Web Security-as-a-Service

Download Report

Transcript Web Security-as-a-Service 

Command of the Cloud
Sam McLane
Winter 2011
Blue Coat Systems Confidential – Internal Use Only
Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered
in certain jurisdictions. All other product or service names are the property of their respective owners.
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
The Enterprise Network is Changing
PC
infections
growing,
despite
firewalls,
AV, & web
filtering
2
The Web
and related
apps are
missioncritical to
business
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
More
employees
working
outside the
enterprise
WAN
perimeter
Blue Coat Systems Confidential – Internal Use Only
IT
managers
asked to
better align
IT budget
with the
“Business”
Firewalls Cannot Protect from Malware
Allow: TCP80
Bad
Good
Internet
TCP80
3
TCP80
TCP80
TCP80
•
Firewalls can’t detect application layer attacks
•
Malware looks like good HTTP/SSL Traffic
•
80% of Enterprise apps over port 80/443
•
Over 22,000 new web threats per day
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Malware: Loves Social Networking
Malware
Peak
number
of active
bots
Zeus
1,070,000
Koobface B Koobface D
Monkif A
Clickbot
812,000
599,000
506,000
375,000
How it
spreads
Social Network
Search Results
Facebook
Twitter
Social Network
Search Results
Social Network
Search Results
USA TODAY Research - March 2010
24% of enterprises report that they have been
compromised through social networking sites.
4
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Web threats are increasingly sophisticated.
Cybercrime is targeting social media.
You need to protect all users, all locations.
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
One Answer: Web Security-as-a-Service
 Easy to manage
• Quick to adapt
• More reliable
• Web traffic is cleaned before even
entering the network
 Cost-effective
• Pay-as-you-go
• Opex vs. Capex
• Shared infrastructure reduces cost
• Allows IT resources to focus on strategic initiatives
6
Organizations of all sizes are embracing
web security as a service.
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
ThreatPulse™ Web Security Service
 Enterprise-class protection
• Real-time content inspection,
malware protection
• Consistent protection and control
of all users, all the time
• Best-in-class Web 2.0 app controls
 Flexible deployment options
• Integrates with existing infrastructure
• Single policy and reporting framework
• Provides virtually unlimited scalability
 High-performance, secure architecture
• Built on proven technology, optimized for the cloud
7
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Best Web Threat Protection
Prevent known, suspect, and potential malware requests
Block malicious EXE’s and “drive-by” installers
Block malware from "phoning home” and identify
infected PCs
Enforce acceptable Web use policies
Customize Allow and Block lists for overrides
Protect users with real-time threat updates
Scan for malware and viruses in real-time
Extend seamless protection and policy to remote users
8
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Target Customer
9
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Our Target Customer
 Real Security Concerns, Minimal IT Resources
• Simple policy requirements, nothing fancy
• “Jack of all trade” network admins
 Large Enterprise, Basic Policy
• Simple policy requirements
• Low IT investment
• Distributed workforce: Branch or Mobile
 Small-to-medium Businesses / Enterprises
• Websense software on ISA/Span port/Firewall
• IT outsourced or VAR supplemented
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Not Our Target Customer (today)
 Real Security Concerns, Strong IT Resources
• These are the Proxy SG bread and butter
• If they have compliance and or HR officers reviewing
security solutions
 Large Enterprise, Complex Policy
• Strong Policy requirements (they know CPL better than
you)
• Strong Auth requirements (SSO will not cut it)
• Large number of med to large sites
 SOHO
• <500 user total
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Cloud vs On Premise Gear
 On Premise
• High Density locations
• Light Feature usage (margins don't make sense)
• Deep Technical requirements
• Caching and Video Splitting (hybrid is an option)
 Cloud
• Highly dispersed users
• Mobile Users
• Moderate security requirements
• Central Mgmt and Reporting
12
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Solution Deep Dive
13
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Built on Proven WebPulse Architecture
Enhanced for the Cloud
 Dynamic classification and
malware detection
• 18 languages supported for dynamic
rating
Testing suspicious code
Scanners and Heuristics
Human
Raters
 Two in-path AV engines, 8+
engines in the background
 Dedicated malware and
categorization teams
Sandboxes
Hunters &
Seekers
DRTR
AV Engines
Dynamic Real Time Rating
analyzes requested content
 Diverse community of 70+
million users for continuous
feedback
Multiple AV engines identify
malware locations
 Classification of authenticated
personalized content
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Granular Web 2.0 Application Controls
 Safe Search
• Major Engines supported
• Media Search engines as well
• Keyword Searches
 Web Mail
• Major services (Yahoo, MSN, AOL…)
• Send/receive mail
• Send/receive attachments
 Social Media Controls
• Facebook, MySpace, Twitter, Flickr, YouTube, LinkedIn
• IM/Apps/Postings/Media transfer controls
• Keyword blocking
15
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Intuitive Policy Management & Reporting
 Single web interface for
policy and reporting
 Create and enforce web
policies instantly
 Effectively control social
media apps
 Identify infected systems
 Report on blocked threats
 Report on all web traffic
usage
16
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
High-Performance, Secure Architecture
 Proven technology at its core
• 97 of the Fortune 100 rely on Blue Coat for critical network
infrastructure security
 Optimized for the cloud
• Purpose-built hardware and software
• Multi-tenancy in all components
 Globally deployed
• Over 70 MM users access
the service infrastructure
• 6+ years in operation without
a single major outage
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Deployments
18
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Easy and Flexible to Deploy
IPSec VPN
• Firewall traffic is forwarded to
service transparently
• Authentication agent on AD
domain manager
Firewall
Internet
Proxy Chaining
• Forward from existing ProxySG,
Squid or ISA
• Authentication based on proxy
ProxySG (or
Squid /ISA)
Client Connector
• Lightweight desktop agent
forwards to service transparently
• Authentication based on system
credentials
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Remote / Roaming User Protection
 Lightweight desktop agent
 Seamless web threat protection and control for remote users
 No end user intervention required
 Virtually impossible to circumvent
 Automatically goes “dormant” when protected behind a gateway
 Lowers cost – eliminates need for additional appliance at small
offices (<5 users)
Remote User
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
An SME Deployment
SME Office
Internet
Remote User
Remote User
Remote User
21
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
An Enterprise Hybrid Deployment
WebFilter
ProxySG
ProxyAV
Headquarters
Data Center
Small Branch Office
Small Branch Office
Internet
ProxySG
Branch Office
Remote User
Remote User
22
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Authentication: IPSec
10.1.2.3 ->
72.32.1.23
20.13.15.1530.13.14.15
[[10.1.2.3 -> 72.32.1.23]]
IPSec
GW=20.13.14.15
IP=30.13.14.15
AuthConnector
Active
Directory
10.1.2.3 = CFCAL/michael.feierta
g
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Who’s logged in
from 10.1.2.3?
Blue Coat Systems Confidential – Internal Use Only
Authentication: ClientConnector
ClientConnector installed
with cryptographic
customerID
SSL connection to port
client.bluecoatcloud.net:
443
ClientConnector validates
client.bluecoatcloud.net
certificate
SSL
Tunnel
Cloud then queries
for “Groups of
Interest” based on
customer policy
AuthMessage sent with
customerID and userID
ClientConnector reads
user name from Windows
Cached Credentials APIs
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Authentication: ProxySG Chaining
ProxySG is indentified by
Cloud via External IP
ProxySG Fwds via HTTP or
Socks to
proxy.bluecoatcloud.net:8080
Policy added to send:
BC_Auth_User: sam.mcl
BC_Auth_Groups: Eng, Ops, Sales
ProxySG
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
MetaDataManager
gets updated with
auth info
HTTP/Socks
Tunnel
Polices Changes for GOI
requires manual policy
update today
Headers either encrypted
or obfuscated
Blue Coat Systems Confidential – Internal Use Only
Architecture and Roadmap
26
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Solution Architecture
Control
Path
Customer
Portal
Partner
Portal
Sales
Portal
Admin
Entitlement
Svcs
Service
Delivery
Controller
Remote
User
Billing and
entitlement
Management Infrastructure
Big
System
Config
Central
Config
Systems
MGT
Internet
Reporting
Data Path (POD)
Firewall
Concentrator
Firewall
SNAT
Routing
Server
Web Proxy
Data POD
Manager
Small:
Approx 5 Devices
12RU
Load
Balancer
PBR
DMZ
ProxySG
Scanning
Engine
Scanning
Engine
Service
Delivery
Controller
ISA Proxy
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Service
Delivery
Controller
Scanning
Engine
Roadmap Highlights: Mid Sized Enterprize
 Short Term
• Integrated Email Solution
• ISA plug-in
• Granular social networking and IM controls
 Long Term
• Low cost/free connector box
• Move border firewall functions to cloud
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Roadmap Highlights: Large Enterprise
 Short Term
• SSL interception
• LDAP Authentication
• Explicit proxy with auth
• Shared whitelist/blacklist/custom categories
• Log file export
• Extended archiving options
• Bandwidth management
 Long Term
• Cloud reporting for hybrid deployment
• Fully integrated policy (single pane of glass)
• Acceleration from on prem devices
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only
Questions
30
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Systems Confidential – Internal Use Only