Feature

Antispyware: Blue Coat Systems' Spyware Interceptor SI-1

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners unmasked."

Download it now to read this article plus other related content.

Spyware Interceptor SI-1
Blue Coat Systems
Price: $2,295 for hardware and starts at $695 annually for 100-user subscription

@exb

    Requires Free Membership to View

Blue Coat Systems' Spyware Interceptor SI-1
@exe Blue Coat's Spyware Interceptor SI-1 is one of the first products to approach spyware from a network-based perspective, protecting devices behind the gateway--a particularly appealing solution for organizations with unmanaged systems, such as educational institutions, and open access points.

Spyware Interceptor takes a different approach to detecting spyware than most products. Rather than performing signature detection on packet payloads, it monitors URLs against its list of known spyware sites--a technique that allows the appliance to detect polymorphic spyware that attempts to avoid signature detection by altering its code.

Recent studies by Microsoft lend credence to this approach, demonstrating that a large proportion of spyware can be traced back to a small number of originating sites. (The list is updated to the appliance daily.)

Once Spyware Interceptor identifies a site as suspicious, it blocks all downloads of executable programs. Administrators may manage exceptions to this filtering on a client and/or server basis, and may also blacklist sites that don't appear in the appliance's database. Users with unusual browsing requirements can have their systems completely exempt from screening activity.

Our testing showed this approach to be quite effective, as the appliance detected each of the spyware sites we attempted to access. The device also monitors, reports and blocks outbound traffic for spyware's attempts to "phone home."

Spyware Interceptor is extremely easy to install. It comes preconfigured to act as a bridge between the protected and external networks. The administrator simply connects the WAN and LAN ports and boots the device.

If you're willing to accept the default configuration (we didn't find it necessary to modify any settings to bring the device online), you simply provide the details of your network, an administrative user name/password and a license key, and you're up and running. Operation is completely transparent to the user and requires no configuration on the workstation.

All this being said, a gateway-based solution won't completely solve your organization's spyware problem. We recommend that Spyware Interceptor be used in conjunction with a client antispyware product to disinfect compromised systems and protect mobile users accessing the Internet while away from the corporate network.

Exec Summary
Effective detection
Easy installation
Flexible policy
Doesn't replace client tools
Not scalable

Spyware Interceptor provides a management-friendly reporting and alerting facility. It ships with a number of predefined reports including system performance, infected machines, infected traffic, blocked downloads and system events.

However, the appliance's biggest limitation is its lack of scalability for larger enterprises. The maximum specified capacity is 1,000 supported clients. If your network is larger, you'll need to purchase multiple devices and manage them individually, without the benefit of centralized enterprise management suite.

Overall, we feel that Spyware Interceptor is a promising product for a particular subclass of networks, particularly those with a large number of unmanaged clients.

--MIKE CHAPPLE

This was first published in September 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: