Security
Empowers
Business
Challenge
Endpoint Security technology has evolved over the last several years moving beyond simple AV protection,
encompassing new technologies from application protection and privilege management, whitelisting, execution isolation
and comprehensive visibility and controls. While the network, and in particular, the secure proxy, remain the main control
point in effective data security, the intelligence and actionable data that can now be gathered from endpoint devices such
as Windows PC’s and Linux machines is extremely useful for both the security operations and incident response teams.
As enterprise network administrators deal with BYOD, shadow IT and the Internet of Things, the need for endpoint
detection and response is crucial. Blue Coat’s portfolio of products integrate with Endpoint Detection and Response
(EDR) technologies, allowing security professionals to see what is happening at the endpoint and on the network in
real-time or through historical analytics repositories. This “anywhere, anytime” visibility is vital to identifying critical attack
indicators and performing impact analysis as attackers move within an organizations’ network.
Blue Coat and CounterTack | MCSI Solution Overview
How it Works
The combination of Blue Coat’s security portfolio together with
Sentinel’s endpoint detection and response capabilities delivers
a robust, fully-integrated detection and response solution. The
CounterTack| MCSI and Blue Coat end-to-end integration enables
operators to detect and analyze threats from both the network and
endpoint perspectives, correlate information, quickly quarantine
endpoints, surgically remove files as needed, update or re-image only
the infected endpoints. This solution allows operators to reduce the time
to detection and provide quicker investigation and response times to
security incidents.
When unknown files or potential malware enter the network, the Blue
Coat Malware Analysis Appliance together with the Blue Coat Content
Analysis System will determine if the file is malicious and assign a risk
score. If identified as malicious, Blue Coat will automatically query
Sentinel to understand if this has been detected on any endpoints.
Partner: CounterTack | MCSI
Partner Product: Sentinel
Blue Coat Product: Content Analysis System, Malware Analysis
Appliance, Security Analytics Platform
An example is illustrated in the following scenario: A suspicious file/
malware enters the network. The file is inspected by the Content
Analysis System. If no reputation is known or determined about the
file, it is handed over to the Malware Analysis Appliance for detonation
and further analysis. At this point the Content Analysis System will
automatically query CounterTack Sentinel Manager using the indicators
of compromise (IOC’s) discovered from the sandboxing technology.
Sentinel will provide an analysis back to Blue Coat whether the specific
threat has been seen and executed on any of the endpoints.
An automated email alert is sent from the Content Analysis System
containing a rich set of information discovered about the malware
together with information collected from the Sentinel manager,
specifically a list of all endpoints (IP Address/Host names) that have
SOLUTION BRIEF
BLUE COAT TECHNOLOGY PARTNER:
COUNTERTACK | MCSI
SOLUTION BRIEF
Blue Coat detects new malware and
send information to Content Analysis
Security
Empowers
Business
ProxySG
Content Analysis
System
Report providing information on malware
detected, which endpoints are impacted and
embedded link to remediate/quarantine
Security Analyst investigating endpoint breach can
automatically pivot into Security Analytics for
holistic network view
New malware is uploaded to Global Intelligence Network;
Subsequent attacks will be stopped by ProxySG
Global
Intelligence
Network
Security
Analytics
Platform
been infected. Security analysts and incident response teams can then
start the remediation process directly from a link in the email to the
Sentinel Manager.
An additional integration point between CounterTack Sentinel and
Blue Coat Security Analytics provides and added layer of intelligence
sharing for the incident response / forensic teams. By passing specific
information between the two systems, the analyst can quickly pivot
between the Sentinel Manager and Security Analytics to see what was
happening in the network before, during and after a specific event, and
even recreate and deliver actual files and evidence needed to determine
the root cause and full scope of the malware attack.
Corporate Headquarters
Sunnyvale, CA
+1.408.220.2200
EMEA Headquarters
Hampshire, UK
+44.1252.554600
APAC Headquarters
Singapore
+65.6826.7000
CounterTack
Sentinel
Malware Analysis
Appliance
About CounterTack | MCSI
CounterTack | MCSI is the leading provider of real-time, Big Data
endpoint detection and response technology for the enterprise.
CounterTack | MCSI provides unprecedented visibility and context
around operating system and in-memory behaviors to detect zero-days
attacks, rootkits, targeted malware and advanced persistent threats,
enabling our customers to improve incident response and advanced
threat detection, enterprise-wide.
Benefits
Built on Big Data architecture to counter endpoint threats at-scale and
leveraging tamper-resistant collection for pure behavioral capture on
enterprise endpoints, (laptops, servers, workstations, mobile devices)
CounterTack| MCSI dramatically reduces the impact of the most
advanced attacks in real-time, giving teams an opportunity to defend
the enterprise before incidents escalate. Our 200+ customers leverage
next-generation solutions on a global scale, across verticals and within
a strategic partner ecosystem that includes MSSP and professional
services around incident response and threat remediation.
Comprehensive Threat Detection and Remediation
To learn more, please visit: www.countertack.com.
• Discover which endpoints have been targeted and infected by
malware detected in the network
For More Information
• Automate and consolidate network and endpoint threat information
Learn more about Blue Coat technology partners on our website.
Finally, to prevent this malware from entering the network again, Blue
Coat automatically updates the Global Intelligence Network, and if the
file hash is ever seen again, Blue Coat ProxySG with Content Analysis
will simply block it at the network.
Blue Coat Systems Inc.
www.bluecoat.com
Report
Content Analysis automatically queries Countertack
to determine if malware reached the endpoint
• Prioritize security operations resources
• Integrate network and endpoint security analytics reduce time
to resolution
© 2015 Blue Coat Systems, Inc. All rights reserved. Blue Coat, the Blue Coat logos, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter, CacheOS, CachePulse, Crossbeam, K9, the K9 logo, DRTR, MACH5, PacketWise, Policycenter, ProxyAV, ProxyClient,
SGOS, WebPulse, Solera Networks, the Solera Networks logos, DeepSee, “See Everything. Know Everything.”, “Security Empowers Business”, and BlueTouch are registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain
other countries. This list may not be complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the trademark. All other trademarks mentioned in this document owned by third parties
are the property of their respective owners. This document is for informational purposes only. Blue Coat makes no warranties, express, implied, or statutory, as to the information in this document. Blue Coat products, technical services, and any other technical data
referenced in this document are subject to U.S. export control and sanctions laws, regulations and requirements, and may be subject to export or import regulations in other countries. You agree to comply strictly with these laws, regulations and requirements, and
acknowledge that you have the responsibility to obtain any licenses, permits or other approvals that may be required in order to export, re-export, transfer in country or import after delivery to you. v.SB-TECHPARTNER-COUNTERTACK-EN-v1c-0815