issues as the only provider of TrueCompliance™ solutions.

  • Authorized usage policies

  • Monitoring & auditing of information sharing

  • Message accuracy and authentication

  • Ensuring confidentiality of data

  • Restricted access to sensitive data

  • Non-repudiation

  • Tamper proof environments

  • Secure logging

  • Enforcement and validation of the audit trail

  • Content scanning and keyword matching

FaceTime provides FaceTime Enterprise Edition for management, control and compliance of IM in the enterprise.

FaceTime Solutions for Microsoft LCS

Microsoft LCS provides a real-time communications platform for corporate multimodal communication, such as IM, presence, application sharing, collaboration, voice and video. LCS has emerged as a leading enterprise IM (EIM) product, providing a rich and integrated user experience, encrypted messaging, federation with consumer IM networks, access to users on those networks, and an extensible standards-based platform that allows for value-add functionality from partners such as FaceTime. Thanks to Microsoft LCS, enterprises are adopting IM with confidence. However, implementation of Microsoft LCS often leads employees to believe that all IM use is sanctioned and it increases use of freely available consumer IM clients and P2P applications. This unauthorized IM and P2P use can introduce security threats to the network and put organizations at risk of non-compliance. FaceTime helps organizations enforce standardization on Microsoft LCS and get the most out of their LCS investment by offering:

  • The ability to block unauthorized public IM & P2P connections

  • Enhanced Instant Messaging management functions and reporting tools beyond those provided by LCS

  • Patent-pending SpIM blocking to prevent the spread of viruses and malware

  • Virus scanning of file transfers using existing anti-virus software

  • Automatic protection from threats identified by FaceTime Security Labs

  • Gateway spyware security and targeted remediation

FaceTime Enterprise Edition™ for Microsoft® Office Live Communications Server (LCS) is a comprehensive solution for the end-to-end security, management and compliance of real-time communications that enforces standardized use of Microsoft LCS.

P2P Control

P2P networks, once the province largely of music fans at home, are popping up on corporate desktops everywhere. Music, video, and other bandwidth hogs clog networks and expose corporations to breach of copyright litigation, but now the situation is more complex. New P2P applications like Skype, the popular Voice over IP program, offer potentially significant cost and productivity benefits, yet they are still operating outside IT's control. Remember KaZaA? Skype comes from the same team. Regardless of business value, all of these applications share one glaring problem – they are opening up huge, unmonitored, network security holes:

  • Grokster offers free, fast searching and downloads, file previews and other apparently useful tools. Unfortunately it also degrades network performance and silently installs other less beneficial applications like Cydoor and Gator.

  • Morpheus offers marketers the ability to track visits to high profile shopping sites. However, while it's doing so, it's installing a Web browser add-on that sends users on an invisible Web detour to capture information about surfing habits.

All of this poses a major challenge to IT departments – how to let users benefit from advances in P2P technology while providing a level of control and visibility that enables IT to block P2P connections that may endanger network security.

Security Risks of P2P

Because P2P networks are installed on local client machines and link directly to the Internet, those client machines are wide open to abuse that's uncontrolled by standard information security measures. The protocols used by these applications are stealthy, often encrypting themselves or tunneling undetected through open ports. Over and above the potential for productivity loss and bandwidth and storage resource abuse through employee usage of unauthorized software, P2P networks can:

  • Open up back doors into the network, allowing hackers direct access to corporate assets and putting the organization in breach of privacy legislation

  • Enable the exchange of copyrighted material, rendering the corporation vulnerable to breach of copyright lawsuits

  • Overload network bandwidth with unauthorized file sharing activities

  • Allow bundled adware applications to be installed on the network without the user's knowledge

Given the seriousness of the risks and the potential damage to the organization that accompanies the uncontrolled use of P2P networks, IT departments need a powerful tool that will enable the productive use of P2P while protecting against their intentional or unintentional abuse. Point products such as desktop anti-virus or anti-spyware solutions don't have the range of controls needed; Defense in Depth is the only way to allow access to the beneficial aspects of P2P without endangering network security.

P2P Control The Solution

FaceTime offers the only end-to-end security solution that empowers IT departments to control the use of P2P networks, allowing organizations to:

  • Prevent unauthorized P2P connections

  • Easily detect and determine the validity of more than 100 P2P client variations and 18 P2P protocol groups

  • Block unauthorized adware installations

  • Ensure non-stop protection with the latest protocol updates

  • Mitigate business and security risk

  • Obtain critical insight into bandwidth abuse, source and destination IP addresses, and port abuse