Command of the Cloud Sam McLane Winter 2011 Blue Coat Systems Confidential – Internal Use Only Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service names are the property of their respective owners. © Blue Coat Systems, Inc. 2009. All Rights Reserved. The Enterprise Network is Changing PC infections growing, despite firewalls, AV, & web filtering 2 The Web and related apps are missioncritical to business © Blue Coat Systems, Inc. 2009. All Rights Reserved. More employees working outside the enterprise WAN perimeter Blue Coat Systems Confidential – Internal Use Only IT managers asked to better align IT budget with the “Business” Firewalls Cannot Protect from Malware Allow: TCP80 Bad Good Internet TCP80 3 TCP80 TCP80 TCP80 • Firewalls can’t detect application layer attacks • Malware looks like good HTTP/SSL Traffic • 80% of Enterprise apps over port 80/443 • Over 22,000 new web threats per day © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Malware: Loves Social Networking Malware Peak number of active bots Zeus 1,070,000 Koobface B Koobface D Monkif A Clickbot 812,000 599,000 506,000 375,000 How it spreads Social Network Search Results Facebook Twitter Social Network Search Results Social Network Search Results USA TODAY Research - March 2010 24% of enterprises report that they have been compromised through social networking sites. 4 © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Web threats are increasingly sophisticated. Cybercrime is targeting social media. You need to protect all users, all locations. © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only One Answer: Web Security-as-a-Service Easy to manage • Quick to adapt • More reliable • Web traffic is cleaned before even entering the network Cost-effective • Pay-as-you-go • Opex vs. Capex • Shared infrastructure reduces cost • Allows IT resources to focus on strategic initiatives 6 Organizations of all sizes are embracing web security as a service. © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only ThreatPulse™ Web Security Service Enterprise-class protection • Real-time content inspection, malware protection • Consistent protection and control of all users, all the time • Best-in-class Web 2.0 app controls Flexible deployment options • Integrates with existing infrastructure • Single policy and reporting framework • Provides virtually unlimited scalability High-performance, secure architecture • Built on proven technology, optimized for the cloud 7 © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Best Web Threat Protection Prevent known, suspect, and potential malware requests Block malicious EXE’s and “drive-by” installers Block malware from "phoning home” and identify infected PCs Enforce acceptable Web use policies Customize Allow and Block lists for overrides Protect users with real-time threat updates Scan for malware and viruses in real-time Extend seamless protection and policy to remote users 8 © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Target Customer 9 © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Our Target Customer Real Security Concerns, Minimal IT Resources • Simple policy requirements, nothing fancy • “Jack of all trade” network admins Large Enterprise, Basic Policy • Simple policy requirements • Low IT investment • Distributed workforce: Branch or Mobile Small-to-medium Businesses / Enterprises • Websense software on ISA/Span port/Firewall • IT outsourced or VAR supplemented © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Not Our Target Customer (today) Real Security Concerns, Strong IT Resources • These are the Proxy SG bread and butter • If they have compliance and or HR officers reviewing security solutions Large Enterprise, Complex Policy • Strong Policy requirements (they know CPL better than you) • Strong Auth requirements (SSO will not cut it) • Large number of med to large sites SOHO • <500 user total © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Cloud vs On Premise Gear On Premise • High Density locations • Light Feature usage (margins don't make sense) • Deep Technical requirements • Caching and Video Splitting (hybrid is an option) Cloud • Highly dispersed users • Mobile Users • Moderate security requirements • Central Mgmt and Reporting 12 © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Solution Deep Dive 13 © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Built on Proven WebPulse Architecture Enhanced for the Cloud Dynamic classification and malware detection • 18 languages supported for dynamic rating Testing suspicious code Scanners and Heuristics Human Raters Two in-path AV engines, 8+ engines in the background Dedicated malware and categorization teams Sandboxes Hunters & Seekers DRTR AV Engines Dynamic Real Time Rating analyzes requested content Diverse community of 70+ million users for continuous feedback Multiple AV engines identify malware locations Classification of authenticated personalized content © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Granular Web 2.0 Application Controls Safe Search • Major Engines supported • Media Search engines as well • Keyword Searches Web Mail • Major services (Yahoo, MSN, AOL…) • Send/receive mail • Send/receive attachments Social Media Controls • Facebook, MySpace, Twitter, Flickr, YouTube, LinkedIn • IM/Apps/Postings/Media transfer controls • Keyword blocking 15 © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Intuitive Policy Management & Reporting Single web interface for policy and reporting Create and enforce web policies instantly Effectively control social media apps Identify infected systems Report on blocked threats Report on all web traffic usage 16 © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only High-Performance, Secure Architecture Proven technology at its core • 97 of the Fortune 100 rely on Blue Coat for critical network infrastructure security Optimized for the cloud • Purpose-built hardware and software • Multi-tenancy in all components Globally deployed • Over 70 MM users access the service infrastructure • 6+ years in operation without a single major outage © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Deployments 18 © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Easy and Flexible to Deploy IPSec VPN • Firewall traffic is forwarded to service transparently • Authentication agent on AD domain manager Firewall Internet Proxy Chaining • Forward from existing ProxySG, Squid or ISA • Authentication based on proxy ProxySG (or Squid /ISA) Client Connector • Lightweight desktop agent forwards to service transparently • Authentication based on system credentials © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Remote / Roaming User Protection Lightweight desktop agent Seamless web threat protection and control for remote users No end user intervention required Virtually impossible to circumvent Automatically goes “dormant” when protected behind a gateway Lowers cost – eliminates need for additional appliance at small offices (<5 users) Remote User © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only An SME Deployment SME Office Internet Remote User Remote User Remote User 21 © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only An Enterprise Hybrid Deployment WebFilter ProxySG ProxyAV Headquarters Data Center Small Branch Office Small Branch Office Internet ProxySG Branch Office Remote User Remote User 22 © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Authentication: IPSec 10.1.2.3 -> 72.32.1.23 20.13.15.1530.13.14.15 [[10.1.2.3 -> 72.32.1.23]] IPSec GW=20.13.14.15 IP=30.13.14.15 AuthConnector Active Directory 10.1.2.3 = CFCAL/michael.feierta g © Blue Coat Systems, Inc. 2009. All Rights Reserved. Who’s logged in from 10.1.2.3? Blue Coat Systems Confidential – Internal Use Only Authentication: ClientConnector ClientConnector installed with cryptographic customerID SSL connection to port client.bluecoatcloud.net: 443 ClientConnector validates client.bluecoatcloud.net certificate SSL Tunnel Cloud then queries for “Groups of Interest” based on customer policy AuthMessage sent with customerID and userID ClientConnector reads user name from Windows Cached Credentials APIs © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Authentication: ProxySG Chaining ProxySG is indentified by Cloud via External IP ProxySG Fwds via HTTP or Socks to proxy.bluecoatcloud.net:8080 Policy added to send: BC_Auth_User: sam.mcl BC_Auth_Groups: Eng, Ops, Sales ProxySG © Blue Coat Systems, Inc. 2009. All Rights Reserved. MetaDataManager gets updated with auth info HTTP/Socks Tunnel Polices Changes for GOI requires manual policy update today Headers either encrypted or obfuscated Blue Coat Systems Confidential – Internal Use Only Architecture and Roadmap 26 © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Solution Architecture Control Path Customer Portal Partner Portal Sales Portal Admin Entitlement Svcs Service Delivery Controller Remote User Billing and entitlement Management Infrastructure Big System Config Central Config Systems MGT Internet Reporting Data Path (POD) Firewall Concentrator Firewall SNAT Routing Server Web Proxy Data POD Manager Small: Approx 5 Devices 12RU Load Balancer PBR DMZ ProxySG Scanning Engine Scanning Engine Service Delivery Controller ISA Proxy © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Service Delivery Controller Scanning Engine Roadmap Highlights: Mid Sized Enterprize Short Term • Integrated Email Solution • ISA plug-in • Granular social networking and IM controls Long Term • Low cost/free connector box • Move border firewall functions to cloud © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Roadmap Highlights: Large Enterprise Short Term • SSL interception • LDAP Authentication • Explicit proxy with auth • Shared whitelist/blacklist/custom categories • Log file export • Extended archiving options • Bandwidth management Long Term • Cloud reporting for hybrid deployment • Fully integrated policy (single pane of glass) • Acceleration from on prem devices © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only Questions 30 © Blue Coat Systems, Inc. 2009. All Rights Reserved. Blue Coat Systems Confidential – Internal Use Only
© Copyright 2026 Paperzz