IMlogic launches IM threat protection

Von Cathleen Moore

The number of worm and virus attacks crashing into corporations through IM is skyrocketing. This unsettling trend is forcing enterprise IT managers to finally get serious about securing corporate networks against IM malware.

In response to this growing security threat, IMlogic this week introduced RTTPS (Real-Time Threat Protection System), a preemptive security system designed to predict and fight IM attacks. RTTPS automatically detects and quarantines suspicious enterprise IM traffic before IM worms and viruses can infect corporate networks.

The new product is integrated with IMlogic"s IM Manager and Threat Center.

"Enterprise IM needs have evolved from management and control to being more around protection from malware," said IMlogic CEO Francis deSouza.

Many businesses are still relying on public IM services from the likes of AOL, Yahoo, and MSN, according to The Radicati Group. The majority of IM accounts in 2005 -- approximately 816 million -- reside on public IM networks. In comparison, the enterprise-specific IM software segment comprises about 51 million accounts this year, according to The Radicati Group.

IMlogic"s Threat Center, a global consortium for IM threat detection, reported in August a whopping increase of 3,543 percent in reported incidents of new IM viruses and worms, compared with the same month last year.

And it"s not just the sheer volume of attacks, but the speed of the attacks coupled with the fact that IM-based worms and viruses have the potential to wreak devastating havoc.

"People don"t know the threat potential of IM malware," deSouza said. "IM clients are very functional clients [that] can send and receive presence and IM, audio, video, app sharing, and give up control of the desktop. The potential for damage is very high."

Because IM viruses spread at a breakneck velocity, the ways IT managers traditionally protect their networks against e-mail viruses -- such as issuing a patch within a couple days -- doesn"t work against IM attacks.

"Over IM it can take as little as 30 to 40 seconds to infect half a million hosts," he said. "That is several magnitudes of order faster than e-mail."

The key to fighting IM malware is early detection, deSouza said.

RTTPS is designed to combat the real-time nature of IM attacks by using predictive analytics and network anomaly detection to identify potential attacks and block them before they spread.

The system leverages IMlogic"s IM Manager customers -- approximately 600 of them, with a total of more than 1 million seats around the world, according to deSouza.

"We"ve put RTTPS in all of those sites. It looks for suspicious activity across those users. [If it] sees a URL spreading rapidly, it blocks that IM automatically, and sends a message to the threat center," deSouza said.

Within minutes, a feedback loop is created and the threat is blocked, he said.

So far, the IM attacks that have penetrated corporations haven"t resulted in a worst-case scenario.

However, danger is still lurking and it may come from a trusted colleague.

"Because the attacks seem to come from someone in your buddy list, which is a trusted community, people who should know a lot better are clicking on the infected URLs," he said.