The job of a network administrator is a busy and demanding one made only harder when users install unauthorized software, as they're prone to doing. A new company, however, is working to make administrators' lives a bit easier when it comes to managing these "rogue" applications.
Akonix Systems Inc. Monday announced the Akonix L7 software platform, the San Diego company's first product, which is designed to help companies deal with "rogue" protocols, such as those used by popular instant messaging and peer-to-peer applications, said Dmitry Shapiro, Akonix's chief strategy officer.
These applications are "rogue protocols" because their communication methods are often undocumented, proprietary or new and have yet to be incorporated into existing security products, making them hard for administrators to deal with, he said.
Akonix L7 tries to address that problem, however, by placing a gateway parallel to a company's firewall and intercepting, monitoring, auditing, logging and enforcing policy on the communications sent by such protocols, he said. The gateway, which is a software application running on a standard Windows 2000 system, can be used to secure a variety of applications, though the first two classes covered are instant messaging and peer-to-peer, he said.
These applications, and others that will come later, are handled by "protocol adaptor sets," software modules designed to specifically address a set of applications within a "rogue" category. The instant messaging adaptor set can monitor most major IM clients, including MSN Messenger, Yahoo Messenger, AOL Instant Messenger, ICQ and more, he said. The peer-to-peer set covers a number of major peer-to-peer programs, he said.
All traffic sent by those applications is routed through the firewall to the gateway, before it is sent out to the Internet, he said. At the gateway, policies are enforced, conversations logged and actions taken, he said. The gateway is able to automatically discover what applications are being used on the network because the traffic flows through it, he said. User names and addresses are drawn out of the packets sent by the applications and stored in a central directory, allowing the program to keep track of all the user names and applications employed by each user, he said.
The software stops potentially sensitive instant messages from being sent across the Internet by appearing to be an instant messaging server to the applications, and rerouting messages sent to users within the network directly to their destination, Shapiro said. The software works in a similar way for users connecting to a network via a VPN (virtual private network), he said.
Akonix L7 allows policy to be applied to the content of instant messages, blocking messages that contain certain text, logging them and performing other security functions, he said. File transfers sent through instant messaging applications can be scanned for viruses as well, he added.
The software's strength in handling instant messaging programs has pleased Kristoffer Stack, the vice president and director of network infrastructure at ING Furman Selz Asset Management LLC (IFSAM), an investment banking firm in New York. IFSAM has been beta testing the product for about two weeks, Stack said, adding that "it seems to be doing a great job."
IFSAM needed a product that could log, and sometimes block, instant message conversations to ensure that the company complies with a set of as-yet-incomplete regulations governing the financial services industry, Stack said. Those regulations may require the logging of instant message sessions between employees and people outside the company, he said.
"Until we heard of the Akonix product, we were not aware of a product that would allow us to log (IM conversations)," he said.
The product hasn't worked completely smoothly, as there is a small bug in the beta version which causes some instant messages to appear as if they have not been sent until they are responded to, he said. Nonetheless, that is a minor issue, he said.
Stack also hopes to use L7 to block the use of peer-to-peer software within IFSAM.
"(We) hope to use it continually. Once it's a shipping product, we would like to buy it," he said.
Peter Lindstrom, senior security strategies analyst at the Hurwitz Group Inc., is also enthusiastic about the product.
"It's good stuff. I like it," he said.
Lindstrom sees L7 as having the potential to encourage and remove the fear of the adoption of new technologies, like instant messaging, in enterprises.
"(Instant messaging) has some potential for good business value," he said. "This is the controlled way to use a tool that can add value to (almost) any organization."
Though the L7 gateway only runs on Windows 2000, the company plans to offer Linux support by the end of the year, Akonix's Shapiro said.
The software will be sold as a yearly subscription, based on the numbers of users in an organization and on the number of protocols covered. A 50-user subscription costs about US$40 per user for one protocol for a year, with additional protocols sold at a discount. All updates to the protocol adaptor sets made during the subscription will be made available to users for free, Shapiro said.
Akonix L7 will be available by the end of June.