In the age of ‘instant everything’, the enterprise network is a teeming jungle of consumer and Web 2.0 applications that are just a click—or a tap—away for users. And, while some organisations are well aware that employees are bringing in unsanctioned applications through the back doors of their enterprise networks, others are absolutely convinced that it can’t happen to them.
Just a few years ago the Internet was primarily about transmitting and accessing pretty static information via HTTP, FTP and e-mail. But the Internet has changed. Today, it is dominated by applications such as instant messaging, P2P, VoIP, social networking and Web 2.0 tools such as blogs. As an example, FaceBook opened its platform to developers just six months ago, and today there are more than 15,000 applications available to users—and 2,000 of them are chat and messaging apps! (IT managers can reference and learn more about this growing list of applications at www.greynetsguide.com.)
Over the last three months we have collected real-world data taken from our Unified Security Gateway appliances deployed across more than 60 participating global organisations. This represents a small percentage of our customer base and these companies have opted into a program that sends data back to us, so we can analyse Internet application traffic.
The data shows us that 53 different instant messaging applications were requested, with web-based instant messaging comprising the second highest ranking Web 2.0 application category users attempted to access, with 563,164 attempts.
These Web 2.0 apps are being brought into the workplace by a new generation of workers who grew up on mobile phones, on ICQ, MSN, QQ, MySpace and the like. These applications circumvent traditional security infrastructures by using techniques like port hopping, encryption, port tunnelling and employing random session behaviours. More importantly, they have become the new channel for malware, information leaks and compliance violations. Organisations need security solutions that address the new applications. Web filtering is still necessary, but is clearly insufficient.
We’ve seen a variety of organisations using real time communications channels and social networks to their advantage recently—from the Australian lawyer who used Facebook to serve papers on a house repossession to 46 per cent of Australian graduates saying that their choice of employment would be influenced by an employers social networking policy.
“The first step to take is to understand the status quo, getting a thorough understanding of what employees are currently doing on the Internet,” says Nicholas Tay, APAC Regional Manager of FaceTime Communications. “And not just with e-mail or with their web browsers, but with other applications not controlled by traditional web security tools, such as consumer-based instant messaging and the myriad Web 2.0 applications in widespread use. You can’t manage what you can’t see.”
There are free tools available that provide a deep look at exactly what is traversing the enterprise network, and the results are almost always surprising. Organisations that believe they have these applications locked down tend to be amazed when they discover the actual instances of unauthorised traffic on their network. Blocking ports on the firewall and disallowing access to specific URLs doesn’t cut it anymore.
One organisation, for example, found 19 GB of IM traffic over a dozen networks during the course of just three weeks, plus heavy use of IM aggregators like Meebo and IMhaha. At the same time, 20 GB of P2P traffic was discovered including a high usage of Skype with applications like Tor and Hopster in use to bypass network proxy servers. In addition, the company had hundreds of malware infections ranging from simple adware to the most dangerous keyloggers.
With knowledge about what’s really happening on the network, decisions can then be made about what to embrace, what to block and how to ensure there are no work-arounds in play.
Fully blocking rogue applications and access to undesirable Web resources requires more than a traditional firewall. In the age of ‘instant everything’, it requires technology solutions based on a thorough understanding of real-time communications protocols and their evasive behaviours.
“Enabling the use of collaborative communications applications with confidence means putting fault-tolerant, enterprise-grade security, management and compliance solutions in place to monitor and control both incoming and outgoing communications over the network,” concludes Tay “In order to do this, enterprises need to get visibility of all traffic on their networks, apply policies allowing or blocking at user/group levels and for those applications such as IM that are allowed, to enforce hygiene, content filtering and compliance logging.”
Nicholas Tay is Regional Manager (Asia Pacific) for FaceTime Communication with 7 years expertise in IT Security. Prior to FaceTime, Nicholas was the provider of solutions in the UTM space in South East Asia for Watchguard providing solutions for UTM Firewall.
