Mobile Version Subscribe Contact Us About Us Advertising Editorial SC UK SC Aus/NZ

Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Email*

Password*

Keep me logged in Forgot your password?

Email*

Instant messaging: Stop the worm blast

August 01, 2007

More News

Simply blocking IM is no longer an option, so bite the bullet and deal with the security and business risks, argues Ericka Chickowski.

Companies have traditionally regarded instant messaging (IM) as an unwelcome distraction for staff and have promptly reacted to the associated security risks by banning or blocking the technology. But this approach is becoming unworkable as attempts to subvert blocking measures become more successful.

"A lot of people who are trying to get around IM blocking will use things such as proxy avoidance," says Devin Redmond, director of the security products group for Websense. "Among our customers, we've seen a transition from turning off IM to asking: 'OK, how do I better administer it?'"

Employees are increasingly demanding the real-time communication capabilities of IM, forcing IT security staff to come up with plans that include IM in the infrastructure. "I have heard: 'Look, this is real, this is business, and we've got to do something with this,'" says Diana Kelley, vice-president and service director at consultancy The Burton Group. "This isn't just people making plans for lunch."

While the convenience of IM is popular with users, organisations face security, compliance and risk issues because, over the past few years, it has become the vector of choice for malicious hackers to deliver payloads and conduct fraudulent activity. "We continue to see an increase in unique attacks using IM networks to drop malicious code, viruses, spyware, worms and Trojans on to people's desktops," says Don Montgomery, vice-president of marketing at IM security vendor Akonix. "We think that the continued increase is partly due to the use of instant messaging at work."

And it is not just the number of attacks that is escalating, they are becoming more effective, too. In most cases, attacks are shifting from pure IM to blended threats, according to Jose Nazario, senior security engineer at Arbor Networks. "We're seeing less of the pure IM worm. Instead it is used as a core component in many bots and related software," he adds.

While IM is often compared to email, its real-time nature presents additional security challenges. "IM worms can propagate much faster than traditional network worms," Nazario explains. "They are faster than email worms because the transfer time of messages is so much faster, and you have that built-in buddy list that acts as a hit list."

However, what troubles business leaders even more when sanctioning the use of IM is the problem of controlling what is being said and keeping track of those conversations for the auditors and lawyers.

"People know you have to take security measures when you do deploy it, but what we're seeing is that concerns are much more about the business risks," says Steve Yin, vice-president of sales and marketing at St Bernard Software.

Issues of enforcing acceptable-use policies, tracking conversations and blocking outbound passage of valuable intellectual property can really complicate official deployment of IM. Add to that the requirements for communication storage within numerous regulations and laws and it can soon turn into a big headache.

"We're starting to see a shift in buyer sentiment in the desire or need to integrate instant messaging into the electronic message store for compliance and knowledge management," says Montgomery.

A version of this article appeared in the US edition of SC Magazine.