Blue Coat Adds Advanced Threat Detection Capabilities


Blue Coat Systems Monday added advanced threat detection capabilities to its lineup with a new integrated portfolio that marries sandboxing technology for inspecting suspicious files with its Solera Networks network packet inspection engine.

The integrated portfolio includes Blue Coat's ProxySG gateway appliance, which can inspect encrypted traffic for known threats, and its Content Analysis System and Malware Analysis Appliance. The new platform also consists of Solera ThreatBlades, which use the Solera Networks network monitoring engine that Blue Coat acquired in May. The software blades can be deployed inline to inspect traffic for file-, email- and Web-based threats and can act as a broker for third-party sandboxing technology for businesses that want to layer in more advanced malware detection.

[Related: Advanced Persistent Threats: Not-So-Advanced Methods After All]

Solution providers say the market for advanced threat detection capabilities has heated up as more attention is being paid to advanced persistent threats and custom malware. Security vendors with advanced threat detection platforms are all competing around the capabilities they offer, but price points likely will be the key barometer in customer decisions, said Dan Thormodsgaard, vice president of solutions architecture at FishNet Security, Overland Park, Kan.

Thormodsgaard said many enterprises have turned to Blue Coat's proxy security gateway, giving it significant market share.

"Some of the acquisitions Blue Coat has made are obviously changing the game in terms of the way they are looking at how to address the threat environment by extending their capabilities," Thormodsgaard said. "Businesses in heavily regulated environments get the need for forward technologies and malware detection, so the Solera integration definitely provides differentiators to products on the market."

Industry analysts say Blue Coat is pitting itself against RSA, which has been integrating its NetWitness network monitoring appliance with its EnVision security information event management software. Leading up to the acquisition in May, Solera engineers were repositioning the compay's DeepSee appliance as a real-time network monitoring platform.

The vision behind most advanced threat detection platforms is reasonable, but most vendors are missing pieces, said Pete Lindstrom, principal analyst at Spire Security. A security event manager is the primary tool that arbitrates threat intelligence, and that piece is missing from Blue Coat, Lindstrom said. Other vendors lack prevention, response and forensics capabilities to determine the scope of a threat, he said.

"No one has that full integration yet," Lindstrom said. "There's a big gap between react and recover that is missing from the vision of these portfolios of tools. I'm not sure how these guys are going to bridge that gap."

Blue Coat has been looking beyond content filtering, threat prevention and WAN optimization following its acquisition in 2011 by private equity firm Thoma Bravo for $1.3 billion. Blue Coat, with more than 400 partners, has pledged to stand by its channel strategy. The Sunnyvale, Calif.-based company also runs separate programs for wireless and global system integrators.

PUBLISHED NOV. 18, 2013