Assigning Test Users
Managing Employee Communications over IM, Social Networks
Businesses of all sizes have embraced new communication tools as they have become available. The telephone, fax, mobile phone, e-mail, instant messaging, social networking sites such as Twitter, Facebook and LinkedIn, and Web 2.0 applications like wikis, blogs and intranet portals push business forward more efficiently than a series of runners carrying papyrus.
We've got a lot of information about ourselves, our companies, our intellectual property, our competitors and our clients that's accessible 24/7. Effective and efficient communication provides a competitive advantage, but be aware that the same tools that bring those benefits also bring security risks.
With Web 2.0 power comes great responsibility. Employees can, and should, use every tool at their disposal to do their jobs as effectively as possible. But they will usually do so without considering the security implications.
Many companies, government agencies and schools have restricted the use of these Web tools, thereby restricting the stream of communication. Simply blocking services such as IM blocks productivity. But how can IT departments monitor so many communication streams to ensure that they are being used properly?
FaceTime has been in the IM security space for a long time. The first products I evaluated focused on monitoring and blocking corporate information that's being sent over public IM tools such as AOL, Yahoo and MSN Messenger services. The FaceTime USG (Unified Security Gateway) platform offers much more than IM protection, and it now includes the ability to monitor and control content posted to social networks and blogs, while scanning inbound Web traffic for malware and inappropriate content. In addition, USG 3.0 can be installed as an ICAP (Internet Content Adaptation Protocol) proxy to ease installation while augmenting current security measures.
After I installed the 1U (1.75-inch) box in the lab, I realized that the ports on the back of the unit should be labeled more clearly. Of the three Ethernet ports, one is unlabeled and the others are labeled "1" and "2". At some point, I had to guess which were the management, monitor and proxy ports.
I integrated with a Windows Server 2003 Active Directory and easily created security policies assigned to groups and individuals. LDAP is also an option, as is importing some basic employee information from a CSV (comma-separated values) file. There is also an "unmapped" group, which is a catch-all for clients that are discovered but not authenticated. This is a good place to create a policy covering visitors who might connect to your network.
Assigning Test Users
Assigning Test Users
Having verified from the Groups & Employees tab that directory information had been successfully imported, I assigned some users to a test group. From the Policies tab, I created a test policy and later assigned this policy to the test group. Basically, all of the magic is under that Policies tab.
There are settings for IM, Application and Web, and each category dives down into specific control details. Under IM, I had fine-grained control over AIM/ICQ, Google Talk, Windows Live Messenger and Yahoo Messenger. I could also block or allow 193 additional IM networks and 36 IM portals-a comprehensive listing. I chose to block everything except AIM and, within AIM, to block file transfers.
The USG can be configured to internally route all employee IMs sent over a public network, so AIM messages sent from someone inside to someone else inside never leave the organization. One GUI criticism I have is that I wasn't warned that my settings would be lost unless I saved them before switching tabs.
Similarly, I could choose to block any application from sending or receiving traffic on the network, or allow it. This includes VOIP (voice over IP) applications such as Skype and other bandwidth hogs such as peer-to-peer file sharing. These features don't set FaceTime USG 3.0 apart from the competition.
However, the ability to define words or phrases that can be grouped into a lexicon and blocked is a tremendously useful feature. For example, you can allow a user to visit Facebook but prevent him or her from posting that video of the director of marketing dancing like Elaine from "Seinfeld."
The Web GUI is straightforward. When an administrator logs in, the first screen is a configurable dashboard: I could add and remove elements such as a chart of the Real-Time Traffic Summary and the Top Ten Applications report. Any report can be added to the dashboard, and the elements on the dashboard can be resized and rearranged by dragging and dropping.
While that's great, the information on the dashboard is not directly actionable. The dashboard is just reporting, and everything else is available through a tabbed interface at the top of the page. There is bare-bones context-sensitive help, but I found it more useful to go to the contents and read through the deployment instructions.
To assess ICAP functionality I also tested using a BlueCoat ProxySG200 running SGOS 220.127.116.11. ProxySG is a secure Web gateway and WAN optimization appliance. It took very little effort on my part to configure the two devices to work together. On the USG I merely navigated to the Configuration tab, then ICAP Services, and then added and edited a new service for the USG to connect to-the ProxySG200. I then did the reverse on the ProxySG200. Another level was added to our defense-in-depth strategy, and this time without having to rip out and replace the foundation. USG 530 integrates with the Squid proxy server as well.
Reporting is a strong point of FaceTime USG 3.0. It took me a little while to get used to the interface, but the pop-up descriptions of each button and column were helpful. It's very easy to drill down to more details just by clicking appropriate links or double-clicking a row. I could quickly go from Top Social Networking Users to a specific user on a specific site, for example.
Reports are highly customizable. There's a Create New Report wizard that other vendors should learn from because it walked me through creating my custom reports just how I wanted them in no time. New reports can be saved; any report can be exported, printed or set to run on a schedule.
Reports tie into a much larger function of FaceTime USG 3.0: regulatory compliance. Meeting requirements by FINRA, the SEC (Securities & Exchange Commission), HIPAA (Health Insurance Portability and Accountability Act) and more can be a drain on resources. For example, FINRA would like all channels (blogs, Twitter, Facebook) monitored for information regarding trades and whether employees are representing their companies or just themselves (if such a thing still exists in corporate America).
The device logs everything it sees and the actions it takes. When logs get too big, they can be moved to an external database.
Employee communications can be stored and analyzed forever. On the bright side, this isn't just for information security. Understanding how employees interact with each other-and with customers-over social networks can provide valuable insight to marketing teams.
Pricing starts at $9,200.