Bold Move Further Builds Blue Coat Portfolio

Transcription

1 ANALYST BRIEF Bold Move Further Builds Blue Coat Portfolio SOLERA ACQUISITION PROVIDES BLUE COAT ABILITY TO LEVERAGE BIG DATA ANALYTICS Author John W. Pirc Overview On May 23, 2013, security vendor Blue Coat Systems, Inc. acquired the big data security intelligence and analytics company, Solera Networks, Inc. for an undisclosed amount. Blue Coat Systems is a provider of web security, WAN optimization, mobile device security, data loss prevention, and cloud services. NSS believes this acquisition is a bold move that will benefit Blue Coat customers and will expand its product offerings to Solera customers. This acquisition is considered a key indicator to the security industry that network- based incident response tools such as Solera, will play a large role in threat detection, breach reconstruction, and breach prevention. The ability to correlate events based on log data is useful, but it is packet- level data analysis as a result of big data sets that will significantly enhance the offering from vendors such as Blue Coat. This acquisition provides Blue Coat with the ability to enter the incident response market and to leverage big data security analytics that will feed other Blue Coat products and will strengthen the vendor s cloud and managed security service provider (MSSP) offerings. NSS Findings NSS expects Blue Coat to integrate Solera s DeepSee File System (DSFS) into its product portfolio. NSS expects that Blue Coat will leverage this acquisition and will gain a foothold within the incident response market, which is predicted to reach ~$14 billion USD by Blue Coat will leverage its recent Crossbeam acquisition by adding the Solera Networks DeepSee products to run on the X- series platform. NSS predicts that Blue Coat will leverage its cloud and MSSP environments as the source of big data to provide real- time analytics and threat intelligence to its customers.

2 NSS Labs Recommendations Current Solera customers and partners should: Seek assurances on feature requests and on any foreseeable changes in the roadmap. Seek assurance that there is a transition plan for support being moved from Solera to Blue Coat. Request information on Blue Coat s plans for the integration of management platforms. Channel partners should determine whether Blue Coat intends to maintain the 20:20 program. Technology partners should determine whether Blue Coat will continue with the technology integration program. Analysis The recent acquisition of Solera Networks by Blue Coat Systems, Inc. appears to point to a long- term goal. Solera is a big data security intelligence and analytics company that provides visibility and contextual analysis of the network by recording network traffic and playing it back like a DVR. This capability, along with its high speed proprietary DeepSee File System (DSFS), allows Solera to collect, index, and classify data by, for example, Web 2.0 applications, file type, URL, and instant messaging. Solera is also able to provide visibility into encrypted network traffic that uses secure sockets layer (SSL) protocol. Solera partnered with Netronome s SSL Inspector product line division in August 2011 and currently has the Netronome SSL technology embedded into its DeepSee product line. Solera is also able to enhance the context of its data collection through the integration of third- party intellectual property (IP) reputation and malware feeds. Solera Networks was founded in 2004 and has an impressive product and services portfolio that includes software, virtualization, hardware and MSSP offerings. Additionally, Solera is able to interoperate with the Technology Partner programs of third- party security vendors such as AlienVault, McAfee, FireEye, LogRhythm, Palo Alto Networks, IBM/Q1 Labs, SonicWALL, Imperva, Sourcefire, Splunk, and VMware. These programs focus on security technologies such as security information event management (SIEM), log management, intrusion prevention systems (IPS), data loss prevention (DLP), deep packet inspection, and breach detection systems (BDS) 1. The acquisition of Solera Networks offers a glimpse into Blue Coat s possible long- term strategy. Such a strategy will likely focus on today s attack surface, which continues to grow with the extensions of mobility, bring your own device (BYOD) and the cloud. Most of today s Web- based threats include malware, which has successfully penetrated the attack surface through web sites, , and Web and mobile- based applications. It is believed that the addition of Solera Networks DeepSee product line will help to address this issue by providing context and adding value. 1 analytics/ 2

3 There are seven plays for Blue Coat: Incident Response: Blue Coat will use this opportunity to enter the incident response market, which is expected to grow to ~$14 billion in overall revenue by Threat Intelligence: Blue Coat will leverage the capture and analytics capabilities of Solera to deliver high value threat intelligence data that are associated with sophisticated attacks. DeepSee File System (DSFS): This high- speed data analytics engine could be integrated into other Blue Coat products to increase query and indexing speeds within its product lines. Crossbeam: Solera would join CheckPoint, Sourcefire, and McAfee as a software option on the X- Series Crossbeam platform. Virtualization: Since the Solera DeepSee product can already run in a virtual environment, it will complement other virtualized products from Blue Coat. Cloud: Solera will provide insight and context into both encrypted and non- encrypted traffic. In the event of a breach, this would be akin to Blue Coat having a self- contained incident response team, as the entire breach would be recorded. MSSP: Solera will give Blue Coat the visibility into big data security analytics that will ultimately turn into intelligence data. This in turn would complement existing Blue Coat products and third- party products, as well as increase the time to protection on zero day threats. Post- Acquisition Pointers for Solera Customers and Partners Acquisitions are to be expected among high- tech companies that wish to acquire intellectual property, expand into new markets, and strengthen current technologies. Critical to the maintenance of customer and partner satisfaction is a smoothly executed transition and integration process. Current Solera customers and partners are advised to: Seek assurances on feature requests and on any foreseeable changes in the roadmap. Many changes occur after an acquisition, and it is important to be informed of any changes to features that were communicated in previous roadmaps, as well as to be informed of any anticipated delays in upcoming general availability (GA) dates for hardware and software. Determine Blue Coat s plans for the integration of the newly acquired technology into their products. Additionally, inquire about Blue Coat s planned management strategy with Solera. For example, will management be consolidated under one pane, or will separate management platforms be maintained? Seek confirmation on whether Solera s current end- of- sale (EOS) and end- of - life (EOL) policies will remain the same, or if they will be converted to Blue Coat s EOS and EOL policies. Such policies are generally not the same from company to company. Reductions in EOS and EOL policies in a planned future hardware refresh, for example, may have a negative impact on a customer s information technology budget and strategy. Seek assurance that there is a transition plan for support being moved from Solera to Blue Coat. Specifically inquire if the transition will result in any downtime and if the support policy will change. 2 systems- delivers- security- incident- r/

4 Seek assurances on what to expect during the integration phase of the Solera Networks product portfolio. This phase typically includes integration of back- end ordering systems, entitlements, and supply chains, and delays are to be expected. Transparent communication will set proper expectations for customers and partners. This acquisition is considered positive for Blue Coat, since the Solera Networks DeepSee product line complements the vendor s current offerings and will also strengthen them, by providing additional threat context and insight. The acquisition will allow Blue Coat to expand its traditional SWG and WAN Optimization business into the multi- billion- dollar incident response market. Solera customers too should view the acquisition as positive, and they should continue to purchase the DeepSee product. It is expected that Blue Coat will introduce the DeepSee product onto the Crossbeam platform to serve customers that require high bandwidth. Blue Coat may take advantage of Solera s DSFS to enhance the reporting performance on Blue Coat products. 4

5 Reading List Blue Coat to Acquire Solera Networks. Blue Coat Newsroom releases/blue- coat- acquire- solera- networks 5

6 Contact Information NSS Labs, Inc. 206 Wild Basin Rd Building A, Suite 200 Austin, TX USA +1 (512) This analyst brief was produced as part of NSS Labs independent testing information services. Leading products were tested at no cost to the vendor, and NSS Labs received no vendor funding to produce this analyst brief NSS Labs, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the authors. Please note that access to or use of this report is conditioned on the following: 1. The information in this report is subject to change by NSS Labs without notice. 2. The information in this report is believed by NSS Labs to be accurate and reliable at the time of publication, but is not guaranteed. All use of and reliance on this report are at the reader s sole risk. NSS Labs is not liable or responsible for any damages, losses, or expenses arising from any error or omission in this report. 3. NO WARRANTIES, EXPRESS OR IMPLIED ARE GIVEN BY NSS LABS. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON- INFRINGEMENT ARE DISCLAIMED AND EXCLUDED BY NSS LABS. IN NO EVENT SHALL NSS LABS BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES, OR FOR ANY LOSS OF PROFIT, REVENUE, DATA, COMPUTER PROGRAMS, OR OTHER ASSETS, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 4. This report does not constitute an endorsement, recommendation, or guarantee of any of the products (hardware or software) tested or the hardware and software used in testing the products. The testing does not guarantee that there are no errors or defects in the products or that the products will meet the reader s expectations, requirements, needs, or specifications, or that they will operate without interruption. 5. This report does not imply any endorsement, sponsorship, affiliation, or verification by or with any organizations mentioned in this report. 6. All trademarks, service marks, and trade names used in this report are the trademarks, service marks, and trade names of their respective owners. 6