Challenge
SSL encrypted traffic is pervasive in organizations around the world, representing 35% of all enterprise
network traffic today. With a 20% annual growth rate, SSL encrypted traffic increasingly presents a blind spot
in organizations; most current security solutions cannot see or manage this traffic. As witnessed in several of
recent security breaches, malware traffic is being SSL encrypted to remain under the radar of network security
solutions. According to Gartner, this trend is likely to expand rapidly and in 2017, more than half of the network
attacks targeting enterprises will use encrypted traffic to bypass controls. Since most of the security tools such as
next-generation firewalls, IDS/IPS devices are typically blind to SSL traffic or experience significant performance
degradation if SSL inspection is enabled, specialized devices are needed to handle SSL encrypted traffic. As a
result, it becomes critical for the DMZ traffic to be sent selectively through a chain of services that can decrypt the
traffic, inspect for malware, and then re-encrypt the traffic. A new security architecture is clearly needed which can
simplify the deployment of these services while ensuring high availability, continued maintenance, and scalability.
Solution: Blue Coat’s SSL Visibility Appliance and Big
Switch’s Big Monitoring Fabric
Blue Coat’s encrypted traffic management (ETM) solution eliminates the
encrypted traffic blind spot and combats the security threats hidden
in encrypted traffic while preserving privacy, policy and regulatory
compliance. Comprised of the market-leading Blue Coat SSL Visibility
Appliance, it enhances existing security solutions by providing
visibility into previously hidden traffic and advanced threats without
requiring significant upgrades or re-architecture of the network security
infrastructure.
The SSL Visibility Appliance is a high-performance purpose-built
solution that utilizes comprehensive policy enforcement to inspect,
decrypt and manage SSL traffic in real time while ensuring data privacy
and regulatory compliance. The SSL Visibility Appliance’s unique
“decrypt once, feed many” design when deployed in conjunction
Partner: Big Switch Networks
Partner Product: Big Monitoring Fabric (BMF)
Blue Coat Product: SSL Visibility Appliance (SSLVA)
with Big Monitoring Fabric (inline) empowers multiple security tools
with newfound visibility into encrypted traffic to effectively detect
and eliminate advanced threats without hindering device or network
performance
Big Monitoring Fabric (Inline Mode) enables pervasive security in
the demilitarized zone (DMZ) and addresses the challenges faced
by traditional solutions while offering lower-cost and SDN-centric
operational simplicity. BMF Inline consists of a BMF Controller and open
Ethernet switches deployed in High availability configuration. The inline
security tools directly connect (optionally via link aggregation) to these
Ethernet switches. Leveraging the BMF controller as the central point of
management, BMF Inline configures policies that create paths through
the inline tools. The solution supports load balancing across multiple
instances of the same tool as well as chaining of a set of tools on a perpolicy basis.
The Blue Coat SSL Visibility Appliance is an integral component to an
organization’s encrypted management strategy. Big Monitoring Fabric
(Inline mode) can be deployed in a highly available (HA) configuration
to enable visibility and threat mitigation in the demilitarized zone (DMZ)
by chaining multiple services based on policies. The joint deployment
SOLUTION BRIEF
BLUE COAT TECHNOLOGY PARTNER:
BIG SWITCH NETWORKS
SOLUTION BRIEF
directly connected to the Ethernet switches. With BMF inline switches,
traffic in the DMZ can be selectively redirected through the chain of
security devices based on policies set by the user.
of Big Monitoring Fabric (Inline) with Blue Coat SSL Visibility Appliance
enables policy-based insertion and chaining of the service with other
threat prevention devices at the DMZ to selectively decrypt SSL traffic
for malware detection and then re-encrypting the traffic. The solution
thus provides best-in-class ETM to detect and eliminate the SSL
encrypted traffic blind spots while offering an economic solution and
SDN-centric operational simplicity.
• SSL traffic can be sent to the Blue Coat SSL Visibility Appliance,
which decrypts the content and sends it to the BMF inline switch that
is connected to it.
• The BMF inline switch then sends the decrypted traffic to the IPS
service, which can then inspect it for malware.
How it Works
The diagram below demonstrates how the Blue Coat and Big Switch
work together to provide best-in-class ETM combined with SDN-centric
operational simplicity.
• If the decrypted traffic is not blocked/dropped by the IPS, it is
returned back to the BMF inline switch.
• It is then sent to the SSL Visibility Appliance, which completes its task
for the outbound direction by encrypting the traffic and sends it back
to the inline switch. The packet is then sent out to the Internet or into
the production network depending on the direction of the flow
The solution consists of the BMF controller and open networking
Ethernet switches deployed in a High Availability configuration with
the Blue Coat SSL Visibility Appliance and Intrusion Protection System
BMF Controllers
Firewall 1
Firewall 2
SSL Visibility Appliance
10 G
10 G
10 G
10 G
Inline
Inline
OOB
Span Traffic
Untrusted Traffic
Security Analytics
Core Switch 1
Core Switch 2
Figure 1: Blue Coat SSL Visibility Appliance with Big Monitoring Fabric (Inline)
Trusted Traffic
SOLUTION BRIEF
Benefits
About Big Switch Networks
The combined SSL Visibility Appliance and Big Monitoring Fabric
solution has the following benefits:
Big Switch Networks is the market leader in bringing hyperscale data
center networking technologies to a broader audience. The company is
taking three key hyperscale technologies – OEM/ODM bare metal and
open Ethernet switch hardware, sophisticated SDN control software,
and core-and-pod data center designs – and leveraging them in fit-forpurpose products designed for use in enterprises, cloud providers and
service providers. For additional information, email [email protected],
follow @bigswitch or visit www.bigswitch.com.
• Best-in-class ETM – Blue Coat’s encrypted traffic management
(ETM) solution eliminates the encrypted traffic blind spot and combats
the security threats hidden in encrypted traffic while preserving
privacy, policy and regulatory compliance.
• Enhanced Tool Efficiency – The solution supports chaining of upto 4
tools in a single chain. Policies can be setup to send only the relevant
traffic and same tool interfaces can be shared across multiple chains,
thus increasing tool efficiency. It also supports inline tool health check
for the tools connected in the service chain.
• Simplification of Multi-team operational workflows – The solution
eliminates the need for complex error-prone Network Packet Brokers
(NPBs) needed and clear role separation between network and
security admins.
• Policy-based security enforcement – The SSLVA allows policy to
be tailored to the destination of an SSL flow or a specific to a type of
traffic through the Blue Coat Host Categorization service.
• Simplified Management – Big Mon supports single pane of glass
management/configuration for inline monitoring and the ability to do
selective SPAN for out-of-band monitoring.
• High Availability – The solution is highly resilient against network, tool
or controller failures and supports customizable health check based
on Layer 2 through Layer 4 headers with aggressive health timers.
Blue Coat Systems Inc.
www.bluecoat.com
Corporate Headquarters
Sunnyvale, CA
+1.408.220.2200
EMEA Headquarters
Hampshire, UK
+44.1252.554600
APAC Headquarters
Singapore
+65.6826.7000
© 2016 Blue Coat Systems, Inc. All rights reserved. Blue Coat, the Blue Coat logos, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter, CacheOS, CachePulse, Crossbeam, K9, the K9 logo, DRTR, MACH5, PacketWise, Policycenter, ProxyAV, ProxyClient,
SGOS, WebPulse, Solera Networks, the Solera Networks logos, DeepSee, “See Everything. Know Everything.”, “Security Empowers Business”, and BlueTouch are registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain
other countries. This list may not be complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the trademark. All other trademarks mentioned in this document owned by third parties
are the property of their respective owners. This document is for informational purposes only. Blue Coat makes no warranties, express, implied, or statutory, as to the information in this document. Blue Coat products, technical services, and any other technical data
referenced in this document are subject to U.S. export control and sanctions laws, regulations and requirements, and may be subject to export or import regulations in other countries. You agree to comply strictly with these laws, regulations and requirements, and
acknowledge that you have the responsibility to obtain any licenses, permits or other approvals that may be required in order to export, re-export, transfer in country or import after delivery to you. v.SB-TECHPARTNER-SSL-BSN-EN-v1b-0516