BLUECOAT PRODUCTS PROXY SG
網頁安全閘道
–正向代理
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
2
Frost and Sullivan Security – No.1 in
Asia Pacific/Japan!!
Bluecoat
Websense
Future Growth Strategy
Sangfor
Symante
c
Cisco
TrendMicro
Netentsec
McAfee
Blue Coat
#1 in Market
Share in Asia
Pacific Japan
Digital Arts
Alps System
Current Market Share
Copyright © Frost & Sullivan.
All rights reserved.
3
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
3
GARTNER SECURITY – 2014
REPORT – BLUE COAT – NO 1
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
4
BLUECOAT 安全解決方案
WEB PULSE 雲端演算
WEB ANTI-VIRUS 網頁防毒
SSL PROXY 加密流量稽核管控
MALWARE ANALYSIS惡意軟件分析
5
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
5
SWG 的安全連線管控– 往外
 對外連線管控:
• 網址過濾及即時網頁分類 (Real-time Rating Service)
– 支援多種網頁資料庫, 本地資料庫客製化及同時支援3種資料庫同時運作模式
•
•
•
•
•
– BCWF 提供單一網址多重分類
透過ICAP/ICAPS結合資料外洩防護(DLP)服務
可針對使用者/群組進行認證及授權
可根據使用者/群組, 位置, 服務, 時間, 內容型態等, 進行政策管控
協定存取指令管控 (ex. HTTP_POST, PUT…)
憑證資訊確認(Certificate Validation)管控 (ex. SSL)
Internet
URL
Filtering
DLP
Checks
AAA
Policy
Method Controls
Cert. Validation
ProxySG
6
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
6
SWG 的安全連線管控–往內
 對內連線管控:
• 透過特徵碼比對, 分析網頁物件所可能潛在的惡意程式
– Kaspersky, Sophos, McAfee, Panda
•
•
•
•
協定識別支援 (Protocol over HTTP Detection)
網頁內容過濾 (attachments, executables, file types, etc.)
資料種類及內容型態比對 (Apparent Data Type & Container Mismatch Detection)
Active 控制元件確認檢查 (ex: ActiveX, VB, Java scropt..etc)
Malware
Detection
Protocol
Content
Compliance Filters
Data
Types
Active
Content
Internet
URL
Filtering
DLP
Checks
AAA
Policy
Method Controls
Cert. Validation
ProxySG
7
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
7
SWG 的管理及效能–全部
• 支援預設或是客製化的報表紀錄
• 物件快取(Object Caching) 可大幅提升存取效能
– Object Pipelining & Adaptive Refresh patented technologies
• 頻寬管理(ex. Streaming media)
• 協定最佳化 (Protocol Optimization)
Object
Cache
Bandwidth
Management
Protocol
Optimization
Log Files
Reporter
Malware
Detection
Protocol
Content
Compliance Filters
Data
Types
Active
Content
Internet
URL
Filtering
DLP
Checks
AAA
Policy
Method Controls
Cert. Validation
ProxySG
8
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
8
Web應用/操作的控制
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
9
粒狀的WEB應用控制
• Safe Search
– Major Engines supported
– Media Search engines as well
– Keyword Searches
• Social Networks
– Regulate Operations
– Restrict abuse
Upload Video
• Multi-media
Upload Photo
– Publishing
– Sharing
Post Message
• Web Mail
Send Email
Download Attachment
Upload Attachment
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
10
WEB應用的控制
• VPM support for web application controls
– Category, application and operation level controls provided
• Infrastructure in place for auto-updating
– Dynamic updates of new applications delivered via WebPulse
– Requires BCWF license to operate
• Application usage reports included UI
– Addition reports also available via reporter
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
11
WEB應用的控制
•
Available in WEB Access
Layer of VPM
•
Destination objects
created to use in policy
for
–
–
–
Request URL Category
Request URL Application
Request URL Operation
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
12
WEB應用的控制
•
Edit An Application Object
–
–
All applications listed
Select All or individual apps
•
Find applications that
support an operation
•
Find applications by name
•
Selected Applications
shown
•
Give the object a name to
more easily identify it
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
13
WEB應用的控制
•
Edit operation object
–
–
All operations listed
Select all or individual ops
•
Find operations by
application name
•
Select operations shown
•
Name to more easily
identify it in policy
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
14
WEB應用的控制
•
Control App and Op
–
–
–
Create new destination object
Select Combined Destination
Object
Specify the app “and” op
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
15
BCWF
為何需單一網址
多重分類
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
16
PLAYBOY ON FACEBOOK
http://www.facebook.com/playboy/
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
17
BABE-OF-THE-DAY
http://apps.facebook.com/babe-oftheday/
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
18
今日網站型態是複雜的BLUECOAT亦提供單一網址多重分類
NGFW / UTM
URL Rating
Blue Coat
Next Gen Filtering
Reuters Video
ESPN Video
Video
Video
Video & Finance
Video & Sports
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
19
WebPulse
提供負日防禦機制
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
20
WHERE DOES MALWARE COME FROM?
Everywhere!
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
21
FIVE LARGEST MALNETS ON THE INTERNET
 Infrastructure Scales to Support Varying Number of Attacks
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
22
GEOGRAPHIC DISTRIBUTION OF
SHNAKULE
CENTRAL ASIA
WESTERN EUROPE
AMERICAS
1%
0%
98%
-54%
+4%
42%
6%
-22%
+3%
5%
0%
-4%
-1%
+1%
37%
90%
+32%
-2%
37%
33%
+17%
+6%
3%
-57%
1%
-5%
40%
67%
+37%
+58%
PORN
17%
1%
-1%
-2%
18%
0%
+1%
-9%
0%
3%
-2%
+3%
2%
+2%
SEP / RELAY
COMMAND & CONTROL
EASTERN EUROPE &
MIDDLE EAST
EAST/SE ASIA
SCAMS
MALEWARE SERVERS
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
23
THE NEGATIVE DAY DEFENSE
負日防禦
Negative Day
Defense Identifies
and Blocks New
Components
Negative Day Defense Continues to Block Malnet Infrastructure
AV Engines Begin Detection
UTM
Policy
applied
Active Threat
Phase
-30 Days
0 Day +1 Days
+30 Days
Infrastructure
Phase
New Subnet,
IP Address
and Host
Name
Exploit
Server
Attack
Begins
Dynamic
Payload
Changes
Domain
Attack
Ends
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
24
BLOCKING A ZERO-DAY JAVA
EXPLOIT
New exploit
site named
ok.aa24.net
becomes
active
2012
New C&C
site comes
online
ok.aa24.net actively
distributes malicious
executable that uses
zero-day Java exploit
Infected
systems begin
communicating
with command and
control domain
Jan
April
Aug 26
Aug 26
-225 Days
-120 Days
0 Day
0 Day
WebPulse rates
IP address as
suspicious and
begins blocking
WebPulse
automatically
blocks all
requests to site
WebPulse
automatically
blocks all
requests to
domain
WebPulse
rates as malware
source & begins
blocking
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
25
WEBPULSE
Globally Diverse Awareness
75 Million Users Make 1 Billion
Real-time Requests
Real-time Intelligence
55 Languages Analyzed with
3D Malware Analysis
In-Depth Ratings
Multi-dimensional Ratings for
84 Content Categories
Blue Coat Blocks 3.3 Million Malware,
Phishing & Call-home Threats per Day
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
26
CAS
為何需要線上掃毒
27
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
27
BLUECOAT CAS 的方案優勢
 整合多家的掃毒引擎, 提供客戶選擇的多樣性
 可選擇一個掃毒引擎+Whitelist或兩個掃毒引擎+Whitelist
 更換掃毒引擎無須更換硬體
 可平行擴充,投資效益可獲得保障 (ROI)
 掃瞄一次,服務多次,增加效能
 專精於網頁內容掃描
CAS
(80%的惡意程式感染來自於Web)
CAS
DLP
ICAP, ICAP+, S-ICAP
Internet
Enterprise
Network
ProxySG
28
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
28
整合 – CAS 和 ProxySG
 新病毒於1:00 am 產生並開使傳播
CAS
CAS
ICAP (HTTP & FTP)
Internal
Network
Internet
ProxySG
Firewall
29
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
29
整合 – CAS 和 ProxySG
 使用者於2:00 am下載受感染的物件
 感染病毒的物件存在快取伺服器中
CAS
CAS
ICAP (HTTP & FTP)
Internal
Network
Internet
ProxySG
Firewall
30
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
30
整合 – CAS 和 ProxySG
 AV病毒碼於3:00 am更新
 CAS通知ProxySG有新病毒碼更新,將使用者由快取伺服
器中要下載的物件重新掃毒,並消滅ProxySG中受感染病
毒的物件
CAS
CAS
ICAP (HTTP & FTP)
Internal
Network
Internet
ProxySG
Firewall
31
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
31
彈性擴充佈署
CAS
CAS
CAS
ICAP (HTTP & FTP)
ProxySG
ProxySG
Internet
Firewall
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
32
實際使用案例
 A Financial Enterprise Deployment
 20B web requests/month
Blue Coat
WebPulse™
Firewall
556,000
Threats
Removed
9,000
Threats
1.6%
Removed
547,000
Threats
98.4%
Blue Coat Web Security
556,000
Threats
Clean
9,000
Blue Coat
ProxySG
Threats
Blue Coat
CAS
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
33
DEPLOYMENT SCENARIO:
GATEWAY ADVANCED THREAT
PROTECTION
Proxy SG
ICAP / S-ICAP
Malware Analysis Appliance
Content Analysis System
HTTPS API For Flexible/Scalable Deployment
Threat Data To
WebPulse:
- File HASH
- URL
- Time Stamp
- File Name
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
34
BlueCoat Reporter
協助管理者分析及瞭解
網路上使用者看的見及看不見的行為
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
35
彈性而多樣的報表儀表板
36
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
36
彈性而多樣的報表儀表板
37
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
37
HTTPS PROXY
為何需要HTTPS PROXY
HTTP的問題HTTPS就沒有嗎
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
38
SSL 應用的好處
Corporate
Network
ASP
加密的 SSL 通道透過 443 埠
Internet
External
Apps
Internal
Users
用戶端與伺服器在公共網際網路上建立一個私有、加密、「依需求」建立的連線
39
39
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
39
SSL 壞的一面可能是… 開了另一個後門
應用服務供應商
企業網路
%3s*<5y
2@/^X!Z:b
D&7w$=h9o
W{}77%21
4g*%2@s
j5+d#o6
網際網路
外部應用程式
內部使用者
IT 人員完全「看不到」進出企業網路的流量是什麼
40
40
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
40
SSL IT 人員需要管理的可見度
Corporate
Network
ASP
Spyware
Intellectual Property
Worms
Phishing Viruses
Rogue Apps Business Apps
Internet
External
Apps
Internal
Users
除了合法的應用程式， SSL 也可能夾帶惡意軟體、竊取機密資訊、
未經檢查的流量及非SSL流量提供私密連結
41
41
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
41
BLUE COAT：可見度及背景狀況
用戶端 – 代理器連線
伺服器 – 代理器連線
代理器
用戶端
我支援的運算法。
連線請求。
伺服器
我支援的運算法。
連線請求。
查證憑證並取出 (代
理器的) 公開金鑰。
就使用這個運算法。
模擬的憑證。
查證憑證並取出伺
服器的公開金鑰。
完成驗證
完成驗證
完成驗證
已建立的通道
42
42
使用這個運算法。
伺服器的數位憑證。
完成驗證
已建立的通道
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
42
THANKS
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
43