Antispyware: Blue Coat Systems' Spyware Interceptor SI-1

Blue Coat Systems' Spyware Interceptor SI-1

This article can also be found in the Premium Editorial Download: Information Security magazine: Security 7 Award winners unmasked:

Spyware Interceptor SI-1
Blue Coat Systems
Price: $2,295 for hardware and starts at $695 annually for 100-user subscription

@exb

Blue Coat Systems' Spyware Interceptor SI-1
@exe Blue Coat's Spyware Interceptor SI-1 is one of the first products to approach spyware from a network-based perspective, protecting devices behind the gateway--a particularly appealing solution for organizations with unmanaged systems, such as educational institutions, and open access points.

Spyware Interceptor takes a different approach to detecting spyware than most products. Rather than performing signature detection on packet payloads, it monitors URLs against its list of known spyware sites--a technique that allows the appliance to detect polymorphic spyware that attempts to avoid signature detection by altering its code.

Recent studies by Microsoft lend credence to this approach, demonstrating that a large proportion of spyware can be traced back to a small number of originating sites. (The list is updated to the appliance daily.)

Once Spyware Interceptor identifies a site as suspicious, it blocks all downloads of executable programs. Administrators may manage exceptions to this filtering on a client and/or server basis, and may also blacklist sites that don't appear in the appliance's database. Users with unusual browsing requirements can have their systems completely exempt from screening activity.

Our testing showed this approach to be quite effective, as the appliance detected each of the spyware sites we attempted to access. The device also monitors, reports and blocks outbound traffic for spyware's attempts to "phone home."

Spyware Interceptor is extremely easy to install. It comes preconfigured to act as a bridge between the protected and external networks. The administrator simply connects the WAN and LAN ports and boots the device.

If you're willing to accept the default configuration (we didn't find it necessary to modify any settings to bring the device online), you simply provide the details of your network, an administrative user name/password and a license key, and you're up and running. Operation is completely transparent to the user and requires no configuration on the workstation.

All this being said, a gateway-based solution won't completely solve your organization's spyware problem. We recommend that Spyware Interceptor be used in conjunction with a client antispyware product to disinfect compromised systems and protect mobile users accessing the Internet while away from the corporate network.

Exec Summary
up Effective detection
up Easy installation
down Flexible policy
down Doesn't replace client tools
down Not scalable

Spyware Interceptor provides a management-friendly reporting and alerting facility. It ships with a number of predefined reports including system performance, infected machines, infected traffic, blocked downloads and system events.

However, the appliance's biggest limitation is its lack of scalability for larger enterprises. The maximum specified capacity is 1,000 supported clients. If your network is larger, you'll need to purchase multiple devices and manage them individually, without the benefit of centralized enterprise management suite.

Overall, we feel that Spyware Interceptor is a promising product for a particular subclass of networks, particularly those with a large number of unmanaged clients.

--MIKE CHAPPLE

This was first published in September 2005
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close