Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Antispyware: Blue Coat Systems' Spyware Interceptor SI-1

Blue Coat Systems' Spyware Interceptor SI-1

This article can also be found in the Premium Editorial Download: Information Security magazine: Security 7 Award winners unmasked

Spyware Interceptor SI-1
Blue Coat Systems
Price: $2,295 for hardware and starts at $695 annually for 100-user subscription


Blue Coat Systems' Spyware Interceptor SI-1
@exe Blue Coat's Spyware Interceptor SI-1 is one of the first products to approach spyware from a network-based perspective, protecting devices behind the gateway--a particularly appealing solution for organizations with unmanaged systems, such as educational institutions, and open access points.

Spyware Interceptor takes a different approach to detecting spyware than most products. Rather than performing signature detection on packet payloads, it monitors URLs against its list of known spyware sites--a technique that allows the appliance to detect polymorphic spyware that attempts to avoid signature detection by altering its code.

Recent studies by Microsoft lend credence to this approach, demonstrating that a large proportion of spyware can be traced back to a small number of originating sites. (The list is updated to the appliance daily.)

Once Spyware Interceptor identifies a site as suspicious, it blocks all downloads of executable programs. Administrators may manage exceptions to this filtering on a client and/or server basis, and may also blacklist sites that don't appear in the appliance's database. Users with unusual browsing requirements can have their systems completely exempt from screening activity.

Our testing showed this approach to be quite effective, as the appliance detected each of the spyware sites we attempted to access. The device also monitors, reports and blocks outbound traffic for spyware's attempts to "phone home."

Spyware Interceptor is extremely easy to install. It comes preconfigured to act as a bridge between the protected and external networks. The administrator simply connects the WAN and LAN ports and boots the device.

If you're willing to accept the default configuration (we didn't find it necessary to modify any settings to bring the device online), you simply provide the details of your network, an administrative user name/password and a license key, and you're up and running. Operation is completely transparent to the user and requires no configuration on the workstation.

All this being said, a gateway-based solution won't completely solve your organization's spyware problem. We recommend that Spyware Interceptor be used in conjunction with a client antispyware product to disinfect compromised systems and protect mobile users accessing the Internet while away from the corporate network.

Exec Summary
up Effective detection
up Easy installation
down Flexible policy
down Doesn't replace client tools
down Not scalable

Spyware Interceptor provides a management-friendly reporting and alerting facility. It ships with a number of predefined reports including system performance, infected machines, infected traffic, blocked downloads and system events.

However, the appliance's biggest limitation is its lack of scalability for larger enterprises. The maximum specified capacity is 1,000 supported clients. If your network is larger, you'll need to purchase multiple devices and manage them individually, without the benefit of centralized enterprise management suite.

Overall, we feel that Spyware Interceptor is a promising product for a particular subclass of networks, particularly those with a large number of unmanaged clients.


This was last published in September 2005

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.