SurfControl's Enterprise Threat Shield application monitors networked workstations for various types of activity. It can detect, block and remove designated files and programs, and can monitor web browsing activities to provide reports on surfing activity.
Its application to IM security consists of detecting and controlling the use of IM clients, rather than examining the message text or scanning file attachments.
While this does not directly help the system admin to maintain a secure IM system, it provides a very useful ability to detect and remove unauthorized IM clients that might be installed by users without permission.
This capability has wider security implications, because it can detect and remove numerous insecure applications as soon as they start to run. Although it is primarily designed for Windows networks, you can monitor other systems, provided their file systems can be mapped as Windows shares.
The main system requires Microsoft SQL Server and Internet Information Services with the .Net framework to run, although the system's agents will run on any Windows system from Windows 98 upwards.
These agents are small programs that are downloaded automatically from the central server to monitor each workstation's activities and report back to the central server whenever they detect any unauthorized files or activity.
The system uses rules and signature databases to determine which applications are running and what actions should be applied to them, and provides facilities to create databases to meet particular requirements.
Apart from removing unauthorized applications, the system can also control authorized programs by rules restricting their use to particular time slots and users.
User information is obtained from the Windows Domain data, although it is possible to add other users manually if required. The system can generate email alerts when a rule is broken, and it can also send warning messages to the offending workstation.
Both the content and frequency of these messages can be amended as required.