This article can also be found in the Premium Editorial Download "Information Security magazine: Special manager's guide: Monitoring identities."
Download it now to read this article plus other related content.
Price: Hardware starts at $4,995; $20-$35 per user licensing, depending on features
The Akonix A-Series IM security appliances give enterprises control of instant messaging, a runaway app that can leave a yawning network security hole, and peer-to-peer traffic, a serious bandwidth hog and malware vector plaguing corporate networks.
The A6000 we tested (the A1000 is aimed at SMBs) is enterprise-class hardware, with multiple network interface cards for clustering and a redundant hard drive. The A-Series runs AkOS, a proprietary hardened operating system based on the Linux 2.6 kernel, specifically designed for real-time messaging.
The appliance is easy to install and set up--if you can get your hands on the documentation. The box ships with a mere three-page guide that gets you through initial appliance logon. When you request a login and one is not automatically generated, you are directed to the Support Center on the Akonix Web site for access to the users' manual. The site says a representative will contact you in 24 hours, but we eventually had to contact support. Despite the lack of documentation, the management console was easy to navigate.
We had easy access to system configurations including antivirus (Sophos), IM management, load balancing, clustering and key management. Users can be imported and regularly updated from all standard directories.
Policy Control: A
Akonix shines with granular controls over public IM network clients and external users, internal IM, size and types of files transferred, screen name usage and hours of use, among other options.
For peer-to-peer, it detects rogue protocols, such as BitTorrent, Gnutella, eDonkey and even Skype, inspecting outbound traffic and applying policies. For example, international divisions may be given access to Skype, while domestic staff is blocked. And considering the potential liability of exchanging copyrighted media over corporate networks, blocking peer-to-peer traffic may well be worth the price of the appliance.
The A-Series also scores high for providing excellent security across the board--a hardened OS, protection against malware, control over IM usage through comprehensive policies, and robust message archival, auditing and searching features.
In our lab, we set policies that effectively managed traffic from permitted public networks as well as blocked traffic from those that were denied via policy. The AV functionality is supported by Sophos, making it as robust as anything available in terms of stopping malware spread via IM file transfers and malicious URLs. For message capture and archive purposes, Akonix provides superior filtering capabilities for retaining only those messages related to compliance--that way, you're not saving a inconsequential chat.
The Akonix Reporter gives users access to generate reports from collected data via a Web-based interface. Conversation can be tracked according to network-related data such as protocol, IP address, domain, IM network and timestamps, usernames and screen names of both conversation participants, and detailed message and file information including size, type and blocks.
More information from SearchSecurity.com
SearchSecurity.com expert Mike Chapple explains how to secure instant messaging in the enterprise.
Learn how to block instant messaging applications.
The Reporter provides templates and customized reports that can be exported in various formats.
Akonix offers a best-of-breed IM security solution, plus the added bonus of securing networks against peer-to-peer applications, but the company needs to give users easier access to the product's documentation.
--Sandra Kay Miller
Testing methodology: Our test environment simulated an organization with internal IM that allows the use of certain public networks while denying others. Our policies reflected archival and data flow requirements often dictated by regulatory compliance. We attempted to pass malicious URLs and infected files via IM.
This was first published in August 2006