Akonix Enforcer - Protection for your IM Infrastructure, secure and monitor your organizations IM usage

Akonix Systems, Inc.

An award-winning provider of enterprise software that enables corporations to secure and manage Public Instant Messaging while protecting the network against new security threats.

Founded in May 2000, Akonix is a privately held, venture-funded security software company based in San Diego, California.

Product Overview

What problem does Enforcer help solve?

Features and Benefits

How does Enforcer Work?

Not sure if you have P2P File Sharing traffic in your corporate network?

Ready to stop P2P File Sharing on your network?

Attend a Free Webinar to learn more

Akonix wins Messaging Product of the Year 2003 award from Network Magazine.

Enforcer

Protect your network from dangers of P2P File Sharing and unsanctioned public instant messaging

Product Overview

Akonix Enforcer is an innovative patent-pending software product that detects and eliminates the unauthorized use of high-risk applications such as Peer-to-Peer file sharing (P2P) and Public Instant Messaging (IM) from enterprise networks. Enforcer is designed to work as a standalone network security and control solution, but also is ideal for working in conjunction with Akonix’s award-winning Instant Messaging Security and Management solution… L7 Enterprise. In this way, selected users can embrace Public IM in a safe, secure, and managed way using L7 Enterprise, while at the same time protect the entire enterprise network from the risks associated with P2P and other unauthorized (and unmanaged) attempts to use Public IM.

Akonix Enforcer is software to protect corporate networks from business and security risks associated with P2P File Sharing, and Unsanctioned Public Instant Messaging.

Unmanaged use of P2P file sharing exposes corporations to serious business risks, including loss of confidential information, viruses, worms, spyware, and legal liability. Although enterprises have invested in protecting the network perimeter from external security threats, employees have the ability to easily circumvent security measures with P2P file sharing services.

Legal liability issues abound with P2P use. Downloaded material is frequently pornographic, hate related or copyright protected. The Recording Industry Association of America and Motion Picture Association of America have specifically targeted corporations threatening legal action unless they take steps to prevent copyright infringement. Read the article here.

Like public IM clients, P2P clients are freely downloadable and are specifically designed to evade network security by employing port scanning, tunneling and other hacker-like techniques. P2P file sharing is not port specific, so blocking it at the firewall becomes extremely difficult. And since P2P file sharing protocols are not standards-based, they are extremely difficult for network administrators to control, or even detect.

The Akonix Enforcer detects P2P activity and allows IT administrators to choose who can and can’t use it. Unauthorized user's P2P and IM traffic is blocked at the perimeter, without the need of installing software on user's desktops.

What problem(s) does Akonix Enforcer help solve?

Marketplace Challenges and Trends

Public IM and P2P file sharing protocols are a rapidly-growing danger and liability to corporate networks. They employ a number of security penetrating techniques to gain access to corporate networks. Organizations face a variety of associated risks including infected computer systems from online viruses, exposed confidential information, and breached corporate firewalls.

And IM is experiencing very rapid adoption by business users. Osterman Research estimates that the penetration of Public IM services in enterprises is over 80 percent – often implemented by end users without corporate IT sanction. IDC projects that corporate IM volume will increase by over 130 percent per year through 2004, to more than 4.3 million instant messages per day.

The Massive IM Security Risk

This traffic volume, combined with the nature of IM itself, represents a massive security risk. Instant messages are transmitted in clear text and stored in unencrypted form on public servers. IM clients routinely tunnel through firewalls and evade network security using techniques like port scanning and masquerading. And files attached to instant messages cannot readily be scanned for content or viruses. By their very nature, instant messages bypass even the most well designed network firewalls, making the entire network vulnerable.

Such vulnerability was clearly demonstrated in 2002, when several IM worms emerged and quickly spread among IM users worldwide. And unlike email which is typically secured against worms using centralized anti-virus engines, if a worm starts to spread using instant messaging, it cannot be stopped before it reaches the user’s computer.

It’s clear that IM usage has outpaced available security systems. As a result, at this moment thousands of corporate networks are vulnerable to a variety of IM-induced risks.

P2P File Sharing a Looming Threat

The use of P2P file sharing in the workplace is also growing exponentially. WebSense, Inc., reported in 2002 that “the number of peer-to-peer file sharing and file transfer Web sites has spiked more than 535 percent in the last 12 months” and that “30 percent of products listed on CNET’s Most Popular software download list are P2P applications.”

Like IM, P2P file share clients expose corporate networks to risks from virus infections and hacker attacks using security loopholes. P2P file sharing also poses risks to information security, network security and network bandwidth.

According to the SANS Institute’s Peer-to-Peer Networking report, “perhaps the most serious risk with file-sharing P2P applications is information leakage”. Users may inadvertently share files containing sensitive information, and the P2P application installer may automatically share files or folders – including password files – without the user’s knowledge.

The report also identifies the risk of virus transfers and hacker attacks via P2P networks: “Viruses and Trojans are placed into the P2P network in new and insidious ways. Malicious clients have been written so that they will return a match for any given search request. However, when the queried file is transferred and later opened, the user’s system is infected with a virus, Trojan, or worm that propagates inside what once was a fairly secure network”.

And, P2P users commonly share large audio and video files, including MP3, AVI, and MPG. “These massive files,” the report notes, “can congest network links to the detriment of official or other related traffic.”

IM Empowers Business Communications

Instant messaging enhances business communications, enabling employees to work together more efficiently, whether they are in the same building or across the globe. Public Instant Messaging provides corporations with the ability to instantly communicate with the more than 100 million Public IM users, enabling, for example, brokers to share time-sensitive information with customers and clients to make purchases in real time. Corporations embracing Public IM for customer support experience reduced costs and greatly increased customer satisfaction.

Organizations that seek to gain the benefits associated with Public IM require enterprise-class solutions that securely manage Public IM services.

Product Features and Benefits

Blocks ALL major P2P and IM traffic
No desktop components, completely network resident
Active Pass-By Enforcement, NOT In-Line
No latency
No points of failure
Sets up in less than 1 hour
Runs on Windows 2000
Can run in "enforce" or "report only" mode
Logs and reports on all IM and P2P activity

Use the Akonix Enforcer to:

Block P2P file sharing
Keep confidential information internal
Stop proprietary information theft
Prevent legal liability from copyright infringement
Protect against virus infections
Increase network bandwidth availability

P2P Technology Services Controlled:

Block Public Instant Messaging

	FastTrack		AOL
	KaZaA Lite		MSN
	KaZaA		YAHOO
	Grokster		IQC
	iMesh		IRC
	Gnutella
	Gnucleus
	XoloX
	Shareaza
	LimeWire
	BearShare
	Morpheus

Not sure if you have P2P File Sharing traffic on your Corporate Network or if your employees are using Public Instant Messaging?

How does Enforcer work?

1. Scanning: Enforcer performs an asynchronous scan of all network traffic at a particular point on an enterprise network, using a set of Protocol Inspection modules. Each network packet enters a multistep inspection (this is not in-line, so all network traffic continues normally with NO performance or reliability impact). If the traffic is determined to be benign at anytime during the first, second, or third step of inspection, it is immediately disregarded. In this way, the Enforcer is able to operate at very high performance and efficiency.

Due to the sophisticated and in-depth nature of this multi-step application protocol analysis, Enforcer is able to reliably detect even very sophisticated attempts by these rogue applications to escape control. Efforts to encrypt payloads, http tunnel and masquerade, and port scan are all effectively detected and neutralized.

2. Policy/Action Determination: Once IM or P2P traffic is identified, a 2-step policy engine is invoked to determine what action is required.

First, a default action is determined for the particular application protocol in question. For example:

Determined independently for each protocol set (P2P and IM)
Ignore
Allow/Log
Block/Enforce, log, send a customizable user enforcement alert message (optional)

Second, a Privilege/Exclusion list is checked to determine if the particular IP address that originated the traffic should be an exception from the default policy. For example:

If the default policy is allow/log all, determine if the offending client IP address should be specifically blocked as an exception
If the default policy is block/log all, determine if the offending client IP address should be specifically allowed as an exception

3. Block/Enforce Action: Once a determination is made to block some offending traffic, a connection termination is sent to the specific IP address/client that originated the traffic. This termination signal may vary depending on the specific protocol/application, in order to ensure that the traffic is effectively terminated.

When an offending client application is blocked, a customizable user alert may be sent to the client IP address. This can be used to advise the user of corporate policy and any corrective action they should take on their system (to avoid repeated enforcement actions), and can be useful in reducing any potential support desk calls.

4. Log/Report: Enforcer maintains a raw log of all detection and enforcement actions on its local file system (or any network mountable file system), including protocol and IP address detail. These logs are periodically consumed by a separate (included) module called the Data Transformation Service, or DTS (also Windows 2000 based software). A single DTS can consume logs from multiple Enforcers across the network, and feed those logs into a SQL Server database on the network to serve as a consolidated reporting warehouse. Akonix includes a Reporting module to generate basic reports.

How Enforcer is Typically Installed/Configured

1. System Components: An Enforcer installation typically involves the following components:

One or more copies of the Enforcer Server
One copy of the Data Transformation Service (DTS)
One Copy of the Enterprise Reporter
One copy of the Enforcer Enterprise Manager

2. Enforcer Server Installation and Deployment: Enforcer is Windows 2000-based software, typically deployed behind the firewall on the corporate network. Enforcer usually runs on a dedicated PC or PC Server system. Multiple Enforcers may be installed to cover multiple network egress points to the Internet and/or multiple network segments. All Enforcer Servers can be managed from a single Enterprise Manager station.

Enforcer runs as an Asynchronous scan – it is NOT "in-line" with network traffic – but rather reads all network traffic off-line that passes a given point on the network. Thus, there is no impact on overall network performance or reliability from Enforcer (other than improvement in throughput from the elimination of wasted bandwidth formerly consumed by P2P).

In order to scan all traffic on a particular network segment, Enforcer is usually installed to read traffic from a span port on a router or switch. In "block/Enforce" mode, Enforcer writes back to the network client IP address the appropriate application termination signals. This can be accomplished in two ways. First, a single NIC (network interface card) can be used to read in the network traffic and also write out any termination signals back to the network for offending clients. Alternatively, a dual-NIC configuration can be used to read in traffic to be scanned through one card, and then write back to the network any termination packets through the second NIC.

3. Logging and Reporting Installation: As described previously, Enforcer maintains a raw log of all activity, which is periodically consumed by a separate (included) module called the Data Transformation Service, or DTS. A single DTS can consume logs from multiple Enforcers across the network, and feed those logs into a SQL on the network to serve as a consolidated reporting warehouse. Akonix includes the Enterprise Reporter module to generate basic reports from this SQL reporting warehouse. None of these logging or reporting functions require dedicated systems.

An existing SQL server can be utilized within the enterprise, and can host the DTS. Additionally, an existing network management workstation with the Microsoft Management Console (MMC) software installed can be used to run all Enforcer management functions.

Figure 1 – Enforcer Conceptual Diagram

4. Enterprise Manager Installation: All Enforcer configuration, administration, and management functions are conducted via an MMC snap-in module, called the Enforcer Enterprise Manager. An existing network management workstation running MMC may be used for this function, and can manage all Enforcer Servers deployed in a network. The interface is intuitive and simple to use, and closely follows familiar examples such as Microsoft Exchange in look and feel, enabling immediate administrative operation with virtually no training or ramp-up time. Enterprise Manager functions include:

Add administrative and also read-only reporting users accounts, and system licensing
Configure Enforcer policy settings
Configure DTS for logging actions
Configure Dynamic Update Service
Customize any desired user alerts

5. Performance: As an asynchronous device, the Enforcer has no adverse affect on network performance. In laboratory stress testing, the Enforcer was able to saturate a 1 Gbps NIC card while still performing at less than 50% CPU performance on a mid-range single-CPU Windows 2000 PC server. In large enterprise production operations to date, the Enforcer has been able to scan all traffic up to the capacity of its NIC card with no system performance limitations.

Ready to stop P2P File Sharing on your network?

Download a 15-Day Trial of Akonix Enforcer

If you would rather MANAGE Public Instant Messaging, and allow your employees to gain its benefits, while eliminating the threats associated with using it, see our Akonix L7 Enterprise Gateway product.

Free Webinar

Register for our Free Webinar to learn more about protecting your network from the dangers of Public Instant Messaging and P2P File Sharing