Successful Case
HOME > PRODUCTS > InstantScan Features
InstantScan Features

Manage/Audit employee's IM / P2P

What are employees doing at work ?

Employees often use Outlook to receive emails, Internet Explorer to browse websites, Instant Messengers (IM) such as MSN/Skype to chat with friends, and P2P software such as BT / eDonkey / Xunlei / KaZaA / Kuro / ezPeer to download illegal data. Among them, Email and IM are the channel for information leakage or virus intrusion, while P2Ps are the bandwidth killers and may contain many spyware. What is worse, IM wastes employee's productivity by friends' interrupt during the office hours. However, IM can save communication cost and even make communications more efficient so that many enterprises are willing to allow IM.

Tough IM/P2P : Tunneling Through Firewall

Enterprises that emphasize network security may have deployed Email/Web auditing / management systems. In comparison, IM and P2P lack the auditing/recording/behavior management/content management/bandwidth management because IM/P2P software are optimized to tunnel through Firewalls. MSN / Yahoo / ICQ / AOL / Skype / Google Talk can tunnel themselves to behave like Web/ Email to cheat Firewalls, tunnel through proxy servers, or even encrypt themselves. Network administrators cannot manage them completely.

Layer-7 Solution : InstantScan Content Manager

InstantScan series Content Manager from L7 Networks is layer-7 traffic management system unafraid of any tunneling connections. It can control / record the detailed IM behaviors / contents / peers / files / bandwidth / virus of each employee by time schedule. It also incorporates a powerful IM/P2P reporting system that can (1) track the information leakage / productivily loss /communication auditing & recording, and (2) analyze the bandwidth in layer-7 view instead of layer-4 view which cannot represent actual conditions.

World-Leading Architecture : 3-Tier Inline-Mode

InstantScan applies 3-tier architecture and uses independent management port to accept configurations or to send logs to the management server for further reporting. Administrators can open browsers anywhere to connect to the server to setup the device or to view top reports. When an employee violates the policy, InstantScan will immediately notify the custom message both in the IM window and in the Email.

Comparitive Analysis : Sniffer v.s Proxy v.s Inline

(1) Specialized IM/Email/Web recorders use port-mirroring to sniff the traffic. They cannot record the port-hopping or encrypted IM behaviors completely. What is worse, pure auditing instead of management would definitely a pity.
(2) Specialized IM management systems redirect IM traffic to proxy servers. However, IM/P2P are notorious in breaking Firewalls. Users can easily bypass the management since port 80 cannot be managed by the IM proxy.

 Sniffer Mode

 Proxy Mode

 Inline Mode
  Function   Control   Record   Control   Record   Control   Record
  IM tunnelled in HTTP   N   N   N   N   Y (can block)   Y
  IM in WebIM sites   N   N   N   N   Y (can block)   N
  IM with 3rd-party encryption   N   N   Block   N   Block   N
  IM tunnelled in SOCKS   N   N   N   Y   Y   Y
  IM in standard port   N   Y   Y (false alarms*)   Y   Y   Y
  Skype/QQ block   N   N   N   N   Y   N
  Skype File Transfer   N   N   N   N   Y   N

*NBL public test report shows false positive / negative in proxy solutions such as Facetime/Akonix.

Interactive Inline Mode: Fast Deployment, Powerful Functions, Detailed Reports

L7's InstantScan can:

(1) control individual IM behaviors and contents
(2) manage bandwidth of more than 50 kinds of P2P/Tunnel/Streaming/VoIP/IM/... applications
(3) instantly respond messages in IM chat windows to describe policy to employees
(4) do anti-virus for MSN file transfers and instantly respond the virus name in the IM chat windows


 Sniffer Mode

 Proxy Mode

 Inline Mode
  Step 1. Plug & Play
  Hardware installation   < 2 minutes   > 1 hour   < 2 minutes
  Power failure   No interrupt   Interrupt   No interrupt (bypass)
  Real-time discovery   N   only proxy sessions   standard/http/proxy/socks
  Tunnelled IM connections   N   N   Y
  Step 2. Basic Management
  Application Firewall   N   N   Y
  Standard IM Management   N   Y   Y
  Web IM blocking   N   N   Y
  HTTP-tunnelled IM blocking   N   N   Y
  P2P connections   N   N   blocking or bandwidth mgt.
  Skype login/file transfer   N   N   Y
  Step 3. Advanced Management
  IM Manager
  IM Behavior Mgmt.      
       Self-Registeration   N   only proxy sessions   standard/http/proxy/socks
       File/Chat/Game ...   N   Y (false alarms*)   standard/http/proxy/socks
  IM Content Mgmt.      
       Keyword/Filename/Peer   N   Y (only English)   Y (multi-language)
       Policy violation message   N   respond in chat window   alert in chat window
       Login warning message   N   respond in chat window   alert in chat window
       Recorder   only standard/http   only proxy sessions   standard/http/proxy/socks
  Web Manager (Optional)
  Web Behavior Mgmt.      
       URL Database   N   N+ (only proxy sessions)   Y (http/proxy/socks)
       Anti-Post   N   N+ (only proxy sessions)   Y (http/proxy/socks)
  Web Content Mgmt.      
       Java/ActiveX/Cookie   N   N+ (only proxy sessions)   Y (http/proxy/socks)
       Content Type   N   N+ (only proxy sessions)   >50 types
       Recorder   only http   only proxy sessions   http/proxy/socks
  Step 4. Reporting
  IM/P2P bandwidth   N   N   Y
  IM Top Reports   N   Y   Y
  IM recorder viewed by groups   N   Y   Y
  Scheduled report by email   N   Y   Y
  Extra license   N   Y (require Windows license)   N

*NBL public test report shows false positive / negative in proxy solutions such as Facetime/Akonix.

+IM proxies like Facetime/Akonix cannot control web but Web proxies like BlueCoat can control web.

Fast Update, Global Service :

L7 Networks has teams of security experts that cooperate with strategic partners and use global update mechanisms to update pattern/engine/virus database for fast update service.


Editor's Choice awarded by Network Benchmark Lab (NBL) at Industrial Technology Research Institute (ITRI), highlighting the most accurate management against Facetime and Akonix.