L7 NETWORKS INC. - Secure Networks at Layer-7

>>> CONTACT US

Features

HOME > PRODUCTS > InstantScan Features

InstantScan Features

Manage/Audit employee's IM / P2P

What are employees doing at work ?

Employees often use Outlook to receive emails, Internet Explorer to browse websites, Instant Messengers (IM) such as MSN/Skype to chat with friends, and P2P software such as BT / eDonkey / Xunlei / KaZaA / Kuro / ezPeer to download illegal data. Among them, Email and IM are the channel for information leakage or virus intrusion, while P2Ps are the bandwidth killers and may contain many spyware. What is worse, IM wastes employee's productivity by friends' interrupt during the office hours. However, IM can save communication cost and even make communications more efficient so that many enterprises are willing to allow IM.

Tough IM/P2P : Tunneling Through Firewall

Enterprises that emphasize network security may have deployed Email/Web auditing / management systems. In comparison, IM and P2P lack the auditing/recording/behavior management/content management/bandwidth management because IM/P2P software are optimized to tunnel through Firewalls. MSN / Yahoo / ICQ / AOL / Skype / Google Talk can tunnel themselves to behave like Web/ Email to cheat Firewalls, tunnel through proxy servers, or even encrypt themselves. Network administrators cannot manage them completely.

Layer-7 Solution : InstantScan Content Manager

InstantScan series Content Manager from L7 Networks is layer-7 traffic management system unafraid of any tunneling connections. It can control / record the detailed IM behaviors / contents / peers / files / bandwidth / virus of each employee by time schedule. It also incorporates a powerful IM/P2P reporting system that can (1) track the information leakage / productivily loss /communication auditing & recording, and (2) analyze the bandwidth in layer-7 view instead of layer-4 view which cannot represent actual conditions.

World-Leading Architecture : 3-Tier Inline-Mode

InstantScan applies 3-tier architecture and uses independent management port to accept configurations or to send logs to the management server for further reporting. Administrators can open browsers anywhere to connect to the server to setup the device or to view top reports. When an employee violates the policy, InstantScan will immediately notify the custom message both in the IM window and in the Email.

Comparitive Analysis : Sniffer v.s Proxy v.s Inline

(1) Specialized IM/Email/Web recorders use port-mirroring to sniff the traffic. They cannot record the port-hopping or encrypted IM behaviors completely. What is worse, pure auditing instead of management would definitely a pity.
(2) Specialized IM management systems redirect IM traffic to proxy servers. However, IM/P2P are notorious in breaking Firewalls. Users can easily bypass the management since port 80 cannot be managed by the IM proxy.

Mode
Sniffer Mode

Proxy Mode
Inline Mode

Function Control Record Control Record Control Record

IM tunnelled in HTTP N N N N Y (can block) Y

IM in WebIM sites N N N N Y (can block) N

IM with 3rd-party encryption N N Block N Block N

IM tunnelled in SOCKS N N N Y Y Y

IM in standard port N Y Y (false alarms*) Y Y Y

Skype/QQ block N N N N Y N

Skype File Transfer N N N N Y N

*NBL public test report shows false positive / negative in proxy solutions such as Facetime/Akonix.

Interactive Inline Mode: Fast Deployment, Powerful Functions, Detailed Reports

L7's InstantScan can:

(1) control individual IM behaviors and contents
(2) manage bandwidth of more than 50 kinds of P2P/Tunnel/Streaming/VoIP/IM/... applications
(3) instantly respond messages in IM chat windows to describe policy to employees
(4) do anti-virus for MSN file transfers and instantly respond the virus name in the IM chat windows

Mode	Sniffer Mode	Proxy Mode	Inline Mode
Step 1. Plug & Play
Hardware installation	< 2 minutes	> 1 hour	< 2 minutes
Power failure	No interrupt	Interrupt	No interrupt (bypass)
Real-time discovery	N	only proxy sessions	standard/http/proxy/socks
Tunnelled IM connections	N	N	Y
Step 2. Basic Management
Application Firewall	N	N	Y
Standard IM Management	N	Y	Y
Web IM blocking	N	N	Y
HTTP-tunnelled IM blocking	N	N	Y
P2P connections	N	N	blocking or bandwidth mgt.
Skype login/file transfer	N	N	Y
Step 3. Advanced Management
IM Manager
IM Behavior Mgmt.
Self-Registeration	N	only proxy sessions	standard/http/proxy/socks
File/Chat/Game ...	N	Y (false alarms*)	standard/http/proxy/socks
IM Content Mgmt.
Keyword/Filename/Peer	N	Y (only English)	Y (multi-language)
Policy violation message	N	respond in chat window	alert in chat window
Login warning message	N	respond in chat window	alert in chat window
Recorder	only standard/http	only proxy sessions	standard/http/proxy/socks
Web Manager (Optional)
Web Behavior Mgmt.
URL Database	N	N+ (only proxy sessions)	Y (http/proxy/socks)
Anti-Post	N	N+ (only proxy sessions)	Y (http/proxy/socks)
Web Content Mgmt.
Java/ActiveX/Cookie	N	N+ (only proxy sessions)	Y (http/proxy/socks)
Content Type	N	N+ (only proxy sessions)	>50 types
Recorder	only http	only proxy sessions	http/proxy/socks
Step 4. Reporting
IM/P2P bandwidth	N	N	Y
IM Top Reports	N	Y	Y
IM recorder viewed by groups	N	Y	Y
Scheduled report by email	N	Y	Y
Extra license	N	Y (require Windows license)	N

*NBL public test report shows false positive / negative in proxy solutions such as Facetime/Akonix.

+IM proxies like Facetime/Akonix cannot control web but Web proxies like BlueCoat can control web.

Fast Update, Global Service :

L7 Networks has teams of security experts that cooperate with strategic partners and use global update mechanisms to update pattern/engine/virus database for fast update service.

AWARDS

Editor's Choice awarded by Network Benchmark Lab (NBL) at Industrial Technology Research Institute (ITRI), highlighting the most accurate management against Facetime and Akonix.