Blue Coat wants to empower Enterprises to bridge the gap between Threat Detection and Incident Containment. The solution Blue Coat offers is Content Analysis System with Malware Analysis automates threat protection at the gateway to fortify network against unknown malware.
The Content Analysis System blocks known threats and detects and analyzes zero-day and advanced malware, sharing new threat intelligence to continually fortify the network. This solution is your “CCTV” in your network as security operations team and the advanced security team is focused on incident containment and resolution.
“To protect their networks from advanced targeted attacks and zero-day malware, businesses need a systematic approach that aligns security teams on the right strategy, process and action to block the threats they can, detect the ones they can’t and respond to the ones that are already on the network,” said Matthias Yeo, Chief Technology Officer – Asia Pacific, Blue Coat Systems. “Our Content Analysis System is a key technology for organizations that want to build an automated defense into their networks that continually fortifies the network by operationalizing new threat intelligence. This allows our customers to protect and empower their business.”
Today, enterprises are forced to use ad hoc malware analysis or sandboxing solutions that operate in a silo and cannot share the threat intelligence required to bridge the gap between blocking known threats and detecting and analyzing unknown threats or advanced malware. This gap is made worse because existing technologies fail to help security operations teams maneuver through the stages of the advanced threat lifecycle.
The Blue Coat Content Analysis System addresses this gap by combining whitelisting and malware scanning for known threats with dynamic malware analysis of unknown threats at the gateway. The new system also helps align security operations teams by sharing new threat intelligence locally across the security environment and worldwide through the Blue Coat Global Intelligence Network of 15,000 customers and 75 million users.
The Content Analysis System supports up to two leading anti-virus signature databases and provides application whitelisting and dynamic malware analysis. Together, these technologies deliver the following benefits for businesses:
Best-of-Breed Sandboxing: Powered by Norman Shark, a Blue Coat Business Assurance Technology partner, the Blue Coat malware analysis technology – available as an appliance today and via the cloud in the future – combines customizable virtual environments with sandbox emulation for the most comprehensive detection of unknown or advanced malware, including malware that employs evasive detection techniques.
Malware Analysis Orchestration: The Blue Coat Content Analysis System acts as a broker for multiple sandboxing or malware analysis instances, simultaneously sending unknown or suspicious files to both the Blue Coat sandbox as well as third-party sandboxes. By seamlessly integrating into existing security infrastructures, the Content Analysis System allows enterprises to optimize their existing investments in sandbox technologies while building out an advanced malware defense in-depth. The system also future proofs customers’ infrastructure via a scalable interface that can incorporate other advanced malware analysis technology via the broker capability.
Threat Intelligence Feedback Loop: New intelligence from the analysis of advanced or unknown malware is shared with Blue Coat ProxySG appliances to automate blocking of newly identified threats at the gateway for a more scalable defense. New intelligence is also shared with the Security Analytics Platform from Solera, a Blue Coat company, which delivers advanced threat profiling and remediation of the full scope of the attack. The network effect of the Blue Coat Global Intelligence Network further automates protection by sharing threat intelligence from 15,000 customers worldwide.
Availability
The Blue Coat Content Analysis System is already with application whitelisting and support for anti-malware signature databases from leading anti-virus vendors. The malware analysis technology will be available as an appliance at the same time and via the cloud in the future.
