Jon's Network » Blue Coat

packeteer.com

Jon — Fri, 22 Jan 2010 21:58:31 +0000

In a big acquisition, some things are bound to be neglected. Take the Packetshaper forum at techexchange.packeteer.com for example. It’s spammed regularly.

On a perhaps not unrelated note, packeteer.com is offline (500 error). I would have thought Blue Coat would just 301 redirect it to Bluecoat.com but what do I know?

Blue Coat ProxySG

Jon — Mon, 30 Nov 2009 16:50:15 +0000

The Blue Coat ProxySG began life long ago as a proxy cache by CacheFlow. Recognizing the market opportunity to secure that traffic they developed more security features and pioneered the secure web gateway. Blue Coat has their own web filter product with a perpetual license (as opposed to a subscription) which can save you lots of money if you own it for a long time. Along the way, they bought an early gateway AV product, Ositis, which became ProxyAV. ProxyAv talks to ProxySG via ICAP to scan traffic for malicious content in a number of ways.

Blue Coat ProxySG is now the reference secure proxy gateway.

[Link: Blue Coat ProxySG]

Blue Coat Web Filter

Jon — Sat, 17 Jan 2009 04:29:31 +0000

Blue Coat WebFilter runs on their ProxySG appliances. It is continuously updated by the WebPulse community watch cloud service to block malware hosts, rate Web content and protect both ProxySG Web gateways and remote users of ProxyClient. The cloud service also provides an optional, real-time Web content rating service to rate newly published or previously unrated Web content. To ensure accuracy, each site in the WebFilter database is classified into multiple categories, which are based on actual Web usage patterns. (Link: Blue Coat Web Filter)

More Free Home Web Filtering

Jon — Fri, 15 Aug 2008 21:37:37 +0000

Along the lines of the free filtering you get when you use OpenDNS (that I mentioned here and here), Blue Coat has a free client designed to run on home computers:

K9 Web Protection – Free Internet Filtering and Parental Controls Software

Blue Coat Likely Dumping iShared

Jon — Wed, 04 Jun 2008 06:09:34 +0000

iShared, the nifty little WAFS product that Packeteer got when they bought Tacit Networks a couple years back, will likely be dropped by Blue Coat from what I have heard. Blue Coat mentioned that they planned on rejuvenating Packetshaper as a standalone product as well as integrating some Packetshaper technologies into the ProxySG appliances. Nothing was mentioned of iShared, and I doubt anyone asked, unless you count all of the current customers that invested in iShared not because it does byte-level caching better than Riverbed, Blue Coat or Cisco, but because it integrates uniquely into a Microsoft shop, giving them a branch office services in a single box that syncs with headquarters. Riverbed and Cisco have recently announced integration with Microsoft services so this might be a good option for iShared users if Blue Coat forgets about them, but that wouldn’t be good for Blue Coat. Maybe that is why Wedbush Morgan thinks Riverbed may benefit from this Blue Coat acquisition of Packeteer.

Schools Battle Proxies

Jon — Thu, 29 May 2008 05:49:11 +0000

Stan Trevena, IT director for Modesto City Schools, penned The Internet Filtering Battlefield and describes the constant struggle to keep student and faculty behavior inline with the acceptable use policy. This is important to keep students safe and to keep the district out of legal trouble.

It is a great article that explains exactly how users have been bypassing filters over the years. I wanted to disagree on the part about encrypted proxies however:

Encryption brings us to the frontline of todayâ€™s war on circumvention. Encrypted proxies have been a hard target to hit. Because encryption involves keys and algorithms, thereâ€™s nowhere near enough processing power in an Internet filtering server to decrypt secure communications between client and server on the fly. Itâ€™s also unreasonable to block all HTTPS traffic on a districtâ€™s network because many transactions that are part of the daily business of running a school are conducted through such secure sites.

There is enough processing power to proxy SSL sessions. Blue Coat, Secure Computing and Palo Alto all do it. (Palo Alto does it fastest.) It can be a pain though. Some of the vendors make it easier to manage than others by maintaining your list of certificates for you and letting you control which types of sites you proxy for, e.g. you can ignore banking and shopping traffic but proxy other SSL traffic. If you deem the risk large enough to warrant the hassle of pushing your own cert to the browsers and pointing them to the proxy, then there is ample processing power to do this.

What I think is more effective than URL filtering is just straight monitoring of all internet use (not just the blocked sites) and reporting on activity by username to hold users accountable. Stan mentions this at the end of the article. Most filters offer the type of reporting that HR departments require. I also recommend Vericept to schools that want to augment their filter and increase their visibility into user behavior.

Fortinet and Riverbed: Alliance, but not integration

Jon — Tue, 11 Mar 2008 23:17:22 +0000

When I found out that Fortinet and Riverbed were forming an alliance to “uniquely” address security and acceleration, I immediately thought of Blue Coat, who has been taking this WAN-optimization and security approach for about two years now. The Fortinet/Riverbed alliance just validates the Blue Coat approach in my eyes. If you watch the Office, you know that people form alliances when they are scared of losing their jobs. Both companies need something to tell a prospect that points out the fact that Blue Coat does more for less. As far as I can tell, there is no integration between the two solutions at all. This alliance just tides both companies over until Riverbed can develop security software and Fortinet can develop WAN acceleration. The whole thing is basically a customer list swap combined with a joint marketing campaign. Not that there is anything wrong with that.

How to Beat Blue Coat

Jon — Wed, 21 Nov 2007 07:39:20 +0000

When Blue Coat is under full load caching, filtering, scanning, authenticating, etc. just turn off caching and the thing will cough and sputter. You see, Blue Coat was once CacheFlow and their security policy engine, SGOS, was designed under the assumption that caching would always be there. For Blue Coat, caching isn’t a feature, it’s their foundation. ~~That’s how to beat Blue Coat.~~ That’s something nice to know about Blue Coat.