Instant Messaging: Symantec IM Manager 8.0

Symantec's IM Manager 8.0

This article can also be found in the Premium Editorial Download: Information Security magazine: Special manager's guide: Monitoring identities:

INSTANT MESSAGING


IM Manager 8.0
Symantec

Price: Starts at $40 per user

@exb


@exe

The honeymoon is over for the unbridled age of instant messaging in the enterprise. Rivaling email as the primary form of electronic communication, IM presents similar security challenges--it's an avenue for malicious code, inappropriate content and data theft.

Symantec's IM Manager 8.0 allows organizations to harness IM without banning it. It acts as a gateway/proxy for all IM traffic to provide comprehensive security, policy control and a message archive for internal enterprise IM solutions as well as major public IM networks.

Policy Control C
IM Manager provides flexible policy enforcement ranging from enterprise- to group-level for both internal and public-network IM.

For example, when file transfers are enabled, only registered users can exchange files unless otherwise specified. Other controls include alerts and archives when files are exchanged. You can block against a blacklist or character strings such as .jpg, .mp3 and .doc.

That said, the interface is cumbersome. The rules list is presented in one big table; it would be much easier if it were broken down into smaller categories, especially considering that enterprises could literally add hundreds of rules, increasing the complexity of the list.

Effectiveness B
In addition to reducing risks associated with malware, malicious URLs, screen names and spim, IM Manager is an effective tool for regulatory compliance and employee management.

We created and tested assorted policies, including monitoring and blocking users, and setting controls on features such as file transfer for both internal IM (MS Live Communications) and external public networks. We made attempts to access known malicious URLs and transfer infected files, and the system correctly identified, blocked and logged all dangerous traffic and prohibited events.

Reporting A
Reporting capabilities have always been a Symantec strong suit, and IM Manager is no exception. A wide range of standard and custom reports can be generated with a few clicks.

One of the main drivers for bridling IM has been to meet the logging, auditing and archive requirements for regulatory compliance. IM Manager offers a feature called Reviewer that provides various levels of rights to archived messages.

The control over Reviewer settings, such as who can view/change/annotate records, is extremely granular. Search filters can be based on things such as timestamp, sender, recipient, keyword and group.

Configuration/Management B
The installation is wizard-driven in familiar Symantec style, but with a variety of deployment topologies, support for local or remote databases (Oracle, SQL, MSDE) and required third-party software (IIS, XML, IE and MDAC). Figure that you will spend time planning and gathering pertinent information about the infrastructure--especially DNS--prior to deployment.

The Web-based Administrative Console, available from any networked system--gives managers instant access to a comprehensive system dashboard, security settings, user manager, rule manager, alerts, threat protection and detailed reports.

IM Manager automatically imports users from LDAP directories, but it can also be configured to automatically register screen names or let users self-register against their LDAP credentials.

@exb

More information from SearchSecurity.com

Visit our resource center for tips and expert advice on securing instant messaging applications.

Learn how to block instant messaging applications.
@exe

Verdict
IM Manager 8.0 lets enterprises take full advantage of the benefits of instant messaging within their private networks, but only some features of public networks.

It features exceptional reporting, but a cumbersome interface for policy controls.

--Sandra Kay Miller


Testing methodology: We tested policy controls for both internal and public IM, including archival and data flow rules, simulating common regulatory requirements. In addition, the malware controls were tested against malicious URLs and infected files.

This was first published in August 2006

Dig deeper on Social media security risks and real-time communication security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close