Transcript BlueCoat-Web-Security

Secure the Web with Blue Coat
Stop the Bad. Allow the Good.
<Name>
<Title>
<Date>
The Web Security Problem
• Stopping the Bad
– Spyware, malware, etc.
– Inappropriate web browsing
– Unsanctioned Web applications
– Loss of confidential data
• Allowing the Good
– Business-critical traffic
– Legitimate drive-by installers
NEEDED: Flexible Policy Enforcement
SSL Makes Web Security Even Harder
Corporate
Network
ASP
Spyware
Intellectual Property
Worms
Phishing Viruses Rogue Apps Business Apps
Internet
External
Apps
Internal
Users
SSL Provides a Private Link for Legitimate Apps,
Plus Malware, Confidential Info, Unsanctioned Traffic, Non-SSL Traffic
The Solution: Proxy Appliance
Web Security
• Prevent spyware,
malware & viruses
• Stop DoS attacks
• IE vulnerabilities,
IM threats
Policy Control
+
• Fine-grained policy for applications,
protocols, content & users (allow,
deny, transform, etc)
• Granular, flexible logging
• Authentication integration
Accelerated Applications
+
• Multiprotocol
Accelerated Caching
Hierarchy
• BW mgmt, compression,
protocol optimization
• Byte & object caching
Full Protocol Termination = Total Visibility & Context
(HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS)
Ultimate Control Point for Communications
The Blue Coat SG Appliance
ENTERPRISE POLICY MANAGEMENT
Technology
Partners
Blue Coat AV
Services
On-Proxy
URL Filtering
Web
Anti-Virus
AntiSpyware
IM, Streaming
Skype & P2P
Control
Policy
Policy Processing Engine
Proxy
Authentication, Authorization, Logging
Custom OS
Reverse
Proxy
SGOS™  Object-based OS with Caching
Architectural Foundation for Web Security
Flexible Enterprise Policy Management
Set & Enforce
Policy
Monitor
& Report
Corporate
Policy
Distribute
Policy
Synovus
• Diversified financial services co. with
more than $29 billion in assets
• Needed to be able to apply different
Web access privileges based on role
• Blue Coat Web security
infrastructure
– Enables role-based access control
by mapping to the company’s identity
management framework
– Reduced latency, 60% bandwidth
savings
“The flexibility
of the Blue Coat
solution has
been key for us.
No one else can
support our
granular, rolebased rule-set.”
Steven Jones, CIO,
Synovus Financial Corp.
Blue Coat Filters Web Content
• Blue Coat WebFilter — relevant, accurate,
and dynamic URL filtering engine
• Blue Coat SG content inspection and controls
–
–
–
–
–
Restrict uploads of information
Inspect/rewrite/suppress headers
Control MIME types & file extensions
Strip and replace active content
Apply method-level controls per protocol
Blue Coat WebFilter on Blue Coat SG combines high-quality
URL filtering and comprehensive web content controls for
unmatched performance and security.
Palm Beach County Schools
• 4th largest school district in Florida
and 10th largest in the U.S.
• Previous web security / filtering
solution was ineffective at controlling
spyware, objectionable sites,
unsanctioned apps
• Wanted a comprehensive, single
vendor solution
• Blue Coat SG, WebFilter with DRTR
provided significant cost and time
savings
“Blue Coat SG
allows us to
effectively control
web usage and to
throttle down
streaming media
applications. We’ve
been able to regain
50% of our
bandwidth.”
- Michael Dean, IT
Security Manager, Palm
Beach County Schools
Blue Coat Prevents Spyware
• Prevents new and unknown spyware
– Stops all spyware downloads from millions of
known or suspected spyware sites
– Unmasks spyware .exe files with fake
extensions
• Allows legitimate business content
– Permits approved drive-by installers
– Safely allows page views of spyware sites to
support business
• Identifies infected PCs
– Prevents spyware from “calling home”
– Protects private information, alerts IT
Mustang Engineering
• Global petroleum engineering co.
with over 2000 employees
• Spyware was a major business
issue
– Spyware-related help desk tickets
growing 10-20% each month
– Cost over US$350K in 2005;
expected to double the following
year
• Installed a pair of SG appliances,
with Blue Coat WebFilter and
spyware policy.
“There was no
spyware on the
PCs after installing
Blue Coat at the
gateway. Help desk
tickets from
spyware simply
stopped.”
- Brady Brown,
Network Administrator,
Mustang Engineering
Blue Coat Offers Fast Web AV
• Purpose-built Web threat scanning appliance
– Choice of proven AV engine w/auto-update
– Integrated with Blue Coat SG for scalability and
performance
• Scans HTTP, HTTPS & FTP protocols
– “Scan Once and Serve Many” benefit from caching
– Heuristic fingerprint on non-cacheable web objects
for performance gain
– Closes backdoors from web email viruses and
trojans unknowingly downloaded
Blue Coat AV400 Series
10/100 Base-T
Blue Coat AV2000 Series
10/100/1000 Base-T Dual CPU (E3 Model)
Van Lanschot Bankiers
• Private independent bank for high
net-worth individuals, businesses, and
institutions
• Wanted a complete Web security
solution from a single vendor
– Web security platform, IM control, URL
filtering, streaming control, Web anti-virus,
SSL proxy
• Successfully tested Blue Coat AV
against a competing Web gateway
solution
Blue Coat was the
only vendor able to
offer Van Lanschot
a comprehensive,
easy-to-manage
Web security
solution including
superior, ondemand reporting
capabilities.
Blue Coat Solves the SSL Problem
ASP
External
Apps
Blue Coat SG
•
•
•
•
•
•
Manages SSL sessions on behalf of users
Handles certificate administration and authentication
Terminates all inbound SSL sessions within the proxy
Identifies and inspects all SSL traffic content
Applies appropriate security controls and policies
Accelerates overall SSL performance up to 10X
Corporate
Network
Internal
Users
Blue Coat SG Restores IT Visibility and Control
and Makes SSL Safe Again
L-3 Communications
• Fortune 500 aerospace contractor
• SSL-encrypted traffic a major concern
– 15-20% of traffic in 2005; ~30% by 2007
– Class 3 Dept. of Defense certificates for
certain communications
• Blue Coat Web security infrastructure
– Provides granular control of SSL sessions
– Prevents encrypted malware from
infiltrating the network
– Enhances performance (40-60% Web
objects cached)
“Blue Coat delivers
more than promised
— at a competitive
cost. Your ability to
deliver on SSL
control has been
huge!”
- Jason Robohm,
IT Security Manager,
L-3 Communications
Blue Coat Protects Confidential Data
Internet
Blue Coat SG
Blue Coat AV
PREVENT
Internal
Network
• Blocks outbound spyware
• Enforces method-level
controls for IM, P2P,
Streaming
• Integrates with data loss
prevention partners
– To monitor / block traffic
carrying sensitive data
– To provide visibility & control
of HTTP, HTTPS, FTP
Data Center Solution: Reverse Proxy
• Protects Web Servers
– Controls access to web servers
– Ensures uploaded files virus free
– Protects data privacy w/ encryption
Users
Internet
• Accelerates Web Content
– Handles peak or flash traffic
– Handles dynamic and static content
– Offloads SSL operations from Web
servers
Blue Coat SG Blue Coat AV
• Simplifies Operations
– Scalable, optimized appliance
– Cost-effectively scales Web servers
Data Center
Web Servers
Shinhan Bank
• 2nd largest bank in Korea with 940
branch offices and over 12K
employees
• Required a reverse proxy solution for
their Internet banking application
– Needed to effectively handle peak periods
of traffic (big holidays and pay days)
• Deployed several high-performance
Blue Coat SG appliances in reverse
proxy mode
Blue Coat SG
appliances enable
Shinhan Bank to
maintain constant
uptime of their
business-critical
Internet banking
applications, and
securely isolate all of
their web servers.
World’s Major Institutions Trust Blue Coat
Financial
Energy, Oil & Gas
Government
Health & Pharmaceuticals
Mfg/Industrial
Consumer & Retail
Thank you.