Skip to content

Akonix Security Center Overall Threat Level

Overall threat level

Latest threats: Troj/IRCBot-ACH - 7/17/2008

Security

360° Security provides the most comprehensive defense against IM borne viruses, worms, phishing, spam, and social engineering

Instant Messaging is quickly becoming prevalent as a business critical communications tool and with its use come new security challenges for businesses around the world.

According to research firm Gartner, "by 2010, 90% of people with business e-mail accounts will also have IM accounts" despite the fact that, according to Nemertes Research, 70% of IT executives claim to have banned the use of commercial IM services. The reality for IT organizations is that—authorized or not—IM is being used on most networks and—authorized or not—it poses a serious security threat if left unchecked. Not surprisingly, Gartner recently labeled IM security one of "five technologies you need to know." Senior IT executives overwhelmingly concur as 62% told Nemertes Research that they worry about IM security.

The security concerns with the use of IM are myriad and range from technical vulnerabilities, such as client buffer overflow attacks, to inappropriate usage risks, such as the leakage of intellectual property.

The main security risks for IM include:

  • Spyware, Trojans, Virus & Worms Attacks—Virus attacks named leading culprit of financial loss by U.S. companies in 2006 CSI/FBI Computer Crime and Security Survey
  • File Transfer Attacks—Trojan horse programs and other corrupt files sent over IM are undetected by email AV engines
  • Spam over Instant Messaging (SPIM)—IM worms, such as Osama Found, send unsolicited IM advertisements to a user's buddy list
  • Identity Theft—uncontrolled screen names allow rogue users to impersonate others and misrepresent company employees (CEO@your-company.com)
  • Client Vulnerabilities—buffer overflow vulnerabilities in AOL, MSN & Yahoo are well known and documented by CERT Coordination Center of Carnegie Mellon
  • HTTP Tunneling & Port Crawling—IM applications designed to evade traditional network security blocking mechanisms
  • Leakage of Confidential Information—protecting sensitive information is difficult when conversations with outsiders are uncontrolled
  • Compliance for Electronic Messaging—including PCI credit card filtering, Sarbanes-Oxley, SEC 17a-3, GLBA, and other regulatory law

The consequences of IM security breaches are equally as diverse, ranging from individual and corporate embarrassment to significant financial and productivity losses. IT organizations must address the risks associated with IM while ensuring that their users have continued access to an essential productivity and communications tool.

360° Security is Comprised of Seven Layers of Integrated Security

Detection:

  1. Global Early Warning Center—made up of monitoring devices that identify new worms, trojans and other day zero threats in the shortest elapsed time from their release into the wild and forwards 'signatures'and poison URL's to the Akonix IM Security Center™
  2. Akonix IM Security Center—staffed with senior security engineers who create and push out new protective filters as quickly as the Early Warning System identifies new threats

Protection:

  1. Perimeter Security—enabled by Akonix L7 Enforcer, which enforces policy and provides blocking and alerting of unauthorized IM or peer-to-peer use on corporate networks complemented by the L7 Remote Security Agent™—the only protection available for off-network PC's and laptops where employees circumvent IM management gateways.
  2. Gateway Security—L7 Enterprise, the most deployed IM security product in the world, provides gateway security by filtering all IM traffic for content, viruses, spyware, worms, and inappropriate use.
  3. URL Challenge-Response—protects against social engineering attacks and 'URL poisoning', the hiding of a live and dangerous hyperlink behind what appears to be a legitimate URL. Unlike other challenge-response security, which uses static passwords or privacy-invading re-directs, the Akonix challenge-response requires human intelligence and cannot be defeated by a bot or other automated attack

Containment:

  1. Message Rate Throttling—shuts down IM sessions in the event that a single user ID attempts to send more messages per second than any human could normally send
  2. L7 IM Sentry—added into each user's 'buddy list' when the IM user logs in. When the IM Sentry receives a message containing an unknown URL, it alerts the IT administrator and puts the URL on a list of disallowed Web addresses, while L7 Enterprise prevents any further propagation of the message. Any future IM traffic containing the URL is automatically blocked once it is in the disallow list.

"As IM has become more widely adopted as a business communications tool, it has quickly become a channel for spreading worms, viruses, spam and other malicious content," said Robert Mahowald, program director, Collaborative Computing at IDC. "Because this content can be spread internally (by unknowing employees) as well as from outside the firewall, the most comprehensive approaches to safeguarding IM puts layers of protection at the client, server and gateway. Akonix's layered security approach helps ensure that organizations are protected against increasingly sophisticated IM-based threats."