SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Blue Coat Systems dominates network security forensics market
Tue, 22nd Mar 2016
FYI, this story is more than a year old

Frost - Sullivan has recognised Blue Coat Systems for its dominance in the global network security forensics market with the 2016 Global Frost - Sullivan Market Leadership Award.

According to the analysts, the vendor's strong incident detection and network security solutions has enabled the company to capture the highest market share of 14% in the $1 billion-plus network security forensics market in 2015.

The Blue Coat Security Analytics offering provides an integrated solution that offers packet analysis, metadata collection, comprehensive threat detection and unknown file inspection. This combination of analytics and threat intelligence, packet inspection, and network visibility provides a incident detection and network security forensics platform that has rapidly gained popularity, Frost - Sullivan says.

"Blue Coat Security Analytics includes incident detection, network performance, sandbox integration, deep packet inspection, and network security forensics integrated within the same solution," says Chris Kissel, Frost - Sullivan industry analyst.

"The integration of technologies helps incident response teams establish a 'system of record' using full traffic capture and replay capabilities to improve incident resolution and forensics. Additionally, Blue Coat's Global Intelligence Services enhance the quality and depth of the metadata its Security Analytics draws from for a network security forensics investigation,” he says.

"Blue Coat is honoured to be granted Frost - Sullivan's 2016 Global Leadership Award in the security forensics market," says Alan Hall, Blue Coat Systems director, product marketing for security analytics.

"As the traditional notion of the network perimeter has expanded, so to has the attack surface. There are now endless entry points for cyber attacks. Blue Coat's mission is to provide enterprises a way to not only block attacks before they happen, but track, respond to and mitigate any attacks that do happen. Network forensics delivered by Blue Coat Security Analytics is a key component to protecting our customers and helping them reduce risk,” says Hall.

Ultimately, Blue Coat Security Analytics focuses on finding the root cause of a security incident, either as it is happening or in a forensic investigation, the vendor days. The solution uses a combination of solutions to determine the severity of a potential threat.

Blue Coat Intelligence Services provide real-time malware detection across web, mail and file protocols, incorporating URL and file reputation by automatically querying the Blue Coat Global Intelligence Network (GIN) for updated threat information. The solution also leverages Blue Coat Malware Analysis to detonate and analyse unknown files, establish risk, and assign threat scores within seconds, as well as for bidirectional communications with other security platforms to extend and index metadata.

"Unlike competitors that often use only packet headers and metadata for visibility into potential security incidents, Blue Coat Security Analytics seeks to empower security professionals with full packet capture, indexing and analysing packets to offer maximum resolution in a forensics investigation," says Kissel.

"While most of the information that is contained in the packet headers is needed to route the packet over the Internet and to pass traffic through web servers, the byte level granularity of packet data provides a forensic chain of exactly what happened before, during and after a security incident,” he says.

Further, Blue Coat Security Analytics can be deployed as hardware appliances installed on an 'on-premises' network or be included as VMware virtual appliance, software and direct attached or storage area network (SAN) storage modules, which can scale to petabytes of storage for extended capture windows, the company says.

For remote locations, virtual sensors can be deployed. The Security Analytics Central Manager can then be used to aggregate appliances, sensors and virtual machines. With the recent acquisition of Elastica, Blue Coat now provides cloud application security and visibility that complements Security Analytics, according to Blue Coat.

The Security Analytics Central Manager is also the solution's logical engine for system-wide forensics investigations. Directed and aggregated searches originate from the Central Manager to the distributed capture appliances. Asset groups can be manually assigned, created by the Central Manager, or Active Directories can be ported to determine access groups. Role-based access control can be used to determine how user access rules are applied, the company says.