Share this: 

 Security Analytics Key Features


Blue Coat Security Analytics is a powerful solution to effectively arm today’s incident response teams against modern day threats. Packed with award-winning technology and features, Security Analytics provides the details that expose the full source and scope of any threat or attack targeting your information assets and significantly speeds the time to conduct complete network forensics investigations. 

Key Features
  • Alerts Dashboard (NEW)


    Blue Coat Security Anayltics Alerts DashboardTo provide a comprehensive view of your network activity and highest priority alerts at first glance, the Security Analytics web interface defaults to the Alerts Management Dashboard. This new view presents a histogram of alert activity plus new “alert cards” that pivot to filtered lists of alerts and their threat scores. From this page you can filter your alerts by IP, by indicator, or by threat level.

  • Anomaly Detection (NEW)


    Blue Coat Security Analytics Anomaly DetectionAn exciting new feature, anomaly detection performs statistical analysis on your captured data and alerts you on anomalous behavior. When you pivot from the alert to the new Anomaly Investigation view, you can see when the anomaly occurred, how often, and which other endpoints were involved.

  • SCADA (NEW)


    Blue Coat Security Analytics SCADAIndustrial Control Systems (ICS) are attractive targets for cyber attack and like the rest of the network, require complete visibility. Security Analytics supports SCADA protocol analysis and delivers the power of Blue Coat Security Analytics to industrial control environments. Security Analytics monitors Modbus and DNP3 protocols that are common in networks that control operations at nuclear facilities, water treatment plants, power plants, oil refineries, manufacturing facilities…and numerous other industries. Use of Indicators, Rules (notifications) and Anomaly Detection is possible on indexed SCADA attributes. 

  • Dynamic Filtering (NEW)


    Blue Coat Security Analytics Dynamic FilteringNot all traffic is created equal…or equally malicious. Incident response teams may choose to eliminate traffic they don’t see as a threat and prioritize available capture storage to optimize their investment. With Security Analytics, you can selectively filter and “not” capture packets based on rules settings. Eliminate streaming video or music; video conferencing and a whole lot more. This will increase your capture window to focus on what you feel is most critical.

  • Capture Only Mode (NEW)


    Blue Coat Security Analytics Capture Only ModeWhen specific use cases call for very fast raw packet capture – without the need of for extensive metadata enrichment – Security Analytics delivers. Selectively turn off data enrichment and significantly boost capture performance on a single appliance. 

  • Summary View


    Blue Coat Security Analytics Summary ViewWith Security Analytics you have the flexibility and freedom to create multiple, customized views for each use case to suit your incident-response workflow. Add and rearrange report widgets to your selected view to display summarized data in table, pie, bar, or column charts. Create new views for specialized use cases. No matter your preference, the summary view provides instant situational awareness of your network on a single page.

  • Active Reports


    Blue Coat Security Analytics Active Reports

    Identify evasive exploits and malware with Blue Coat Security Analytics reports, which provide a detailed, vivid picture of network traffic while giving users the power to respond to incidents as they unfold. Reports are a key navigation point, helping even novice users pinpoint their target data faster and with more accuracy. Reports fall into these categories: 

    • applications
    • DNS
    • email activity
    • encryption
    • files
    • geolocation
    • network packets
    • social personas
    • threat intelligence
    • web activity
  • Application Classification


    Blue Coat Security Analytics Application ClassificationIdentify network activity by peering deep inside packet data to find the telltale signs of malicious intent. Blue Coat Security Analytics classifies more applications crossing your network than any other network forensics solution. More than 2,500 applications and thousands of attributes are recognized and indexed for easy search and recovery. Not only can you identify specific applications in network traffic, you can search metadata attributes such as To, From, Subject Line, Protocol, Tunnel Initiator, Presented MIME Type, Detected (magic number ) File Type, and more within network flows.

  • Reputation Services / Data Enrichment


    Blue Coat Security Analytics Reputation Services / Data Enrichment

    Security Analytics delivers on demand reputation checks from multiple trusted threat intelligence providers including:

    • Blue Coat ThreatExplorer
    • Domain Age
    • RobText
    • Team Cyrmu
    • YARA
    • WHOIS
    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment

     

  • Blue Coat Intelligence Services


    Blue Coat Security Analytics Intelligence ServicesAll traffic that is captured on a Blue Coat Security Analytics appliance is analyzed for any known malicious web, mail and file-based threats. Security Analytics uses Intelligence Services for Security Analytics to harness the Blue Coat Global Intelligence Network, threat intelligence from 15,000 customers reporting on billions of web and URL threats.

  • Extractions of Artifacts


    Blue Coat Security Analytics Extractions of ArtifactsThe most powerful contributor to Situational Awareness is Security Analytics’s ability to reconstruct network traffic exactly as it passed over the wire. Produce evidence that makes sense. With every packet that is captured and classified, quick discovery, reconstruction and delivery of files in their original format is easy and intuitive. See the web page as the user saw it. View IM and email conversations. Reconstruct PDFs, Word docs, PPTs, Excel spreadsheets and more in their original format. Perform surveillance on a host or an individual and deliver real, recognizable evidence – not just a collection of packets.

    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
  • Seamless Integrations


    Blue Coat Security Analytics Seamless IntegrationsBlue Coat Security Analytics integrates with best-of-breed network security technologies to give them the ability to pivot directly from an alert or log and obtain complete packet-level detail and artifacts of the event before, during and after the alert. The open, web services REST API lets you leverage technologies like HP ArcSight, Splunk, IBM Qradar, Guidance, Countertack and more. Streamline your incident response workflow and get a complete source and scope of an attack. Check out our alliance partner integrations.

    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
    Blue Coat Security Analytics Reputation Services / Data Enrichment
  • Sandbox Brokering


    Blue Coat Security Analytics Sandbox BrokeringAll traffic that is captured on a Blue Coat Security Analytics appliance is analyzed for any known malicious web, mail and file-based threats. Security Analytics uses Intelligence Services for Security Analytics to harness the Blue Coat Global Intelligence Network, threat intelligence from 15,000 customers reporting on billions of web and URL threats.

 

BACK TO TOP

 

 

BACK TO TOP