RealTime IT News

IMlogic Tackles Zero-Day Chat Threats

Officials at instant messaging (IM) management vendor IMlogic launched a new service Tuesday to stop zero-day viruses and worms before they cripple the enterprise network.

The Real-Time Threat Protection System (RTTPS) uses a combination of threat filters and reputation scoring to predict whether a link contains a security vulnerability. If a message meets the requirements, the content is blocked at the server level before it is sent to the end user.

Zero-day threats refer to security vulnerabilities, like worms and viruses, that haven't been discovered by security vendors who write virus definitions and pass them along to the end user's security application.

The protection is commonly found in e-mail anti-virus applications from vendors, such as Symantec and McAfee , but officials at IMlogic said there's no comparable technology for instant messaging.

That's a problem for network administrators, said Jon Sakoda, IMlogic CTO. End users see an IM window pop up looking like a message from a manager, co-worker or family member and click on the link, not realizing until it's too late that they've corrupted the system.

"[IM] lends itself to a fast-hitting, very virulent type of threat which burns very quickly through a corporate environment once infected," Sakoda said.

Every day is a zero-day in an IM environment, he added.

According to Sakoda, RTTPS is based on four key components:

  • a predictive threat filter that analyzes a chat message based on the number of people it's trying to connect with and known threat profiles, then blocks the IM if it seems like a threat;
  • reputation scoring based on the potential threat level of the content;
  • the ability to intercept and redirect embedded URLs to show end users the level of risk suspicious IM content poses;
  • integration with IMlogic's threat center, launched last year as a database of known IMB threats and viruses, for the latest information on known or potential outbreaks.

Administrators can monitor RTTPS traffic through dashboards. The new product integrates with the Waltham, Mass.-based company's IM Manager versions 7.0 and 7.5.

RTTPS costs companies $10 per user for a one-year subscription contract or $18 per user if they sign a two-year contract. Volume discounts are available, officials said.