Beruflich Dokumente
Kultur Dokumente
FOR PARTNER SE
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 1
SECURE WEB GATEWAY - AGENDA
1 Introduction
2 Key Features
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 2
INTRODUCTION
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 4
INDUSTRY DEFINITIONS
Next-
Generation Firewall w/ integrated IPS and extra-firewall
FireWall intelligence
(NGFW)
Intrusion
Prevention Deployed inline for inspecting & blocking attacks
System (IPS) using known vulnerabilities or unusual activities.
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 5
WHAT IS NOT A SECURE WEB GATEWAY ?
Secure Web
NGFW / UTM / IPS
Gateway
Deep Packet
Architecture Full Proxy
Inspection
Multiple Advanced
Malware Detection Signature-Based
Web
Technologies Server
Firewall
Not available or
SSL Interception Available
Secure Web
performance affected
Gateway
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 6
KEY FEATURES
Advanced authentication
SSL Interception
Mobility
Reporting
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 8
GARTNER MAGIC QUADRANT 2014 FOR
SECURE WEB GATEWAYS
http://www.gartner.com/technology/reprints.do?id=1-1VS13FU&ct=140624&st=sb
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 9
Deployment
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 10
SCENARIOS
• Out of path
Switch
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 11
HIGH AVAILABILITY
Slave
Failover Group
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 12
HA WITH WCCP/L4
WCCP / L4
WCCP Group
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 13
HA WITH PAC FILE
10.1.1.1 10.1.1.2
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 14
Content Filtering,
Application Control and
Malware Defense
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 15
WEBPULSE WORKFLOW
If not found
locallly, query
Check WebPulse WebPulse
Client against WebFilter
makes WebFilter
request 3
2
Client
1
Return real-time
5 categorization
ProxySG
6
No Policy
Allow ? processing
7no 4
Yes
Perform
Return background
exception analysis if needed
OCS
7yes
Serve content to
SG and client
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 16
MULTI DIMENSION CATEGORY
Society / Living
Gambling
Adult Entertainment
Content
Entertainment
Intimate
Apparel Economy
Shopping Obj ectionable
Sports
Economy Social
Sports Networking
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 17
FILTERING FILE TYPES
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 18
GRANULAR APPLICATION CONTROL
Benefit:
• Allows granular policy around YouTube
• Ability to allow some YouTube content while
blocking other content
Feature:
• Policy can now be set around 32 content filtering
categories for YouTube
• No license requirements
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 20
MEDIA STREAMING ON PROXYSG
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 22
WHY AUTHENTICATE ON THE PROXYSG
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 23
SCALABILITY
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 24
PROXYSG ATHENTICATION
ARCHITECTURE
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 25
AUTHENTICATION METHODS
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 26
AD CONNECTION METHODS
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 27
SSL Interception
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 28
THE INVISIBLE THREATS
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 29
THE PERFORMANCE PROBLEM
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 31
MESSAGE FLOW
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 32
ENCRYPTED TAP
Logging
Forensics
IDS/IPS
APT Scanners
Encrypted Tap
* License required
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 33
Reporting
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 34
BLUE COAT REPORTER
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 35
ACTIVITY OVERVIEW
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 36
CREATE AND ORGANIZE REPORTS
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 37
MALWARE / RISK GROUP REPORTING
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 38
VIDEO USAGE REPORTING
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 39
WEB APPLICATION CONTROLS
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 40
SEARCH ENGINE KEYWORD REPORT
Web Searches
• Supports Google, Yahoo, Bing, Baidu, AltaVista
• Reports on searched terms
• View by user, group, site, etc.
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 41
ROLE-BASED REPORTING
AD/LDAP
Managers
Role-based Access
Administrators Self & Direct Reports
Role-based Access
Thousands of Reporter Users
Up to 50 concurrent logins
Custom Dashboards Users
Standard/Custom Reports Role-based Access
Drill-down Analysis Individual Reporting
Report Scheduling Reporter
Online, PDF or CSV
Email Delivery
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 42
PROXYSG - ADDITIONAL FEATURES
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 43
Web Application Reverse Proxy
(WARP)
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 44
WEB APPLICATION REVERSE PROXY
Web Servers
Proxy Users
Internal
Public
Network
Internet
Firewall Firewall
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 45
ACCELERATES WEB CONTENT
Object caching
Server load balancing
SSL offloading
Bandwidth management
• Divide traffic into classes, by user, application, operation, content,
transaction, application protocol, etc.
• Guarantee priority and min and/or max bandwidth for a class
Streaming optimization
• Live stream splitting
• Cache “Video on demand”
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 46
BLUE COAT PROTECTION LAYERS
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 47
PERIMETER PROTECTION
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 48
WEB ACCESS SECURITY – CONTROL
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 49
WEB ACCESS SECURITY – GEO
LOCATION
GEO Location
• For regulatory and other
reasons, customers get
visibility and control over
traffic based on the
country their network traffic
is coming from
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 50
WEB APPLICATION LEVEL PROTECTIONS
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 51
Product Line
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 52
BLUE COAT PROXYSG PRODUCT LINE
ProxySG S500
ProxySG S200 ProxySG S400
ProxySG 9000
ProxySG 300
ProxySG 900
ProxySG VA
Regional & Data Center
Remote & Branch Office
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 53
MODELS PRODUCT LINE
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 54
Sizing and licensing
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 55
SIZING INFORMATION
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 56
SIZING GUIDE
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 57
LICENSING - APPLIANCE
Base license
• Subscription license for 1 or 3 years
• One license per user
• WebFilter license already included
Flash license (optional)
• Subscription license for 1 or 3 years
eTAP license (optional)
• Subscription license for 1 or 3 years
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 59
SECURE WEB GATEWAY QUALIFICATION
Copy right © 2015 Blue Coat Sy stems Inc. All Rights Reserv ed. 60
PROXY / SWG: PARTNER RESOURCES
At-a-Glance
Playbooks
Battlecards
Deployment Guides
Reference architectures
https://partners.bluecoat.com/sales/tools
Solution Guides
https://partners.bluecoat.com/solutions/security-and-policy-
enforcement-center