Home
Affiliations
Resources
Contact
Products A-Z
Products by Category
How to buy
On-LineStore.htm
Texas CISV Catalog

Akonix Systems, Inc.

Akonix Systems, Inc. headquartered in San Diego, California is an award winning provider of enterprise software that transforms public Instant Messaging (IM) into a  safe, secure and manageable business-critical application. Akonix solutions enable organizations to secure, manage and report on IM and Peer-to-Peer file sharing usage, while satisfying Federal, industry and corporate compliance requirements.

 Product Overview

 Product Architecture

 Why should you be concerned?

 Product Benefits

 Summary

 L7 for ISA Server

 Compliance Manager

 View Product Datasheet

 View Product Solution Sheet

Read eWeek Lab's Review of L7

 Attend Free Webinar

 

Manage and Secure Public Instant Messaging

Product Overview
 Akonix L7 Enterprise is an award-winning gateway that allows organizations to secure their networks from the threats of unmanaged Public Instant Messaging, while continuing to gain its benefits.  Akonix L7 Enterprise addresses critical business drivers such as Security, Control and Management, Compliance, Liability, and Reporting.

Akonix L7 Enterprise allows organizations to:

  • Scale from 20 users to over 100,000 simultaneous active users, through TRUE horizontal clustering in a single network, or across geographically distributed networks (up to 20,000 simultaneous active users per single gateway)
  • Create and enforce ACTIVE granular corporate policies by variables such as message content (by keywords, phrases, and regular expressions), file transfer properties (by file type, size ranges, and keywords),  time-of-day, and directions of messages.
  • Enforce that ALL Public Instant Messaging traffic is managed by the gateway (with our patent-pending L7 Enforcer Technology)
  • Manage ALL 4 major Public Instant Messaging networks, including (AOL, ICQ, MSN, and YAHOO)
  • Specify which employees can use IM, and what type of features
  • Enforce a Controlled Namespace so that employee's screen names all match a corporate template
  • Protect from information leakage (by automatically keeping all internal messages inside the network, even over VPNs and WANs)
  • Record any or all conversations (granularly log and archive)
  • Generate detailed reports on usage (more than 30 standard reports, and custom reports easily created)
  • Schedule reports to run at specified time intervals, and be delivered automatically via email, or uploaded to file server or Intranets
  • Protect from viruses (by virus scanning any file transfers)
  • Protect from hackers (by enforcing use of patched versions)
  • Protect from malicious content and IM spam (by active built-in content filtering)
  • Automatically inject custom disclaimers into message stream
  • Broadcast alerts to any or all logged in users
  • Upgrade the gateway without any downtime through our built in Live Update technology
  • Reduce legal liability
  • Integrate with any other enterprise systems (NIDS,CRM/ERP/Email/Storage, etc) (through rich API)
  • Address compliance requirements for SEC/NASD, Oxley-Sarbanes, and HIPAA regulations

Product Architecture

Akonix L7 Enterprise installs behind corporate firewalls or proxies.  To use Public Instant Messaging, employee's clients must pass through the gateway.  This architecture is unobtrusive and does not introduce an additional point of failure, or reduce network performance in any way, as only Public Instant Messaging traffic is routed to the gateway.  There is no need to install client software, or modify the clients in any way.  In fact, unless a restrictive policy is being enforced, the users see no change in behavior or speed of communications.  Employees can continue to use their existing instant messaging clients, and IT managers get management and security features they require. 

Akonix L7 Enterprise fits into any network environment as a standalone SOCKS5 Proxy, chained behind other proxies, integrated tightly with firewalls, DNS routed, or HTTP tunneled.

Akonix L7 Enterprise includes the patent-pending L7 Enforcer Module that watches network traffic, and makes sure that all users are connecting through the gateway, as Public Instant Messaging clients can easily bypass other types of gateways by simply changing their IP stack properties, or installing additional tunneling software.

Akonix L7 Enterprise automatically imports users and groups from existing domain(s) such as Active Directory, NTLM, LDAP, and NDS so that users can be managed by their real corporate credentials, rather than ambiguous screen names.

Screen names are AUTOMATICALLY mapped onto real corporate directory names by our patent-pending Automatic User Discovery technology.  There is no need to rely on users to map their own screen names, or for IT managers to manually map names.  Akonix's Controlled Namespace technology allows IT managers to enforce adherence to screen name templates (ex: "DomainUsername_Domain")

Akonix L7 Enterprise provides granular configuration of logging and archiving.  Administrators can choose to log only headers, headers and actual message text, or choose to log only when a certain policy criteria is met.  Logs are automatically exported to reporting databases such as MS SQL Server, long term archiving devices such as WORM (Write Once Read Many), or even third party archiving solutions from companies such as (iLumin, Legato, Persist, and Zantaz).

Akonix L7 Enterprise also ships with over 30 pre-built reports including detail reports, summary reports, color charts and graphs, and virus reports.  Custom reports are easily created using Crystal Reports or SQL Query Analyzer.  Administrator can schedule reports to run automatically, at specified intervals, and automatically be delivered to email servers, file servers, or Intranets in many different formats, including HTML and PDF.

Akonix L7 Enterprise gateways can also be clustered in a single location for TRUE redundancy, or be clustered across multiple locations, with centralized management. Clustered gateways act in unison sharing all attributes including runtime state and policy.

Akonix's patent-pending Message Reflection and Advanced Message Routing technologies make sure that all messages sent between employees are kept internal to the local or wide area network, preventing confidentiality leaks, while allowing employees to continue to use their clients of choice, and to communicate with the outside world.

Akonix L7 Enterprise is managed by the Akonix L7 Enterprise Manager, a Microsoft MMC snap-in, that allows unified access to all the functions of Akonix L7, including managing local and distributed clusters.

On top of this architecture, Akonix L7 Enterprise adds many security, management, filtering, and reporting features. See for yourself...

Why Should you be concerned?

The Risks of Rogue Protocols

The dangers presented by Rogue Protocols are real and have been widely reported by major security institutions and publications including CERT and the SANS Institute.  There are two primary classes of Rogue Protocol risk: security and compliance management.

Rogue Protocol Security Risks

The security risks associated with Rogue Protocols include exposing outsiders to confidential content, infecting systems with viruses and opening the corporation to external attacks.

Exposure of Confidential Content

Rogue Protocol-based applications, such as peer-to-peer file sharing and instant messaging, allow outsiders to view unauthorized information or files. Confidential information can be willfully disclosed by employees or captured unknown to users. For example, with peer-to peer file sharing, an employee could unintentionally share access to confidential information on the corporate network or on his or her system. 

With instant messaging, the traffic from two communicating employees sitting across from each other actually travels outside the organization, through a public messaging server and back to the other employee (see illustration below). Eavesdroppers can intercept instant messages en route to the recipient, conversations may be logged indefinitely on a public messaging server and confidential conversations can easily be recorded by unauthorized third parties.

Using an instant messaging application, the messages of two employees communicating within a company are actually transferred in clear text over the Internet for anyone to see.

Infections from Files

With both instant messaging and peer-to-peer file sharing applications, content can pass through firewall and virus protection systems, introducing damaging viruses, worms and Trojan horses into the network.  These infections can result in serious damage to important network assets and may even provide access to or control of employees’ computers.

External Attacks

File sharing and instant messaging applications are notoriously buggy and can easily lead to malicious external attacks. Buffer overflow problems are common, allowing a hacker to execute code on a user’s system or perform a denial of service attack. With instant messaging applications, a hacker could identify the buddies of the victim and attack them. Some web browsers have integrated instant messaging, resulting in the potential for attack without even activating the instant messenger part of the browser. Peer-to-peer file sharing and instant messaging applications that share files often allow third parties to view the user’s IP addresses, increasing the risk of an attack.

Corporate Management and Government Compliance

Applications that use Rogue Protocols often go unrecognized by IT departments, making it difficult to enforce corporate and governmental policies. In the financial industry, regulators mandate that financial services companies log all electronic communication with customers, including instant messages. Because instant messaging traffic is not logged by existing network security systems, corporations can not fully comply with regulations.  Enforcing corporate policy is challenging if the activities in question are undetected. Corporations may not want employees using the network to transfer music or other files to outside entities. Simply blocking ports will not solve the usage problem because instant messaging and peer-to-peer file sharing applications scan for open ports and may also tunnel through port 80 (the port used for web traffic).

Extending employee Internet management to Rogue Protocol-based applications is not possible if the protocols are difficult to detect and control. There may be a need to scan messages and files for potentially damaging content such as pornography or encrypted transmissions. 

Lost employee productivity

Finally, there’s the issue of employee productivity. Some organizations want to control the use of instant messaging to ensure their staffs are not spending excessive time with personal communications. File sharing applications bog down the corporate network at the expense of normal business traffic, impacting the response time for employees and customers, leading to lower productivity.

Because more than 30 percent of corporations are using instant messaging applications and the number is projected to reach 70 percent by 2003, there are clear and present dangers that must be addressed (Osterman Research, March 2002 and Gartner, October 2001,respectively).

Product Benefits

For enterprises seeking to detect and control Rogue Protocols, Akonix offers Akonix L7, a powerful security gateway that guards the network at its perimeter.  Akonix L7 extends the capabilities of the firewall, keeping confidential communications inside the boundaries of the network while preventing outsiders from leveraging the security weaknesses of Rogue Protocols.

Akonix L7 is the first perimeter security application that eliminates the risks of Rogue Protocols by subjecting them to standard network security policies.  Unauthorized connections are blocked while authorized communications occur within corporate-defined Akonix L7-imposed policy constraints. Additionally, Akonix L7 logs and reports all Rogue Protocol activity to bring corporations in compliance with internal policy and industry regulations.

Engineered for change, Akonix L7 is designed to adapt to new Rogue Protocol threats via easy to install protocol updates. The current version of Akonix L7 supports all major public instant messaging protocols and the next release will add popular file sharing protocols.

Benefits of Akonix L7

Akonix L7 provides a wide range of security, policy, compliance and management benefits to enterprises.

Security Benefits

  • Keeps interactions between employees secure within the network perimeter or over a wide area network via virtual private networking (VPN)

  • Prevents unauthorized content from being shared via peer-to-peer file sharing and unauthorized discussions from occurring with instant messaging

  • Stops Rogue Protocols from letting viruses, worms and Trojan horses slip through the firewall

  • Blocks outdated Rogue Protocol-based desktop applications that are susceptible to hackers

  • Manages protocol traffic to prevent unauthorized use of Rogue Protocols

  • Seals potential security holes common with Rogue Protocols

Corporate Policy and Industry Compliance Benefits

  • Logs and records messages and file exchanges for industry compliance and investigations

    • Automates policy enforcement and tracks usage at the group or employee level

  • Impedes inappropriate messages and files that may contain unsuitable content such as pornography and pirated content, reducing the risk of lawsuits because of improper content transmission

  • Blocks the use of specific terms from instant messages that are forbidden by corporate policy (i.e., words like  guarantee or confidential and offensive language)

  • Provides an audit trail showing who is transferring what content to what location at what time and to whom

  • Provides analysis at the employee level for forensics purposes

Management Benefits

  • Controls employee use of Rogue Protocol-based applications at granular levels including user, group, time of day and keyword content

  • Provides a layer of protection from impersonation by associating screen names with corporate users via interfaces with enterprise corporate directories such as Active Directory, NTLM and LDAP

    • Allows management across multiple gateways from a centralized location

  • Provides application version control to assure employees are using authorized and up to date software

  • Supports all major instant messaging applications: AOL Instant Messenger, ICQ, Yahoo! Messenger, MSN Messenger and IRC

  • Includes a rich API and scripting language for site specific customization

  • Generates a variety of high-level reports such as what applications are being used, how many messages are being transmitted each day, who the top users/abusers are and how many attachments are being transmitted

  • Helps recover lost bandwidth and storage due to restricting peer-to-peer file sharing

  • Limits lost productivity from non-business use of instant messaging and peer-to-peer file sharing

  • Increases network responsiveness by selectively blocking file transfers that can bog down the network

Instant Messaging Example

Without the Akonix L7 solution, instant messages between employees located within and external to the network are delivered in plain text over the Internet to public servers (see illustration to right).

The result is that confidential communications are open to interception by outsiders. Akonix L7 secures instant messaging traffic while taking both the Internet and public servers out of the communication path. Akonix L7 also associates screen names with corporate identities to provide a layer of protection against impersonation. Akonix L7 allows the instant messaging communication between two internal employees to remain within the network (see illustration below). The Akonix L7 Gateway, independent of the firewall and external messaging servers, transparently handles communication.

 

Alternatively, Akonix L7 allows secure communications between authorized users located outside the network via a secure VPN. In this case, the Akonix L7 Gateway transmits messages to the firewall and over a VPN to the receiving party (see illustration below).

Peer-to-Peer File Sharing Example

 

 

 

Without the Akonix L7 solution, peer to- peer file sharing applications allow employees to download files while circumventing policy enforcement and centralized virus scanning mechanisms (see illustration to right).

 

 

 

 

Akonix L7 can control or block peer-to-peer file sharing use based on attributes such as sender, recipient, message content and file attachment type, size and name (see illustration below). Message content and file names can be further controlled based on keywords and pattern matching. Akonix L7 can also interface with centralized virus scanners to assure that all files transmitted are virus-free.

Summary

Akonix L7 is the solution for corporations seeking protection against applications that use Rogue Protocols, such as instant messaging and peer-to-peer file sharing. Designed to prevent Rogue Protocols from piercing the firewall and exposing corporations to serious security, legal and compliance risks, Akonix L7 is the first perimeter security application that eliminates the risks of Rogue Protocols by subjecting them to standard network security policies. 

 

  Copyright 2003 Messaging Solutions LLC Last updated: 01/26/2008 04:32:39 PM -0700  |  Contact Info | Privacy Policy