The firm, best known for its popular Zone Alarm PC security software and its Integrity enterprise-wide solutions, is starting small, however. It seeks initially to bring IM security first to home workers, small businesses, and consumers, with an offering available now for those markets.
"As we spoke with instant messaging users, both in corporate environments and at home, people using it across those spaces are often not very security-savvy ... though they're very reliant on this technology," said Frederick Felman, Zone Labs' vice president of marketing. "So there are some risks, both human risks and technology risks."
The firm's small- and medium-business IM solutions come to market thanks to the acquisition of Bay Area instant messaging security vendor IMsecure, which Zone Labs snapped up with the goal of releasing the firm's eponymous product under its own brand.
But it's banking that larger businesses will gravitate to an IM solution as well, once it's linked to its other offerings. In coming months, Zone Labs plans to offer a more fully-featured product that integrates the solution with its own flagship enterprise security offering, Integrity Server.
At present, however, the company offers a free, limited version of IMsecure -- which provides protection for only one IM account on a network or PC -- to entice budget-conscious home users and small businesses into upgrading to the multi-network, multi-account IMsecure Pro.
IMsecure Pro Features
Like offerings from established players IMlogic, FaceTime Communications, Akonix, and others, IMsecure's Pro product sits at the PC protocol or network firewall, controlling the flow of instant messages into and out of the computer or the network.
Currently, IMsecure Pro supports AOL Instant Messenger, Yahoo! Messenger, and MSN Messenger; ICQ support should be added to the product within months.
From its vantage point between the PC or network's edge, IMsecure and its peers can block IMs that use suspicious or illicit keywords -- a feature in high demand in industries regulated by strict compliance policies. But the firm also has found that keyword blocking has a need in smaller businesses and home use, as well.
"There's the risk that individuals using instant messaging might actually treat the medium too cavalierly ... a lot of people who are less savvy with Internet or Internet communications might communicate something without considering the medium," Felman said.
As a result, the Pro version provides a so-called "lockbox," enabling users to tell the system what sort of information to protect from being transmitted over IM. Protected information -- hidden if a user attempts to type it -- can include Social Security Numbers, phone numbers, addresses, banking accounts, and so on.
To enable the system to detect sensitive data, users must enter a sample of the information they wish to protect, which can be encrypted for additional protection.
"If we're talking on IM and I start to enter my street address -- which is one of the pieces of information I've chosen to protect -- on my screen, I 'm reminded after I press the 'Enter' key that this is information that I elected to protect, and it's not being sent," Felman said. "On the receiver's screen, it appears as asterisks."
Few solutions offer detection features as advanced as found in IMsecure Pro, however -- protected data can be detected even if users attempt to circumvent the system using character substitution, or by inserting spaces or other characters into words.
"It's pretty smart in terms of catching this even if someone tries to foil it," Felman said.
Zone Labs also said it sought to tackle other, more technical security risks to using IM. The product can provide extra security by stripping HTML links from IM conversations, or by removing potentially misleading HTML links' titles, which can hide a link to a Trojan horse or other malicious program under a seemingly innocuous "Click here."
By dint of its controlling messaging in to and out of IM clients, IMsecure Pro also address situations in which a hacker is attempting to launch unauthorized IM and file-sharing services on a user's PC.
"There are instances of rogue IM clients being distributed as Trojan horses and using IM back-channels to distribute information to hackers," Felman said. "Because we're client-independent and operate at the protocol level, no one could enable file-sharing through rogue IM channels."
File-sharing -- which can open the door not just to copyright issues, but can unintentionally give a hacker access to a PC -- can be blocked through the application, similarly to its rivals. Additionally, IMsecure also provides central control over use of multimedia IM.
"Audio and video are risky for families -- you don't know what your kids will say or do over audio or video channels -- and in a corporate setting, you're not sure whether you want to accommodate those kinds of usage because of bandwidth," Felman said. "We determine whether you want to share audio and video on one place on your system -- often, with most IM clients, those controls are buried" in the clients' user interfaces.
Enterprise enhancements
While the company declined to comment at length on additional features of its upcoming enterprise product, Felman said it would integrate with Zone Labs' security policy manager, Integrity Agent, to provide user- and group-level IM management.
"Our customers are already using user and group administration to deliver policy to secure endpoint computers, firewall policy, and Internet communications policy," he said. "In much the same way, we've talked to our enterprise users about doing IM security on a role base as well, because we integrate with LDAP, RADIUS, NT domain and Active Directory."
The company is wagering that integrating its IM solution with Integrity will give it a leg up in servicing clients -- since Integrity already provides one-stop management for firewall controls, rules governing application use and individual workers' PC settings. (The leading solutions in the area have typically partnered with third-party vendors to offer security features beyond IM.)
More importantly, Zone Labs' chances of becoming a player in enterprise IM could to get a boost from what's likely to be a ready-made, receptive audience for the enterprise version of IMsecure. That's because Integrity is in use at more than 700 companies, including EDS, Herman Miller, Adobe and Novell.
"Very large organizations are using our endpoint security solution, and they're coming to us and telling us, 'IM is very important to us, we want to be able to enable it, our workers are more productive,'" Felman said. "They like the use of it, but are scared to death of the vulnerabilities it presents."
Christopher Saunders is managing editor of InstantMessagingPlanet.com.
Loading Comments...