Instant messaging: Stop the worm blast

July 30, 2007

Simply blocking IM is no longer an option, so bite the bullet and deal with the security and business risks, argues Ericka Chickowski.

Companies have traditionally regarded instant messaging (IM) as anunwelcome distraction for staff and have promptly reacted to theassociated security risks by banning or blocking the technology. Butthis approach is becoming unworkable as attempts to subvert blockingmeasures become more successful.

"A lot of people who are trying to get around IM blocking will usethings such as proxy avoidance," says Devin Redmond, director of thesecurity products group for Websense. "Among our customers, we've seen atransition from turning off IM to asking: 'OK, how do I betteradminister it?'"

Employees are increasingly demanding the real-time communicationcapabilities of IM, forcing IT security staff to come up with plans thatinclude IM in the infrastructure. "I have heard: 'Look, this is real,this is business, and we've got to do something with this,'" says DianaKelley, vice-president and service director at consultancy The BurtonGroup. "This isn't just people making plans for lunch."

While the convenience of IM is popular with users, organisations facesecurity, compliance and risk issues because, over the past few years,it has become the vector of choice for malicious hackers to deliverpayloads and conduct fraudulent activity. "We continue to see anincrease in unique attacks using IM networks to drop malicious code,viruses, spyware, worms and Trojans on to people's desktops," says DonMontgomery, vice-president of marketing at IM security vendor Akonix."We think that the continued increase is partly due to the use ofinstant messaging at work."

And it is not just the number of attacks that is escalating, they arebecoming more effective, too. In most cases, attacks are shifting frompure IM to blended threats, according to Jose Nazario, senior securityengineer at Arbor Networks. "We're seeing less of the pure IM worm.Instead it is used as a core component in many bots and relatedsoftware," he adds.

While IM is often compared to email, its real-time nature presentsadditional security challenges. "IM worms can propagate much faster thantraditional network worms," Nazario explains. "They are faster thanemail worms because the transfer time of messages is so much faster, andyou have that built-in buddy list that acts as a hit list."

However, what troubles business leaders even more when sanctioning theuse of IM is the problem of controlling what is being said and keepingtrack of those conversations for the auditors and lawyers.

"People know you have to take security measures when you do deploy it,but what we're seeing is that concerns are much more about the businessrisks," says Steve Yin, vice-president of sales and marketing at StBernard Software.

Issues of enforcing acceptable-use policies, tracking conversations andblocking outbound passage of valuable intellectual property can reallycomplicate official deployment of IM. Add to that the requirements forcommunication storage within numerous regulations and laws and it cansoon turn into a big headache.

"We're starting to see a shift in buyer sentiment in the desire or needto integrate instant messaging into the electronic message store forcompliance and knowledge management," says Montgomery.

A version of this article appeared in the US edition of SC Magazine.

prestitial ad