Protecting Port 80 with “Security Gateway”

Blue Coat Systems is a developer of Web security appliances which are the industry’s first dedicated port 80 security solutions. If the name Blue Coat Systems doesn’t ring a bell, I should note that this company name has been active for just four months now. Earlier, they were known as CacheFlow, Inc. and their primary business was developing proxy caching appliances. With the evolution of enterprise proxy caches, company combined their successful products with some newly developed security features and entered the realm of the Web security appliances. With the new strategy and products, CacheFlow became Blue Coat Systems.

From the business perspective, focusing on web and application security sphere is a logical step, as the IDC reported that the market opportunity for Secure Content Management solutions will grow to $4.8 billion by 2006.

One of the first companies we arranged to talk with, at the RSA Conference 2002 in Paris, was Blue Coat Systems. We have met with Xavier Duflos, Blue Coat’s consultant for Southern Europe. The topics we discussed were mainly concentrated on the company’s products and the state of application security. The company’s SG family of security appliances include the award-winning SG800 and the SG6000 Series. Unlike the operating environments of less sophisticated security appliances, Blue Coat’s SGOS is a purpose built, hardened operating system for safeguarding and accelerating access to Web content. Caching devices are totally content oriented, so security of the content must be done from the cache.

The company’s web site lists two more products – Blue Coat Server Accelerator 700 and 7000. “Server Accelerator appliances are used for accelerating web servers, but we will end this line very soon because we have developed necessary cards that will be included in the Security Gateway product line. We will continue to sell and support Server Accelerator products approximately until the middle of 2003” – Mr. Duflos noted.

Blue Coat Systems Security Gateway appliances are made for organizations to accelerate the content coming from and going to the Internet and to make the Internet access as secure as possible. As the company doesn’t develop anti virus solutions, strategic alliances with Symantec and Trend Micro were made in order to strenghten the security process by virus scanning the content. Virus scanning on a cache basis comes quite handy, because there is every growing list of malware propagating via Internet by embedding itself into e-mails, streaming and web pages.

Security Gateway 800 Security Gateway 6000

These appliances are based on a custom operating environment, SGOS, that incorporates Blue Coat’s Policy Processing Engine – a patent-pending framework for applying security, access, filtering and performance policies for any Web transaction.

“Content filtering is done with our scripting language, Content Policy Language (CPL), or with Visual Policy Manager, which is the graphical interface of the language. Security rules created with this tool are based only on content as the product is an application firewall, not the regular firewall. CPL can be used for creating rules depending on protocols and even methods, for example filtering the HTTP post or FTP put“. – Mr. Duflos said and added “I think firewalls are doing a great job securing the networks, but they are not doing a great job to secure the applications”.

Screenshot of Visual Policy Manager interface

While talking about port 80 security, Mr. Duflos said: “The time of the network based attacks passed us, because the firewalls are doing a great job. Majority of new security risks are on an application level. Our products take the very open port 80, close it a bit and actively scan it.”

In October the SG800 Web Security Appliance, has topped Tolly Group (independent testing and strategic consulting organization) feature comparison among products from Cisco, Inktomi, Microsoft, Network Appliance and Sun. The appliance also received the highest marks in a more in-depth head to head Web performance evaluation that included products from Cisco, Network Appliance and Inktomi. One month earlier, in mid September, the same appliance has received the World-Class Award from Network World magazine, where it has been recognized for its ability to rapidly and intelligently inspect Web-based traffic that is usually passed through firewalls undetected.