REVIEW: Employees can interact securely and stay in compliance with regulations thanks to the granular control of FaceTime USG 3.0 over instant messaging, Twitter, Facebook and P2P applications.
Businesses of all sizes have embraced new communication
tools as they have become available. The telephone, fax, mobile phone, e-mail,
instant messaging, social networking sites such as Twitter, Facebook and
LinkedIn, and Web 2.0 applications like wikis, blogs and intranet portals push
business forward more efficiently than a series of runners carrying papyrus.
We've got a lot of information about ourselves, our
companies, our intellectual property, our competitors and our clients that's
accessible 24/7. Effective and efficient communication provides a competitive
advantage, but be aware that the same tools that bring those benefits also bring
With Web 2.0 power comes great responsibility. Employees
can, and should, use every tool at their disposal to do their jobs as
effectively as possible. But they will usually do so without considering the
Many companies, government agencies and schools have
restricted the use of these Web tools, thereby restricting the stream of
communication. Simply blocking services such as IM blocks productivity. But how
can IT departments monitor so many communication streams to ensure that they are
being used properly?
FaceTime has been in the IM security space for a long time.
The first products I evaluated focused on monitoring and blocking corporate
information that's being sent over public IM tools such as AOL, Yahoo
and MSN Messenger
services. The FaceTime USG
(Unified Security Gateway) platform offers much more than IM protection, and it
now includes the ability to monitor and control content posted to social
networks and blogs, while scanning inbound Web traffic for malware and
inappropriate content. In addition, USG 3.0
can be installed as an ICAP (Internet Content Adaptation Protocol) proxy to
ease installation while augmenting current security measures.
After I installed the 1U (1.75-inch) box in the lab, I
realized that the ports on the back of the unit should be labeled more clearly.
Of the three Ethernet ports, one is unlabeled and the others are labeled "1"
and "2". At some point, I had to guess which were the management,
monitor and proxy ports.
I integrated with a Windows Server 2003 Active Directory and
easily created security policies assigned to groups and individuals. LDAP is
also an option, as is importing some basic employee information from a CSV (comma-separated
values) file. There is also an "unmapped" group, which is a catch-all
for clients that are discovered but not authenticated. This is a good place to
create a policy covering visitors who might connect to your network.
Matthew D. Sarrel, CISSP, is a network security,product development, and technical marketingconsultant based in New York City. He is also a gamereviewer and technical writer. To read his opinions on games please browse http://games.mattsarrel.com and for more general information on Matt, please see http://www.mattsarrel.com.