FaceTime Curbs IM

By Henry Baltazar  |  Posted 2002-03-25

FaceTime Curbs IM


FaceTime Curbs IM

Instant messaging is a hot technology thats spreading like wildfire throughout corporations around the world—faster than most IT managers can get a handle on it. FaceTime Communications Inc.s updated IM Auditor 2.0 gives IT managers the ability to tame this new technology.

IM Auditor 2.0 proved to be an extremely simple yet effective management tool in tests at eWeek Labs and built on the strengths of the previous version, which won the Enterprise Collaboration Product category in eWeeks latest eXcellence Awards competition (www.eweek.com/links). However, that strength comes at a premium: A standard installation of IM Auditor 2.0 begins at approximately $50,000 for one network and includes support for 300 users.

Using IM Auditor, IT managers can monitor communications sent over IM client software both entering and leaving the corporate network. Based on what we saw in tests, we believe that key markets for IM Auditor 2.0 are the investment community and government agencies—two areas where leakage of sensitive information can have severe consequences.

Installation of the IM Auditor 2.0 software was straightforward and swift on the server. The IM Auditor 2.0 package runs on Windows 2000 Server, and it requires Microsoft Corp.s SQL Server 2000 Enterprise Edition as the database back end.

IM Auditor supports Yahoo Messenger, Microsofts MSN and AOL Instant Messenger clients. No additional client software is necessary. To implement IM Auditor 2.0, we set the proxy settings on our IM clients—a task that took a few minutes per client, which could impede adoption at large sites or organizations where IT administrators have highly dispersed networks or limited IT staff. FaceTime recommends that IT managers use log-in scripts to push the changes to clients, but it would be better if IM Auditor came with a utility to hunt down IM clients on the network and report them.

Monitoring by Proxy

IM Auditor 2.0 sits between the clients and the Internet access gateways on the network and acts as a proxy server. From this central location, IT managers can record and monitor all IM communications initiated and received by users.

Utilizing its position in the center of the network, IM Auditor 2.0 can also help secure a network by preventing IM clients from transferring files through the corporate network, which should help prevent the spread of viruses. However, it must be emphasized that the file transfer blocking only applies to the regulated IM traffic. Unregulated IM traffic passing through unauthorized ports will still be able to transfer files at will.

IM Auditor 2.0 doesnt have network-level, protocol-blocking capabilities to prevent users from sending IM traffic through unauthorized ports, so it is up to the IT manager to set up strong firewall rules to prevent unauthorized IM communications.

IM Auditor 2.0 supports message traffic running on both HTTP and Socks protocols, but FaceTime officials recommended that we use the Socks protocol because they believed it was more reliable.

As IM messages are created or received, these messages are stored within a SQL Server 2000 server. Once these messages are stored in the database server, IM Auditor allows managers to search for keywords in instant messages that are considered improper or unprofessional (such as profanity or insider information). Once keywords are added to IM Auditor 2.0s database, it will automatically monitor IM messages and flag suspicious messages for review.

When employees send or receive instant messages within the corporate network, IM Auditor 2.0 sends a disclaimer message to the sender and recipients warning them that they are being monitored. The disclaimer message can be edited to suit corporate policies, and we were able to control how often these disclaimer messages were sent to the participants.

New in the IM Auditor 2.0 revision are advanced management features including identity management, which maps employee buddy and screen names to an employees corporate ID and makes it easier to track down users. Although identity management sounds simple enough, it is a very important function—and potentially complicated, because buddy names and screen names dont necessarily match the actual name of a user.

IM Auditor 2.0 includes a new ability to create user groups, which simplified group management and monitoring in tests.

FaceTime also offers an IM-based call center system, which we plan to test in the near future. The FaceTime call center solution allows clients to send questions via IM to a vendor call center. Questions are analyzed at the center and routed to the appropriate employees.

Senior Analyst Henry Baltazar can be reached at henry_baltazar@ziffdavis.com.

IM Auditor 2


IM Auditor 2.0


FaceTime Communications IM Auditor lets IT managers seize control of the IM traffic in their networks, although it would be much easier to implement if it had automated deployment capabilities.

SHORT-TERM BUSINESS IMPACT // The immediate effect on the bottom line is relatively minimal because IM Auditor 2.0 costs relatively little to deploy. However, installing it on large networks could be very time-consuming.

LONG-TERM BUSINESS IMPACT // IM Auditor 2.0, like most management products, is purchased for security needs and policies, rather than for raw return on investment. Over the long haul, its ROI can best be estimated in the IM attacks it thwarts.

PROS // Easy to install; solid management tools.

CONS // IT managers must write log-in scripts or touch every client machine to install IM Auditor.

FaceTime Communications Inc., Foster City, Calif.; (650) 574-1600; www.facetime.com

Rocket Fuel