BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Information security is more than just block and tackle operations to stop malicious activity. As attacks become more sophisticated, it is important to have security analytics tools that can collect information about activities on an organization's network, servers and other devices. The Blue Coat Security Analytics Platform is designed to capture comprehensive network information and apply targeted security analytics and analysis on that traffic. Blue Coat describes it as a security camera for your network. The apt analogy highlights the fact that if malicious traffic traverses an organization's network, it will be recorded.
The Blue Coat Analytics Platform functions with the assumption that all network data is potentially valuable. IT collects data from the data link layer -- Layer 2 in the OSI network model -- which addresses data movement over a physical network, up to the application layer -- Layer 7. This comprehensive approach to data collection means that regardless of the layer used in malicious activity, traces of that activity will be captured. The Blue Coat Security Analytics Platform also offers visibility into SSL encrypted traffic.
The product classifies and stores data to enables both real-time analysis and after-the-fact forensics -- the analytics platform integrates with Blue Coat's Incident Response and Forensics product. The platform also used deep packet inspection to perform application classification services for more than 2,500 recognized applications, which allows admins to search for and identify programs based on various types of metadata.
Some of the newer features added to the Blue Coat Security Analytics Platform include anomaly detection, which conducts a statistical analysis on data related to anomalous and potentially threatening behavior; dynamic filtering, which allows admins to separate and prioritize different types of network traffic that are deemed less likely to carry threats, such as video conferencing streams; and SCADA support for industrial control systems.
Dashboard and alerts
Collecting too much data can be as bad as not collecting enough if an organization cannot find the information it needs when it needs it. The Blue Coat Security Analtyics Platform includes a dashboard for displaying current activity and status information. It's also used for some configuration management operations. The dashboard is useful for getting a quick, high-level overview of the status of the analytics platform.
The system also generates alerts that can be delivered to system administrators using multiple delivery methods, including SNMP, syslog or SMTP. In addition to the main product dashboard, Blue Coat recently added a new alerts dashboard; the platform's web interface defaults the Alerts Management Dashboard and offers administrators contextual history of alerts along with their respective threat scores.
The Blue Coat Security Analytics Platform may be deployed as a software application, a virtual appliance or preconfigured appliance. Customers can select necessary storage according to their needs. Since all network traffic is captured, it is important to have a data retention policy in place. Some organizations may want to preserve virtually all data for extended periods of time, but that is not a viable option for everyone.
Organizations can contact Blue Coat for more information on enterprise licensing and support plans. Enterprises looking for dedicated support services should review information on Blue Coat's Proactive Services, which provides a single point of contact for support needs.
Network traffic carries the traces of virtually all malicious activity, from malware infection to data theft. Blue Coat Security Analytics Platform targets network traffic and collects and classifies this valuable data. Customers can choose from three types of analytics tools for web, mail and file-specific threat analysis. Comprehensive data collection is essential to enable detailed forensic studies and real-time detection, but it can also lead to long-term storage challenges. Before deploying a tool like Blue Coat Security Analytics Platform, carefully analyze your storage requirements, budget and data retention policies.
With the flexibility to choose only the modules you need, Blue Coat Security Analytics will meet the needs of a wide range of organizations, especially those that have other security or management tools that provide some web, email and file controls. The Proactive Services offering may be especially helpful for businesses that want continuity in support personnel.
Part one of this series explains the basics of security analytics products
Part two examines the use cases for security analytics
Part three looks at how to procure security analytics products
Part four compares the best security analytics products on the market