Symantec Makes New Bid to Secure IM

The security software maker launches a new set of applications aimed at locking down both internal corporate messaging systems and the popular free IM clients that continue to proliferate among users.

Security software maker Symantec is hoping to cash in on enterprise customers growing headaches around managing and protecting instant messaging applications, including the freely available IM clients so popular among todays users.

While corporate messaging systems made by companies including Microsoft and IBM have long been pitched as the best answer to security issues raised by the proliferation of freely available IM software made by companies such as AOL, Google and Yahoo, Symantec said it is hoping to help address the fact that those applications still find a way onto the desktops of millions of workers every day.

To combat the problem, the company is introducing Symantec IM Manager 8.0, its latest IM and real-time communications management package, which promises to help secure both types of messaging systems.

The new product will be made available to customers sometime before the end of this month, the firm said.

In addition to fighting the many types of threats being launched over IM networks, including viruses and phishing attacks, the software maker said the product can also help companies deploy and enforce messaging security policies. The package also promises to aid firms working under federal compliance regulations to keep a closer eye on information being shared via IM.

"Were at the same point with instant messaging in terms of the security impact where we were with e-mail several years ago, but the threat is potentially even bigger given the fact that so many companies have no grasp of what all their employees are doing with IM," said John Sakoda, senior director of product management for enterprise messaging at Symantec.

"A lot of people use IM because they know its unmonitored and unsupervised; beyond the initial security issues, theres lots of interesting rich data traversing in IM clients, generally because people know theyre not being watched."

Sakoda is the former chief technology officer at IMLogic, considered one of the leaders in the rapidly emerging messaging security space before Symantec bought the firm for an undetermined amount of cash in January.

At the time of the deal, experts speculated that Symantec shelled out top dollar for the company in order to quickly shore up its IM security operations. IM Manager 8.0 is the first set of products released since the two companies merged.

The package is meant to provide a soup-to-nuts IM security blanket for handling everything from drafting security policies to distribute and enforce among workers, to capturing all the data people transmit in their messages.

Features include the ability to identify and quarantine malicious attacks aimed at IM users, as well as the capability to turn off the multimedia functions or VOIP (voice over IP) tools available in many public IM platforms.

More sophisticated functions in the package are aimed squarely at companies looking to employ IM security tools in the name of supporting compliance with regulations such as the U.S. governments Sarbanes-Oxley Act.

In addition to search features that allow IT administrators to query users messages for specific types of information, such as sensitive product or financial data, the Symantec applications also promise the ability to monitor for unusual variations in IM-related behavior, which could evidence employee misuse or a computer that has already been infected by a virus.

/zimages/2/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Another major thrust of the new product is Symantecs contention that customers, enterprise firms in particular, are looking for suites of integrated security applications to handle all of their problems, rather than point products or best-of-breed tools.

By adding the ability to monitor publicly-available IM systems to its corporate messaging system defenses, the company said it can address most related issues in one swoop.

While Sakoda likely sang a different tune when steering IMLogic, a best of breed rival of Symantecs, he said its true that companies are desperate for simpler answers to their problems.

"All of the major issues weve seen over IM have been generally satisfied by point solutions and best of breed vendors, but the reality is that the problems we see are fairly consistent across different types of messaging clients, so theres a need for a comprehensive approach," Sakoda said.

"In general, the solutions out there dont work well together or allow for simplified administration or policy enforcement, and we feel theres a real opportunity for us in addressing the need for centralized management and security."

/zimages/2/84833.gifZiff Davis Media eSeminars invite: Is your enterprise network truly secure? Join us April 11 at 4 p.m. ET as Akonix demonstrates best practices for neutralizing threats and securing your network.

Sakoda said that Symantec is also working to add similar tools for new enterprise collaboration systems, which fall prey to many of the same risks as IM platforms, he said.

According to Symantecs most recent Internet Security Threat Report, worm viruses remain the most common form of malicious code found on public IM networks, representing 91 percent of all messaging-related attacks.

The vast majority of the IM threats detailed in the research were URL-based worms, but the report also detailed an increase in phishing attacks and more sophisticated malware distribution.

Symantec said IM Manager 8.0 will be licensed on a per user basis at $40 per person, including content updates, support and maintenance.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.