The 10th Annual Gartner IT Security Summit got off to a slow start yesterday with a basic tutorial on what Gartner...
called "emerging" solutions for network security, but some attendees termed quite "generic."
"I was hoping for more bleeding-edge technology to be discussed," said Mike Murray, an infrastructure operations and technology manager at Wichita, Kansas-based energy company Koch Industries. "This information is new only to those brand new to the field or those very behind the times."
The presentation, "Five network security technologies that you need to know," began with an overview of what presenter Lawrence Orans called pain points: worm containment, 802.1x, port 80 security, IM security and SSL VPNs.
David Rollins, a security manager at Boston-based BMC Healthnet Plan, said he found at least one part of the tutorial useful. "Instant messaging security is big," said Rollins. "That's one aspect I'm going to focus on."
An informal survey of session attendees revealed that roughly one-third of their companies actively support instant messaging technology. The remaining two-thirds are evenly divided on blocking its use or ignoring it altogether.
IM presents many security risks, including identity impersonation, a channel for leaking intellectual property, spim and an entry point for Web-based viruses and worms.
Orans recommended that system adminstrators take steps to reduce the risks to enterprises:
- Identity impersonation: Out-of-band confirmation, such as a phone call or e-mail, should be part of the authentication process for first-time screen name contacts. Enterprises should establish policies for the registration of users and assign screen names.
- Malicious code: IM file transfer generally is peer-to-peer (P2P), so there is no opportunity for enterprise IT security to scan files in transit. When an infected file is opened, the virus spreads to the recipient machine.
- Intellectual property: Unlike private e-mail systems, unmonitored public IM systems do not provide an audit trail of communications, potentially allowing the transmission of confidential files.
- Spim: Blocking messages from anyone who is not explicitly granted the right is the best policy to avoid unwanted messages.
Murray said he did learn one thing from the presentation: "Finding out that three companies [Akonix, FaceTime and IMLogic] are certified partners of the America Online, Yahoo! and MSN IM clients was a valuable takeaway."
Those partnerships allow the certified vendors to react more quickly to changes by the public IM providers. A number of smaller vendors also offer what Gartner terms "viable solutions," some of which integrate with existing messaging and security solutions. These include Blue Coat, IM-Age, Omnipod, Sigaba and Voltage.