Finding the Value in the Blue Coat Solution
Date: Jan 20, 2014
I was recently in a discussion with a CIO, and he informed me that all pitches from all the vendors he’s been talking to sound the same. Specifically he was of the belief that there was nothing unique about the Blue Coat solution, and he did not believe our claim that we were the only vendor offering our type of malware prevention and detection. He said our solution sounded like everyone else’s.
This CIO refused to take a meeting with anyone, until we put into writing how we thought we were unique and different. So working with the Blue Coat WebFilter and Webpulse team, we came up with the following. I thought it would be useful to share for those of you interested in Blue Coat technologies:
First let me start by talking about the scope of Blue Coat’s visibility into the web traffic that goes around the world, and that will help set the stage to understand Blue Coat’s unique capabilities around detecting malware, specifically what we call malnets (malware networks).
The 16 largest service providers in the world are customers of Blue Coat, as are all 25 of the 25 largest financial institutions in the world. 97 of the Fortune Global 100, 85% of the Fortune Global 500 are our customers. All these contribute to our network of over 75 million users who use our cloud based collaborative web threat defense network that we call Webpulse. We have visibility into the URLs visited by these 75 million users, and the linkages between web pages as these users click from one page to another.
Around 3 or 4 years ago one of our malware researchers was working with graphing programs, trying to diagram some of the linkages between web pages, and realized from the data, that he was mapping out networks of malware servers. These were servers dedicated to hosting malware, regardless of whether there was an active attack going on using these servers. As we observed and mapped these networks of malware we watched them evolve, grow, shrink, and get used in attacks as the underlying URLs in attacks on other websites.
We’re not saying that we will prevent you from getting all malware, but we will protect you from malware hosted by malnets. You may wonder how much that makes up of all the malware you get in a year. In our estimates, about two-thirds of all attacks we blocked in 2012 for our customers were prevented through the use of malnet detection and blocking. That may not sound like a lot, but think about it this way. You’ve prevented two-thirds of all the malware trying to get into your organization from having to be rated in real-time, virus scanned, sandboxed, or whatever else you’re doing in your network to detect web based malware.
You may be wondering how this can be unique to Blue Coat. When we first started talking about the existence of malnets a few years ago, we were the only company doing so. Many of the major analysts we presented our findings to were skeptical at first as well. But as we detailed actual attacks we had been protecting users from well before they went live, we were able to show that we are the only ones with this capability. We have this capability because of the scope of our network, and our deep understanding and focus on web traffic and web based malware. Blue Coat specializes in web security. Other companies are typically more broad-based, or if they are also web specialists, do not have the scope and reach in terms of the network they can analyze.
The Blue Coat difference is that we’re blocking new attacks from new places. Most of our blocks (not just the malnet ones) occur before we’ve ever seen the malicious content. Our team of malware researchers also takes the time to document these attacks and how Blue Coat is preventing a new attack from a new place… Read more