A Security and Acceleration Solution for K-12 Networks > White Paper

Size: px
Start display at page:

Download "A Security and Acceleration Solution for K-12 Networks > White Paper"

Transcription

1 > White Paper

2 INTRODUCTION Spawned by the No Child Left Behind (NCLB) Act, which has significantly heightened levels of accountability for student achievement, educators and administrators are increasingly utilizing technology as a catalyst for change and educational improvement. One major element of this shift has been the rapid adoption of elearning applications. > Implementation of elearning applications has introduced a broad set of challenges for K-12 school districts. It s been proven that interactive, Web- and video-based learning tools foster a relevant and engaging K-12 learning environment, which ultimately results in higher standardized test scores. It s no surprise, then, that Internet use in K-12 school districts has become an essential communication and resource tool today, virtually all US schools have some form of Internet access, and 95% have broadband Internet access. Yet, this rapid implementation of elearning applications has introduced a broad set of challenges for K-12 school districts, including the following: 1) The need to effectively and efficiently protect their students against inappropriate web content; 2) The need to proactively protect their students and networks against constantly evolving threats, including spyware and other malware; and 3) The need to optimize network performance by filtering out non-educational content and giving high priority to elearning applications to preserve precious bandwidth and improve latency. CHALLENGE EFFECTIVE, EFFICIENT WEB CONTENT FILTERING Most US schools and districts have already implemented some sort of URL filtering solution to address the Children s Internet Protection Act (CIPA). However, many of these products have been pushed beyond their limits by the ubiquitous use of the Internet in schools, an increasingly technically savvy student population, and the dynamic nature of web content. For example: -> A software-based URL filter hosted on a network server, firewall or router works by sniffing web traffic and attempting to terminate unauthorized requests; these filters simply cannot keep up during times of peak Internet usage, allowing inappropriate sites to be viewed up to 20-30% of the time. 1 < >

3 -> Many URL filtering products incorrectly categorize websites accessed via translation and archive sites as reference sites. These are frequently mentioned on message boards as a means of bypassing traditional URL filtering, as the products deployed in most school districts are not sophisticated enough to classify the actual target site. -> Most URL filtering products cannot identify graphics labeled by popular search engines such as Google. Therefore, image searches conducted using the search vehicle will frequently result in inappropriate content (such as pornographic thumbnails) to be displayed even if the school s network administrator has implemented a URL filtering product. Google has a SafeSearch option, but this feature can easily be disabled at the desktop by students. Simply blocking students from conducting web searches may be effective, but would also significantly compromise the educational value of the network. -> SSL-encrypted communications now represent up to 30% of an organization s network traffic. For tech-savvy students, SSL has become the new backdoor, invisibly masking access to inappropriate web content. Current URL filtering solutions cannot see this traffic, much less control it. -> Today, there are over 100 million live web domains. Even the best filters will categorize only 15-16% of those domains, leaving each K-12 school district with a wide range of sites that are uncategorized. This is a large and growing problem as the Internet continues to change, and the current solution blocking uncategorized sites and then attempting to manually classify each one is neither efficient nor scalable. As if these web content filtering challenges were not enough, K-12 school districts also face the added need to protect their students and networks against web-borne threats. CHALLENGE PROACTIVE PROTECTION AGAINST WEB-BORNE THREATS The web browser has become the weak link in network security. According to Symantec, 40% of malicious attacks now target the browser. Web content threats are the fastest growing computer danger because most organizations, including school districts, leave ports 80 and 443 open through their firewalls. 2 < >

4 The character of these new web content threats has also changed. For example: -> While traditional viruses could be detected with pattern matching and algorithms (once released, the virus could only change in predictable ways), spyware is almost always downloaded directly from a server. To evade traditional code scanning, spyware vendors automatically recompile the spyware code (for example, inserting random lines of camouflage code) between downloads. Each downloaded spyware binary can be unique, severely limiting the usefulness of traditional malware scanning. -> Existing filtering technology has difficulty dealing with previously-rated sites that later become threat sites. Given the financial incentives behind spyware, this is statistically significant. It is simply not possible to re-rate 16 billion web pages daily or hourly to keep up with this dynamic challenge. -> URL filtering technology is limited in its ability to recognize threat sites. Threats evolve rapidly. Hackers and unethical entrepreneurs continuously seek to circumvent security technology, and that makes it harder to recognize and accurately rate threats on an ongoing basis. -> Once infected, PCs are typically programmed by installed malware to phone home with potentially confidential data, including personal information about the user. Most existing defenses can only apply some measure of inbound protection, leaving this risky outbound communication uncontrolled. -> As mentioned above, SSL-encrypted communications now represent up to 30% of an organization s network traffic. Current threat protection products cannot see SSLencrypted traffic, much less control it. -> While most school districts have implemented some sort of desktop anti-virus solution, certain malware, such as a DOS virus (e.g. SQL Slammer) will overwhelm the system whether or not anti-virus protection is available on the PC. The antivirus scanner will utilize all available processor power just to scan the incoming virus, potentially bringing down the entire network. 3 < >

5 CHALLENGE OPTIMIZED NETWORK PERFORMANCE As K-12 school districts increasingly leverage elearning applications, they are experiencing considerable network performance problems. Like large, distributed enterprises, these districts are saturating their available networks and experiencing application latency an expensive and untenable proposition. This is occurring for several reasons: -> Inability to control bandwidth-hogging personal applications, such as streaming media and P2P. Given that nearly one-third of the network bandwidth in K-12 school districts is consumed by unauthorized applications (web ads, inappropriate surfing, P2P, Skype, spyware, etc.), removing the undesirable can be as important as accelerating the desirable. Uncontrolled streaming and P2P traffic, for example, can literally take down a network. Popular sporting events, such as the U.S. college basketball playoffs, are common instigators. URL filtering can address some of these concerns; however, the inability of network administrators to natively control streaming and P2P traffic means that precious bandwidth is wasted on non-educational applications. -> Bandwidth-intensive elearning applications, which often leverage video and audio streams, require significant resources to deliver across the wide area network (WAN). Caching technologies improve response times and WAN utilization by keeping copies of data at remote school locations and serving it up locally when a request for the data is received. Some school districts have already deployed proxy/cache devices at individual schools to cache frequently accessed content; however, many of these servers or appliances are either ineffective or no longer being supported. -> More and more elearning applications are hosted externally, and are encrypted via SSL. At the same time, more and more school districts are now using externally-hosted human resources and education planning solutions. Because these applications often deal with confidential and sensitive information (e.g. student data), much of this user-application communication is transmitted via SSL. Since SSL encrypts the data, it is impossible for most existing network and application acceleration techniques to function correctly. NEEDED A SECURITY AND ACCELERATION SYSTEM FOR K-12 NETWORKS Although the symptoms seem complex, the solution is straightforward: K-12 school districts need a security and acceleration system that enables students, educators, and staff members to leverage elearning applications while complying with stringent regulations and keeping their networks and PCs protected. 4 < >

6 1) Web content filtering. An effective solution for K-12 networks must be able to accurately categorize and filter inappropriate content even if the content is new; even if it is masked via a translation site, archive site, or web search engine; and even if it s encrypted via SSL and it must do so without introducing a performance penalty. 2) Effective web security. An effective solution must provide proactive gateway protection against web-borne threats even as these threats become more sophisticated, even if they traverse via encrypted channels and regardless of whether the threats are present in inbound or outbound traffic and it must do so in a scalable fashion, without introducing a performance penalty. 3) Optimized network performance. An effective solution must provide highperformance application delivery to users regardless of the application, irrespective of where the applications or users are located, and even if the content is encrypted. THE BLUE COAT SOLUTION There are a number of products available that can address one or more of these requirements. However, deploying these disparate point products introduces a level of administrative complexity that is simply not practical for most K-12 school districts, which are constantly forced to do more with less. Only one vendor in the industry Blue Coat addresses the web filtering, web security, and network performance requirements of K-12 school districts in a single appliance-based solution. Blue Coat for Effective Web Content Filtering Blue Coat enables K-12 school districts to accurately categorize and filter inappropriate content, with the following capabilities: User Identification and Reporting Blue Coat provides the tools needed to log and track user interactions over the Internet and across school district boundaries, including robust integration with existing authentication systems. Comprehensive URL Filtering Database Comprised of the most frequently accessed sites on the web, the Blue Coat WebFilter database has an average 94% coverage rate of requested sites in customer deployments, coupled with an extremely low rate of false-positives. 5 < >

7 Dynamic Rating of New or Unrated Sites Each Blue Coat WebFilter service contract includes our unique Dynamic Real-Time Rating (DRTR ) technology. DRTR is a unique, patented technology that can actually categorize web sites on the fly (typically in less than 200 milliseconds) as a user attempts to access them. Accurate Ratings of Embedded Web Pages Unlike alternative products, Blue Coat can actually see the destination webpage embedded in the intermediary page to make an accurate and useful rating. For example, Blue Coat WebFilter accurately categorizes an archive of penthousemag.com as pornography/adult content, and the SSL-encrypted site https://www.guardster.com as proxy anonymizer. Blue Coat WebFilter can allow Google Image Search images that meet the local policy (by seeing the source site s rating) but deny those that do not. And when no source information is available, Blue Coat SG s proxy policy can enforce Google Image Safe Search mode at the gateway, even if the user attempts to manually disable it. Instant Messaging Control Blue Coat allows administrators to monitor and log session content of the leading IM protocols (AOL, Yahoo!, MSN); monitor and block key words and sensitive information from being transmitted via IM; and deny IM attachments, to prevent the loss of confidential information. SUCCESS EXAMPLE: THE SCHOOL DISTRICT OF PALM BEACH COUNTY Palm Beach County is the 4th largest school district in Florida and the 8th largest in the U.S., with over 175,000 enrolled students (PK- 12). The District turned to Blue Coat initially to address their web filtering and security requirements. Implementing Blue Coat appliances and solutions has enabled Palm Beach County to effectively control their students web usage and address stringent federal regulations, while significantly improving network performance. Importantly, the Blue Coat solution allowed the District to support critical distance learning and online test preparation applications for the Florida Comprehensive Assessment Test (FCAT) which has resulted in higher test scores and increased funding. Blue Coat for Proactive Web Security Blue Coat enables K-12 school districts to proactively protect their students and networks against web-borne threats, with the following capabilities: Effective Spyware Prevention Blue Coat SG appliances prevent new and unknown spyware whether inbound or outbound more effectively than any other offering. Case studies of Blue Coat users consistently show that Blue Coat simply stops spyware-related help desk tickets. Given the inherently evasive nature of spyware, this is the most revealing metric of a security solution s effectiveness. Prevention of Known and Unknown Phishing Blue Coat enables administrators to block known phishing sites, as well as prevent users from posting (entering data) to sites at high risk of being phishing sites. Risk criteria include fraudulent or expired SSL certificates, deceptive characters 6 < >

8 in URL (e.g. an Ö in ), etc. Finally, the Blue Coat solution can automatically block or warn users of sites that have an invalid SSL certificate. Protection Against Viruses, Trojans, and Bot Networks While a properly configured firewall gives most organizations the greatest degree of protection against these threats, Blue Coat provides additional layers of protection, by (a) blocking downloads from sites in the malware category; (b) blocking common exploits and vulnerabilities via policy to prevent new and unknown hacks; and (c) heuristically detecting and blocking bot Trojans regardless of source via Blue Coat s optional high-performance, lowlatency AV appliance, Blue Coat AV. Content Security Controls Blue Coat SG provides comprehensive control of MIME types and file extensions, as well as the ability to strip and replace active content (Java, Visual Basic, ActiveX); restrict uploads of information; specify user agent types and versions to control client software, header inspection, rewrites and suppression. Blue Coat also provides method-level controls for HTTP, HTTPS, FTP and IM. Blue Coat for Optimized Network Performance Blue Coat addresses the network performance requirements of K-12 school districts in several important ways, via our unique multi-protocol accelerated caching hierarchy (MACH5) technology: 7 < >

9 Bandwidth-Management Blue Coat provides application-aware bandwidth management of streaming media and P2P applications, by: -> Blocking or throttling bandwidth usage based on protocol, category, user, group, time of day, etc. For example, movie trailers may be denied, news streaming limited to 128 Kbps, and internal elearning applications accelerated. -> Capping bandwidth usage by protocol, category, user, group, time of day, etc. During core school hours, for example, non-education-related streaming might be limited to no more than 20% of available bandwidth. Protocol Optimization Protocol optimization makes rich media protocol interactions more efficient over the WAN through the ability to pre-position content, schedule replication, and transparently split streams. Stream splitting and multi-casting allow a single stream from the Internet to be split in real-time to multiple internal viewers, dramatically reducing bandwidth usage. Object Caching If the proxy cache contains the object, the user is served the object from a local store extremely quickly. Object caching can greatly reduce almost to zero the bandwidth used and the latency associated with streaming media applications. The only traffic that crosses the WAN is a quick check to ensure that the copy in cache is still current. Blue Coat s Adaptive Refresh technology ensures that the most popular content is kept current even when not actively requested by a user. SUCCESS EXAMPLE: CHARLOTTE COUNTY PUBLIC SCHOOLS Charlotte County Schools board, administrators, and teachers are committed to offering their 18,000 students access to online instructional materials from Compass Learning Odyssey and streaming educational videos from the United Streaming division of Discovery Communications. The District turned to Blue Coat initially to expand their bandwidth through caching. They chose Blue Coat SG because (unlike competing products) the Blue Coat SG appliance could effectively cache video locally and dramatically improve the quality and capacity to serve large numbers of students. The SG appliances could also provide visibility, acceleration, and control of SSL-encrypted traffic, as well as easy-to-integrate web content filtering. The results of implementing the Blue Coat solution were immediate, with a 40 times improvement in latency, a peak reduction in bandwidth consumption of 100 times for the school district s key streaming applications, and the ability to control and accelerate even SSL-encrypted traffic. Byte Caching Also referred to as dictionary compression, byte caching is a low-level cache of small, sub-application-object pieces of information. Byte caching is not application-specific, and operates at a lower level, reducing bandwidth of all TCP traffic. Compression Blue Coat leverages common compression algorithms to remove extraneous/predictable information from the traffic before it is transmitted. The information is reconstituted at the destination based on the same algorithms. This technique reduces the data transmitted over the WAN link and, therefore, accelerates content delivery. 8 < >

10 SUMMARY AND CONCLUSION The rapid adoption of elearning applications has introduced a broad set of challenges for K-12 school districts: -> The need to effectively and efficiently protect their students against inappropriate web content; -> The need to proactively protect their students and networks against constantly evolving threats, including spyware and other malware; and -> The need to optimize network performance by filtering out non-educational content and giving high priority to elearning applications to preserve precious bandwidth and improve latency. Only one vendor in the industry Blue Coat addresses the web filtering, web security, a nd network performance requirements of K-12 school districts in a single appliance-based solution. Blue Coat provides abundant policy controls wrapped in optimized hardware and a custom operating system to give K-12 school districts a proven high-performance option for gaining visibility, control, and acceleration of their web and key elearning applications. 9 < >

11 Blue Coat Systems, Inc BCOAT Direct Fax Copyright 2007 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use, Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners.

Best Practices for Controlling Skype within the Enterprise > White Paper

Best Practices for Controlling Skype within the Enterprise > White Paper > White Paper Introduction Skype is continuing to gain ground in enterprises as users deploy it on their PCs with or without management approval. As it comes to your organization, should you embrace it

More information

Cyan Networks Secure Web vs. Websense Security Gateway Battle card

Cyan Networks Secure Web vs. Websense Security Gateway Battle card URL Filtering CYAN Secure Web Database - over 30 million web sites organized into 31 categories updated daily, periodically refreshing the data and removing expired domains Updates of the URL database

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

Secure Web Gateways Buyer s Guide >

Secure Web Gateways Buyer s Guide > White Paper Secure Web Gateways Buyer s Guide > (Abbreviated Version) The web is the number one source for malware distribution. With more than 2 million 1 new pages added every day and 10,000 new malicious

More information

Next-Generation Firewalls: Critical to SMB Network Security

Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more

More information

How to Gain Visibility and Control of Encrypted SSL Web Sessions >

How to Gain Visibility and Control of Encrypted SSL Web Sessions > White Paper How to Gain Visibility and Control of Encrypted SSL Web Sessions > Executive Summary Web applications (and their derivatives IM, P2P, Web Services) continue to comprise the overwhelming majority

More information

Best Practices for Controlling Skype within the Enterprise. Whitepaper

Best Practices for Controlling Skype within the Enterprise. Whitepaper Best Practices for Controlling Skype within the Enterprise Whitepaper INTRODUCTION Skype (rhymes with ripe ) is a proprietary peer-to-peer (P2P) voice over Internet protocol (VoIP) network, founded by

More information

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda

More information

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ

More information

Blue Coat WebFilter >

Blue Coat WebFilter > White Paper Blue Coat WebFilter > Delivering the web access your users want with the control you need Why Dynamic Content Filtering has Become Essential Two billion videos per day are watched on YouTube.

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering

More information

Reverse Proxy for Trusted Web Environments > White Paper

Reverse Proxy for Trusted Web Environments > White Paper > White Paper ProxySG for Reverse Proxy Web-based solutions are being implemented for nearly every aspect of business operations, and increasingly for trusted environments with mission-critical business

More information

Content-ID. Content-ID URLS THREATS DATA

Content-ID. Content-ID URLS THREATS DATA Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and

More information

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network. Content-ID Content-ID enables customers to apply policies to inspect and control content traversing the network. Malware & Vulnerability Research 0-day Malware and Exploits from WildFire Industry Collaboration

More information

Stopping secure Web traffic from bypassing your content filter. BLACK BOX

Stopping secure Web traffic from bypassing your content filter. BLACK BOX Stopping secure Web traffic from bypassing your content filter. BLACK BOX 724-746-5500 blackbox.com Table of Contents Introduction... 3 Implications... 4 Approaches... 4 SSL CGI Proxy... 5 SSL Full Proxy...

More information

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security Web Security Gateway Web Security Web Filter Hosted Web Security Web Security Solutions The Approach In the past, most Web content was static and predictable. But today s reality is that Web content even

More information

Protecting Your Network Against Risky SSL Traffic ABSTRACT

Protecting Your Network Against Risky SSL Traffic ABSTRACT Protecting Your Network Against Risky SSL Traffic ABSTRACT Every day more and more Web traffic traverses the Internet in a form that is illegible to eavesdroppers. This traffic is encrypted with Secure

More information

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security Web Security Gateway Web Security Web Filter Express Hosted Web Security Web Security Solutions The Approach In the past, most Web content was static and predictable. But today s reality is that Web content

More information

4 Steps to Effective Mobile Application Security

4 Steps to Effective Mobile Application Security Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional

More information

Downloading and Configuring WebFilter

Downloading and Configuring WebFilter Downloading and Configuring WebFilter What is URL Filtering? URL filtering is a type of transaction content filtering that limits a user s Web site access through a policy that is associated with a specific

More information

Application Visibility and Monitoring >

Application Visibility and Monitoring > White Paper Application Visibility and Monitoring > An integrated approach to application delivery Application performance drives business performance Every business today depends on secure, reliable information

More information

A Websense White Paper Implementing Best Practices for Web 2.0 Security with the Websense Web Security Gateway

A Websense White Paper Implementing Best Practices for Web 2.0 Security with the Websense Web Security Gateway A Websense White Paper Implementing Best Practices for Web 2.0 Security with the Websense Web Security Gateway Table of Contents Introduction... 3 Implementing Best Practices with the Websense Web Security

More information

Symantec Protection Suite Add-On for Hosted Email and Web Security

Symantec Protection Suite Add-On for Hosted Email and Web Security Symantec Protection Suite Add-On for Hosted Email and Web Security Overview Your employees are exchanging information over email and the Web nearly every minute of every business day. These essential communication

More information

Threat Containment for Facebook

Threat Containment for Facebook Threat Containment for Facebook Based on statistics for more than 62M users in 2009, the Blue Coat WebPulse cloud service ranked social networking as the number one most requested web category, surpassing

More information

Proxy Blocking: Preventing Tunnels Around Your Web Filter. Information Paper August 2009

Proxy Blocking: Preventing Tunnels Around Your Web Filter. Information Paper August 2009 Proxy Blocking: Preventing Tunnels Around Your Web Filter Information Paper August 2009 Table of Contents Introduction... 3 What Are Proxies?... 3 Web Proxies... 3 CGI Proxies... 4 The Lightspeed Proxy

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior

More information

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.] Cisco Cloud Web Security Cisco IT Methods Introduction Malicious scripts, or malware, are executable code added to webpages that execute when the user visits the site. Many of these seemingly harmless

More information

Web Application Firewall for Untrusted Web Environments > White Paper

Web Application Firewall for Untrusted Web Environments > White Paper > White Paper ProxySG Web Application Firewall Web-based solutions are being implemented for nearly every aspect of business operations, and these are increasingly under attack within public web access

More information

White Paper. Enterprise IPTV and Video Streaming with the Blue Coat ProxySG >

White Paper. Enterprise IPTV and Video Streaming with the Blue Coat ProxySG > White Paper Enterprise IPTV and Video Streaming with the Blue Coat ProxySG > Table of Contents INTRODUCTION................................................... 2 SOLUTION ARCHITECTURE.........................................

More information

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013 Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,

More information

SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES

SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES Contents Introduction 3 SSL Encryption Basics 3 The Need for SSL Traffic Inspection

More information

HTTPS HTTP. ProxySG Web Server. Client. ProxySG TechBrief Reverse Proxy with SSL. 1 Technical Brief

HTTPS HTTP. ProxySG Web Server. Client. ProxySG TechBrief Reverse Proxy with SSL. 1 Technical Brief ProxySG TechBrief Reverse Proxy with SSL What is Reverse Proxy with SSL? The Blue Coat ProxySG includes the basis for a robust and flexible reverse proxy solution. In addition to web policy management,

More information

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper with Cloud-Based Security Services > White Paper It s a phenomenon and a fact: employees are always on today. They connect to the network whenever they want, from wherever they happen to be, with laptops,

More information

How to Prevent Secure Web Traffic (HTTPS) from Crippling Your Content Filter. A Cymphonix White Paper

How to Prevent Secure Web Traffic (HTTPS) from Crippling Your Content Filter. A Cymphonix White Paper How to Prevent Secure Web Traffic (HTTPS) from Crippling Your Content Filter A Cymphonix White Paper How to Prevent Secure Web Traffic (HTTPS) from Crippling Your Content Filter Introduction Internet connectivity

More information

Voice, Video and Data Convergence > A best-practice approach for transitioning your network infrastructure. White Paper

Voice, Video and Data Convergence > A best-practice approach for transitioning your network infrastructure. White Paper > A best-practice approach for transitioning your network infrastructure White Paper The business benefits of network convergence are clear: fast, dependable, real-time communication, unprecedented information

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services Product Highlights Intrusion Prevention System Dectects and prevents known and unknown attacks/ exploits/vulnerabilities, preventing outbreaks and keeping your network safe. Gateway Anti Virus Protection

More information

Putting Web Threat Protection and Content Filtering in the Cloud

Putting Web Threat Protection and Content Filtering in the Cloud Putting Web Threat Protection and Content Filtering in the Cloud Why secure web gateways belong in the cloud and not on appliances Contents The Cloud Can Lower Costs Can It Improve Security Too?. 1 The

More information

The Microsoft JPEG Vulnerability and the Six New Content Security Requirements

The Microsoft JPEG Vulnerability and the Six New Content Security Requirements The Microsoft JPEG Vulnerability and the Six New Content Security Requirements Table of Contents OVERVIEW...3 1. THE VULNERABILITY DESCRIPTION...3 2. NEEDED: A NEW PARADIGM IN CONTENT SECURITY...4 3. PRACTICAL

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

Websense: Worldwide Leader in Web Filtering Expands into Web Security

Websense: Worldwide Leader in Web Filtering Expands into Web Security Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com VENDOR PROFILE Websense: Worldwide Leader in Web Filtering Expands into Web Security Brian E. Burke

More information

Masters Project Proxy SG

Masters Project Proxy SG Masters Project Proxy SG Group Members Chris Candilora Cortland Clater Eric Garner Justin Jones Blue Coat Products Proxy SG Series Blue Coat Proxy SG appliances offer a comprehensive foundation for the

More information

WAN Optimization for Microsoft SharePoint BPOS >

WAN Optimization for Microsoft SharePoint BPOS > White Paper WAN Optimization for Microsoft SharePoint BPOS > Best Practices Table of Contents Executive Summary 2 Introduction 3 SharePoint BPOS performance: Managing challenges 4 SharePoint 2007: Internal

More information

Protect your internal users on the Internet with Secure Web Gateway. Richard Bible EMEA Security Solution Architect

Protect your internal users on the Internet with Secure Web Gateway. Richard Bible EMEA Security Solution Architect Protect your internal users on the Internet with Secure Web Gateway Richard Bible EMEA Security Solution Architect Identity and Access Management (IAM) Solution Authentication, Authorization, and SSO to

More information

Websense Web Security Solutions

Websense Web Security Solutions Web Security Gateway Web Security Web Filter Hosted Web Security Web Security Solutions The Web 2.0 Challenge The Internet is rapidly evolving. Web 2.0 technologies are dramatically changing the way people

More information

SECURE ICAP Gateway. Blue Coat Implementation Guide. Technical note. Version 1.0 23/12/13. Product Information. Version & Platform SGOS 6.

SECURE ICAP Gateway. Blue Coat Implementation Guide. Technical note. Version 1.0 23/12/13. Product Information. Version & Platform SGOS 6. Technical note Version 1.0 23/12/13 Product Information Partner Name Web Site Product Name Blue Coat Systems, Inc. www.bluecoat.com ProxySG Version & Platform SGOS 6.5 Product Description Blue Coat ProxySG

More information

Intelligent, Scalable Web Security

Intelligent, Scalable Web Security Solution Overview Citrix and Trend Micro Intelligent, Scalable Web Security Application-Level Control, Load Balancing, High-Traffic Capacity Table of Contents The Challenge... 3 The Solution: Citrix NetScaler

More information

A TECHNICAL REVIEW OF CACHING TECHNOLOGIES

A TECHNICAL REVIEW OF CACHING TECHNOLOGIES WHITEPAPER Over the past 10 years, the use of applications to enable business processes has evolved drastically. What was once a nice-to-have is now a mainstream staple that exists at the core of business,

More information

Using Palo Alto Networks to Protect the Datacenter

Using Palo Alto Networks to Protect the Datacenter Using Palo Alto Networks to Protect the Datacenter July 2009 Palo Alto Networks 232 East Java Dr. Sunnyvale, CA 94089 Sales 866.207.0077 www.paloaltonetworks.com Table of Contents Introduction... 3 Granular

More information

Ensure safe and appropriate web surfing for all users with customizable filtering.

Ensure safe and appropriate web surfing for all users with customizable filtering. Features Comprehensive and accurate education-friendly URL database with more than one billion entries. Multiple layers of anonymous proxy detection and blocking to keep users from bypassing your filter

More information

ProxySG TechBrief Implementing a Reverse Proxy

ProxySG TechBrief Implementing a Reverse Proxy ProxySG TechBrief Implementing a Reverse Proxy What is a reverse proxy? The Blue Coat ProxySG provides the basis for a robust and flexible Web communications solution. In addition to Web policy management,

More information

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your

More information

REPORT & ENFORCE POLICY

REPORT & ENFORCE POLICY App-ID KNOWN PROTOCOL DECODER Start Decryption (SSL or SSH) Decode Signatures Policy IP/Port Policy Application Signatures Policy IDENTIFIED TRAFFIC (NO DECODING) UNKNOWN PROTOCOL DECODER Apply Heuristics

More information

Achieve Deeper Network Security

Achieve Deeper Network Security Achieve Deeper Network Security Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have taken the world by storm, revolutionizing network security as we once knew it. Yet in order

More information

Top 10 Reasons Enterprises are Moving Security to the Cloud

Top 10 Reasons Enterprises are Moving Security to the Cloud ZSCALER EBOOK Top 10 Reasons Enterprises are Moving Security to the Cloud A better approach to security Albert Einstein defined insanity as doing the same thing over and over again and expecting different

More information

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

WEB APPLICATION FIREWALLS: DO WE NEED THEM? DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?

More information

Blue Coat WebPulse TM >

Blue Coat WebPulse TM > White Paper Blue Coat WebPulse TM > Technical Overview of the WebPulse Collaborative Defense Table of Contents INTRODUCTION 1 BLUE COAT S WEB SECURITY ARCHITECTURE 2 PROACTIVE DEFENSES 2 BLUE COAT WEBFILTER

More information

Cascadia Labs URL Filtering and Web Security

Cascadia Labs URL Filtering and Web Security Presented by COMPARATIVE REVIEW Cascadia Labs URL Filtering and Web Security Results from Summer 2009 Executive Summary In the summer of 2009, Cascadia Labs performed effectiveness tests on five market-leading

More information

INSTANT MESSAGING SECURITY

INSTANT MESSAGING SECURITY INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part

More information

COORDINATED THREAT CONTROL

COORDINATED THREAT CONTROL APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,

More information

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000 Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business

More information

www.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach

www.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach 100% Malware-Free E-mail: A Guaranteed Approach 2 100% Malware-Free E-mail: A Guaranteed Approach Panda Security's Mail Filtering Managed Service Guarantees Clean E-mail Table of Contents Table of Contents...

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

SiteCelerate white paper

SiteCelerate white paper SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall

More information

Application Security Backgrounder

Application Security Backgrounder Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

Achieve Deeper Network Security and Application Control

Achieve Deeper Network Security and Application Control Achieve Deeper Network Security and Application Control Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have emerged to revolutionize network security as we once knew it. Yet

More information

DUBEX CUSTOMER MEETING

DUBEX CUSTOMER MEETING DUBEX CUSTOMER MEETING JOHN YUN Director, Product Marketing Feb 4, 2014 1 AGENDA WebPulse Blue Coat Cloud Service Overview Mobile Device Security 2 WEBPULSE 3 GLOBAL THREAT PROTECTION NEGATIVE DAY DEFENSE

More information

Lab Testing Summary Report

Lab Testing Summary Report Lab Testing Summary Report February 14 Report 132B Product Category: Web Security Gateway Vendor Tested: Key findings and conclusions: security appliance exhibits best rate to date, 91.3%, for classifying

More information

Norton Personal Firewall for Macintosh

Norton Personal Firewall for Macintosh Norton Personal Firewall for Macintosh Evaluation Guide Firewall Protection for Client Computers Corporate firewalls, while providing an excellent level of security, are not always enough protection for

More information

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief App-ID Application Protocol Detection / Decryption Application Protocol Decoding Application Signature Heuristics App-ID uses as many as four identification techniques to determine the exact identity of

More information

May 2010. Palo Alto Networks 232 E. Java Drive Sunnyvale, CA 94089 408-738-7700 www.paloaltonetworks.com

May 2010. Palo Alto Networks 232 E. Java Drive Sunnyvale, CA 94089 408-738-7700 www.paloaltonetworks.com Application Visibility and Control: In the Firewall vs. Next to the Firewall How Next-Generation Firewalls are Different From UTM and IPS-based Products May 2010 Palo Alto Networks 232 E. Java Drive Sunnyvale,

More information

ZSCALER WEB SECURITY CLOUD FOR SMALL BUSINESS

ZSCALER WEB SECURITY CLOUD FOR SMALL BUSINESS DATA SHEET ZSCALER WEB SECURITY CLOUD FOR SMALL BUSINESS OVERVIEW In today s competitive world, Small and Medium Businesses (SMB) are focusing their discretionary resources on growing revenue and increasing

More information

Securing Endpoints without a Security Expert

Securing Endpoints without a Security Expert How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series

More information

Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway

Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway Websense Support Webinar January 2010 web security data security email security

More information

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway TESTING & INTEGRATION GROUP SOLUTION GUIDE Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway INTRODUCTION...2 RADWARE SECUREFLOW... 3

More information

C YMPH O N IX NET W O R K C OMPO SER. Reveal. Optimize. Protect.

C YMPH O N IX NET W O R K C OMPO SER. Reveal. Optimize. Protect. C YMPH O N IX NET W O R K C OMPO SER Reveal. Optimize. Protect. Take Control of Your Internet Connection Internet content and applications have become indispensible, mission-critical tools for nearly every

More information

Application Delivery Networks: The New Imperative for IT Visibility, Acceleration and Security > White Paper

Application Delivery Networks: The New Imperative for IT Visibility, Acceleration and Security > White Paper Application Delivery Networks: The New Imperative for IT Visibility, Acceleration and Security > White Paper Application Delivery Networks: The New Imperative for IT Visibility, Acceleration and Security

More information

Direct or Transparent Proxy?

Direct or Transparent Proxy? Direct or Transparent Proxy? Choose the right configuration for your gateway. Table of Contents Direct Proxy...3 Transparent Proxy...4 Other Considerations: Managing authentication made easier.....4 SSL

More information

Introducing IBM s Advanced Threat Protection Platform

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM

More information

Protecting the Infrastructure: Symantec Web Gateway

Protecting the Infrastructure: Symantec Web Gateway Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options

More information

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS EXTENDING THREAT PROTECTION AND WHITEPAPER CLOUD-BASED SECURITY SERVICES PROTECT USERS IN ANY LOCATION ACROSS ANY NETWORK It s a phenomenon and a fact: employees are always on today. They connect to the

More information

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for White Paper What the ideal cloud-based web security service should provide A White Paper by Bloor Research Author : Fran Howarth Publish date : February 2010 The components required of an effective web

More information

Proxies. Chapter 4. Network & Security Gildas Avoine

Proxies. Chapter 4. Network & Security Gildas Avoine Proxies Chapter 4 Network & Security Gildas Avoine SUMMARY OF CHAPTER 4 Generalities Forward Proxies Reverse Proxies Open Proxies Conclusion GENERALITIES Generalities Forward Proxies Reverse Proxies Open

More information

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media Enabling Business Beyond the Corporate Network Secure solutions for mobility, cloud and social media 3 Trends Transforming Networks and Security Are you dealing with these challenges? Enterprise networks

More information

HUAWEI USG2000&5000 Series Unified Security Gateway Content Filtering White Paper

HUAWEI USG2000&5000 Series Unified Security Gateway Content Filtering White Paper Doc. code HUAWEI USG2000&5000 Series Unified Security Gateway Content Filtering White Paper Issue 1.0 Date 2014-08-21 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2012. All rights

More information

Gateway Security at Stateful Inspection/Application Proxy

Gateway Security at Stateful Inspection/Application Proxy Gateway Security at Stateful Inspection/Application Proxy Michael Lai Sales Engineer - Secure Computing Corporation MBA, MSc, BEng(Hons), CISSP, CISA, BS7799 Lead Auditor (BSI) Agenda Who is Secure Computing

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

Advantages of Managed Security Services

Advantages of Managed Security Services Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network

More information

Controlling Web 2.0 Applications in the Enterprise SOLUTION GUIDE

Controlling Web 2.0 Applications in the Enterprise SOLUTION GUIDE Controlling Web 2.0 Applications in the Enterprise SOLUTION GUIDE FORTINET Controlling Web 2.0 Applications in the Enterprise PAGE 2 Summary New technologies used in Web 2.0 applications have increased

More information

Moving Beyond Proxies

Moving Beyond Proxies Moving Beyond Proxies A Better Approach to Web Security January 2015 Executive Summary Proxy deployments today have outlived their usefulness and practicality. They have joined a long list of legacy security

More information

Uncover security risks on your enterprise network

Uncover security risks on your enterprise network Uncover security risks on your enterprise network Sign up for Check Point s on-site Security Checkup. About this presentation: The key message of this presentation is that organizations should sign up

More information

Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security

Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security White Paper Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security Introduction Organizations that want to harness the power of the web must deal with

More information

White Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses

White Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses White Paper How to Effectively Provide Safe and Productive Web Environment for Today's Businesses Table of Content The Importance of Safe and Productive Web Environment... 1 The dangers of unrestricted

More information

Chapter 4 Firewall Protection and Content Filtering

Chapter 4 Firewall Protection and Content Filtering Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to protect your network.

More information

Using a Firewall General Configuration Guide

Using a Firewall General Configuration Guide Using a Firewall General Configuration Guide Page 1 1 Contents There are no satellite-specific configuration issues that need to be addressed when installing a firewall and so this document looks instead

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information