Thwarting IM management challenges

The honeymoon is over for the unbridled age of instant messaging in the enterprise. Rivaling email as the primary form of electronic communication, IM presents similar security challenges--it's an avenue for malicious code, inappropriate content and data theft.

Symantec's IM Manager 8.0 allows organisations to harness IM without banning it. It acts as a gateway/proxy for all IM traffic to provide comprehensive security, policy control and a message archive for internal enterprise IM solutions as well as major public IM networks.

IM Manager provides flexible policy enforcement ranging from enterprise- to group-level for both internal and public-network IM.

For example, when file transfers are enabled, only registered users can exchange files unless otherwise specified. Other controls include alerts and archives when files are exchanged. You can block against a blacklist or character strings such as .jpg, .mp3 and .doc.

That said, the interface is cumbersome. The rules list is presented in one big table; it would be much easier if it were broken down into smaller categories, especially considering that enterprises could literally add hundreds of rules, increasing the complexity of the list.

In addition to reducing risks associated with malware, malicious URLs, screen names and spim, IM Manager is an effective tool for regulatory compliance and employee management.

We created and tested assorted policies, including monitoring and blocking users, and setting controls on features such as file transfer for both internal IM (MS Live Communications) and external public networks. We made attempts to access known malicious URLs and transfer infected files, and the system correctly identified, blocked and logged all dangerous traffic and prohibited events.

Reporting capabilities have always been a Symantec strong suit, and IM Manager is no exception. A wide range of standard and custom reports can be generated with a few clicks.

One of the main drivers for bridling IM has been to meet the logging, auditing and archive requirements for regulatory compliance. IM Manager offers a feature called Reviewer that provides various levels of rights to archived messages.

The control over Reviewer settings, such as who can view/change/annotate records, is extremely granular. Search filters can be based on things such as timestamp, sender, recipient, keyword and group.

The installation is wizard-driven in familiar Symantec style, but with a variety of deployment topologies, support for local or remote databases (Oracle, SQL, MSDE) and required third-party software (IIS, XML, IE and MDAC). Figure that you will spend time planning and gathering pertinent information about the infrastructure--especially DNS--prior to deployment.

The Web-based Administrative Console, available from any networked system--gives managers instant access to a comprehensive system dashboard, security settings, user manager, rule manager, alerts, threat protection and detailed reports.

IM Manager automatically imports users from LDAP directories, but it can also be configured to automatically register screen names or let users self-register against their LDAP credentials.

IM Manager 8.0 lets enterprises take full advantage of the benefits of instant messaging within their private networks, but only some features of public networks.

It features exceptional reporting, but a cumbersome interface for policy controls.