As I mentioned, I was at a BlueCoat Web Security briefing on Wednesday.
Most of the talks covered things I already knew. I’m well aware of BlueCoat’s product line, and the web security stuff I received that in a meeting earlier in the year. But the security stuff was good review. It is rather interesting how BlueCoat is using a hybrid model for security. Rather than simply having an Antivirus Engine and a URL filter database on site, they use the WebPulse Cloud service to provide better protection.
At one point URL filtering exclusively used a local database that was updating periodically. When sites aren’t categorized, BlueCoat used to use a service called Dynamic Real-Time Threat Rating to submit the URL to the cloud and see if categorization was available, either in a newer database or through dynamic categorization. That has evolved into BlueCoat Webpulse. It’s a cloud based service that uses 8-10 heuristic scanners to analyze requested websites. With 62 million global users, there is a certain hope that a malicious site would have been seen and been categorized by the service.
This is why I don’t actually see very many viruses detected by the Kaspersky AV scanner that scans traffic. A lot of malicious sites are already categorized and in the block list. I need to check out BlueCoat Reporters reports on the malicious software category if I want to better justify web security.
While BlueCoat does use some of the more advanced detection functionality of Kaspersky locally on the appliance, they are doing detection in the cloud that couldn’t be done on locally on the appliance.