Blue Coat Empowers Incident Response Teams with Enhancements to Security Analytics
LAS VEGAS, July 31, 2016 –– Blue Coat Systems, Inc., a leading provider of advanced web security solutions for global enterprises and governments, today announced significant enhancements to its Security Analytics solution, including the addition of anomaly detection, an alerts dashboard and support for SCADA (Supervisory Control and Data Acquisition) environments, to provide more effective and actionable incident response.
Blue Coat Security Analytics, a network security incident response and forensics solution, allows customers to quickly detect breaches, integrate context, reconstruct incidents and extract evidence from a complete record of all network traffic. Security Analytics provides proactive incident response by continuously detecting malicious activity and enriching the retained data to pinpoint potential issues. The ability to retain and enrich more data enables effective retrospective analysis and can dramatically reduce the time it takes to discover a breach from weeks to hours.
The addition of the anomaly detection capabilities to Security Analytics allows incident response teams to identify abnormal behavior, and therefore, more quickly react to threats. Anomaly detection examines an organization’s data, activity and patterns to establish a normal baseline of activity, and then employs statistical modeling to quickly identify abnormal activity and flag events necessitating investigation. Anomaly detection helps customers detect the most sophisticated threats; even those which evade signature-based tools, helping incident response teams locate those threats before they cause significant damage. It also reduces the risk of human error and false-positives. Security teams may begin the incident response process starting from an alert of abnormal behavior detected in Security Analytics, through an integration with 3rd party SIEM or sandbox solutions, or Blue Coat’s own Malware Analysis sandbox.
As a result of this enhancement to Blue Coat Security Analytics, incident response teams will now have the ability to identify unusual counts, signatures, protocols and destinations, while also detecting suspicious movement within their network. As attackers continue to target intellectual property and customer data, anomaly detection specifically monitors for data exfiltration via the web, enabling teams to locate a threat before it causes significant damage.
Additional enhancements to Blue Coat Security Analytics include:
- Alerts Dashboard – This new dashboard helps to streamline and focus incident response teams on the most critical alerts. The dashboard also provides an intuitive timeline of alerts.
- Support for SCADA Analysis – This new capability provides complete visibility to threats targeting SCADA and Industrial Control System (ICS) environments.
- Capture Only Mode –This new feature ensures full capture on high-speed networks and boosts performance to roughly 9Gbps on a single appliance.
- Central Manager – Central Manager delivers central access to all Security Analytics sensors for directed, aggregate searches and management, now supporting over 200 deployed sensors, expanding scalability and managing larger deployments. This enhancement supports larger scale deployments and builds upon Blue Coat’s partnership with NetApp to provide high-density storage solutions that enable extended network forensic analysis.
- Dynamic Filtering – With this feature, incident response teams may choose to eliminate traffic they don’t see as a threat and prioritize available capture storage, optimizing their limited storage investment.
“Advanced targeted attacks, customized malware, and zero-day attacks are infiltrating networks at an unprecedented rate,” said Mike Fey, Blue Coat president and COO. “Traditional security solutions are simply not keeping pace, and in order to uncover the full source and scope of an attack, incident response teams require full network security visibility. With today’s announcement, we are expanding the tool kit available to incident response teams to easily understand an attacker's methods and activities, so they can swiftly resolve incidents and mitigate further risk.”
“Defending enterprise networks against intrusion requires sophisticated technology. Cyber security professionals need relevant, complete and actionable information – before the alert sounds,” said Christopher Kissel, senior industry analyst, Information & Network Security at Frost & Sullivan. “With its Security Analytics Platform, Blue Coat offers a combination of technologies that maximizes network visibility and increases the success of incident detection while also formulating the correct response. The new enhancements and capabilities demonstrate why Blue Coat Security Analytics solution maintains its market position.”
For more information about Blue Coat Security Analytics and Incident Response, please visit: www.bluecoat.com/ir.
About Blue Coat Systems
Blue Coat Systems, Inc. is a leading provider of advanced web security solutions for global enterprises and governments, protecting 15,000 organizations including over 70 percent of the global Fortune 500. Through the Blue Coat Security Platform, Blue Coat unites network, security and cloud, protecting enterprises and their users from cyber threats – whether they are on the network, on the web, in the cloud or mobile. Blue Coat was acquired by Bain Capital in March 2015. On June 12, 2016, Symantec and Blue Coat, Inc. announced that they have entered into a definitive agreement under which Symantec will acquire Blue Coat for approximately $4.65 billion in cash. The transaction has been approved by the Boards of Directors of both companies and is expected to close in the third calendar quarter of 2016. For additional information, please visit www.bluecoat.com or connect with us on Facebook, Twitter, and LinkedIn.
# # #