BLUE COAT LIVEde.security.westcon.com/documents/54387/BlueCoat Webinar 2111201… · Can inherit...
Transcript of BLUE COAT LIVEde.security.westcon.com/documents/54387/BlueCoat Webinar 2111201… · Can inherit...
1 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
BLUE COAT LIVE
LICHT IM (SSL)DUNKELN
SO KLAPPT ES AUCH BEI IHREN
KUNDEN
PATRICK K. KUTTRUFF
Cyberdefense Strategist, CISM
21. November 2014
2 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
HIGH DEMAND, HUGE OPPORTUNITY
SSL ENCRYPTED TRAFFIC MANAGEMENT
SSL Encrypted Traffic is 25% of
Enterprise Traffic and Growing!
Advanced Persistent Threats Use
Encryption to Hide
Most installed Security Solutions
are “Blind” to SSL
• Those that do have SSL decryption are
expensive and suffer from a 30 - 80%
performance degradation
Your Customers Need Blue Coat
Encrypted Traffic Management Typical deal size:
$40K - $130K
Short Sales Cycle
4 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
SSL VISIBILITY OPTIMIZES
EXISTING INVESTMENTS
NGFW Security
Analytics Anti-
Malware IDS / IPS DLP
Global
Intelligence Network • Policy categories
• WW malware reporting &
blocking
‘Einmal entschlüsselt – mehrfach genutzt’
5 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
TWO OPTIONS FOR SSL VISIBILITY
Encrypted Tap for ProxySG
• Additional License for Existing
ProxySG appliances
• SSL Visibility for web traffic
• Requires SGOS 6.5 and higher
• Full policy integration
• Single output stream support
• Can feed a single passive security
solution
SSL Visibility Appliances
Standalone transparent proxy
appliances
Integrates with IDS/IPS, Forensics,
Logging, Compliance, Malware, etc.
High Performance, all Ports
Can inherit ProxySG Policies for
inspection
Multiple output stream support
• Can feed active and passive security
solutions at the same time
6 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
ENCRYPTED TAP FOR PROXYSG
What is it?
• Feature to allow decrypted contents of SSL session
to be transferred to a logging system
• Decrypted SSL traffic can then be consumed by
network traffic analysis tools like Wireshark, network
intrusion detection systems like Snort, etc.
Customer Value
• For highly regulated industries, or those with high
security concerns, allows for complete logging
• Gives the ability to do forensics, research, after an
incident has occurred
7 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
NEXT GENERATION SSL VISIBILITY
APPLIANCES
Scalable proven line of SSL Inspection
Appliances
Complete price/performance configurations
Supports 10/100, 1000, 10000 interfaces
Fixed configuration or Modular scalable
solutions
SSL visibility solutions for every point in your network
8 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
SSL VISIBILITY APPLIANCE FAMILY
PERFORMANCE
Function SV800-250M SV800-500M SV1800 SV2800 SV3800
Total Packet Processing 8 Gbps 8 Gbps 8 Gbps 20 Gbps 40 Gbps
SSL Visibility
Throughput
250 Mbps 500 Mbps 1.5 Gbps 2.5 Gbps 4 Gbps
Concurrent SSL Flow
States (CPS)
20,000 20,000 100,000 200,000 400,000
New Full Handshake
SSL sessions (CPS)
(i.e. Setups / Tear Downs)
1,000 2,000 7,500 10,500 12,500
Configurations Fixed Fixed Fixed Modular 3 Slots Modular 7 Slots
Input / Output 8
10/100/1000
Copper
(fixed)
8
10/100/1000
Copper
(fixed)
8
10/100/1000
Copper or Fiber
(fixed)
2x10G-Fiber,
4x1G Copper,
4x1G Fiber
Network Mods
2x10G-Fiber, 4x1G
Copper, 4x1G Fiber
Network Mods
Resiliency Fail-to-Wire
(FTW) /
Fail-to-
Appliance (FTA)
FTW / FTA FTW / FTA FTW / FTA FTW / FTA
List Price (USD) $15,000 $25,000 $51,000 (copper)
$55,000 (fiber)
$64,000 $82,000
9 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
WHAT’S NEW?
SV800 APPLIANCE
• Entry-level SSL Appliance
• Appropriate for smaller, less-demanding
environments
• Appropriate for branch or remote offices
within larger enterprises
• Two models
• 500 Mbps decrypt/re-encrypt capability
• 250 Mbps decrypt/re-encrypt capability
• The -250M model is upgradable to the -500M
through a software license
• Compatible with v3.8 s/w and
beyond
SV800-
250M-C
SV800-
500M-C
Total Packet
Processing 8.0 Gbps 8.0 Gbps
SSL Inspection
Throughput 250 Mbps 500 Mbps
Concurrent SSL Flow
States
(Connections/ Second)
20,000 20,000
New Full SSL
Handshake Sessions
(Setups/ Teardowns) 1,000 / sec 2,000 / sec
Cut-through Latency <40µs <40µs
10 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
NEW OPERATING SYSTEM (v3.8) FOR
SSL VISIBILITY FAMILY
• Meets a requirement for
heavily regulated industries
• Supports 3rd party Hardware
Security Modules (HSM) that
security store cryptographic keys
and certificates
– SafeNet Luna SP supported
• Used when inspecting outbound
SSL traffic
• Support for policies based
on Traffic Classes
V3.8 s/w supports all SSL Visibility Appliance models
Secure storage and
management of
certs & keys
SafeNet Luna SP
HSM
SSL Visibility
Appliance Mutually
Authenticated
HTTPS
INTERNET
Outbound
11 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
INHERITING PROXYSG’S SSL
INTERCEPTION POLICY
Network Deployment
Security Solution
SSL Visibility
Appliance
ProxyAV, DLP, etc.
ProxySG
14 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
SSL VISIBILITY APPLIANCE: “DAMIT GEHT WAS”
Kurzer Saleszyklus (Aktueller Rekord: 14 Tage!)
Typische Grösse: $40k - $130k
15 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
ENCRYPTED TRAFFIC MANAGEMENT
REVENUE OPPORTUNITIES
Advanced Threat Protection
Projects: SSL Visibility
Appliance
Blue Coat Installed-base: ProxySG
Security Infrastructure Upgrade
Projects: SSL Visibility Appliance
Target Buyer: Security or Network
Administrator / Manager
Target Buyer: Network Security
Architect / Director / VP
Target Buyer: Network Security
Architect / VP / Director
16 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
ENCRYPTED TRAFFIC MANAGEMENT
REVENUE OPPORTUNITIES
• Become a trusted advisor
• Incremental Revenue – sell Encrypted TAP
• Customers with 3rd party forensics
or sandbox solutions
• Upsell to Security Analytics and
Malware Analysis Installed Base
• Part of an $11B market • Protect & enhance existing investment
and ROI on IDS/IPS, NGFW and DLP
Advanced Threat Protection
Projects: SSL Visibility
Appliance
Blue Coat Installed-base: ProxySG
Security Infrastructure
Upgrade Projects:
SSL Visibility Appliance
17 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
SALES OPPORTUNITY:
PROXYSG INSTALLED BASE
Become a Trusted Advisor for
Encrypted Traffic Management
Sell Encrypted TAP
license
100+ customers
“Turn on”
SSL Intercept
10,000+ customers
Enable ICAP-
connected AV, DLP
solutions
5,000+ customers
Incremental Revenue
Opportunity
SSL Vis Appliance Upsell
Opportunity
18 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
Anti-Malware / Security Analytics / Forensics Tools are USELESS
without SSL Decryption and Inspection
Customers with 3rd
party malware
analysis /sandbox
solutions
10,000+ customers
Upsell to Security
Analytics and
Malware Analysis
Installed Base
1,000+ customers
Customers with 3rd
party security
analytics / forensics
solutions
5,000+ customers
SALES OPPORTUNITY:
ADVANCED THREAT PROTECTION NEEDS ETM
Revenue Opportunity
19 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
Pursue customers with:
• IDS / IPS Solutions
• Next-Gen Firewall (NGFW) Solutions
• DLP Solutions
Largest Revenue Opportunity
as part of an $11B market,
with 20,000+ potential customers
Protect and Enhance Existing Investment and ROI
SALES OPPORTUNITY: SSL VISIBILITY APPLIANCE AND
EXISTING SECURITY INFRASTRUCTURES
20 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
HIGH DEMAND, HUGE OPPORTUNITY FOR
ENCRYPTED TRAFFIC MANAGEMENT
For every $100 invested in a Network Security Infrastructure,
$35 is wasted due to SSL Traffic
Wasted or lost investment due to lack of visibility
Extended loss
due to poor performance
• SSL Encrypted Traffic is 25 – 35% of Enterprise Traffic
• Advanced Threats Increasingly Use SSL Encryption to Hide
• Your Customers Need Blue Coat Encrypted Traffic Management • ProxySG
• SSL Visibility Appliance
• Most installed Security
Solutions are “Blind” to SSL • Those solutions that can see
and inspect SSL traffic suffer up
to 80% performance loss once it
is enabled – further Reducing
the ROI
21 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
NGFW
€200,000
IDS / IPS
€200,000
Sandbox
€200,000
€200,000 €200,000 Save €375,000 vs. Incremental Investment strategy!
Greater scalability to meet future decryption needs
Extend SSL visibility – Decrypt Once Feed Many
“NSS has concerns for the viability of SSL inspection …
without the use of dedicated SSL decryption devices.”*
25% Infrastructure
Under-utilization
Opportunity
Cost: €150,000
+
SSL risk is
unaddressed
Alternative 1
Incrementally invest
in greater security
solution capacity
50% SSL
Performance Hit
Performance +
Opportunity
Cost:
€250,000 Alternative 2
Invest in Blue Coat
SSL Visibility
Appliance
Investment +
Opportunity
Cost: €450,000
Total
Investment:
€75,000
SSL VISIBILITY APPLIANCE ROI
- €50,000 - €50,000 - €50,000 - €100,000 - €100,000
* “SSL Performance Problems”, NSS Labs, 2013
€75,000
22 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
CASE STUDY:
GLOBAL AUTOMOTIVE MANUFACTURER
Pain Point:
• Lack of visibility into SSL
encrypted traffic
• Concerned about threats and
compliance risks
IT Solution:
• Detect/Decrypt once, feed many
architecture to address SSL
across all ports/apps
• 2 SV1800 Visibility Appliances
• Integration with Blue Coat
Security Analytics Platform
Innovative Auto Manufacturer
23 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
CASE STUDY:
FINANCIAL SERVICES
Pain Point: • Lack of visibility into SSL encrypted traffic
• Compliance adherence and risks
• Advanced Persistent Threats (APTs) and malware
IT Solution: • Detect / Decrypt Once-Feed Many
architecture supporting Sourcefire IPS and FireEye solutions
• Existing Blue Coat ProxySG and AV customer looking for continued WebPulse / Global Intelligence Network collaboration
• Over 25 SSL Visibility Appliances deployed across North America, LANTAM and Europe
• Considering Blue Coat Security Analytics Platform for complete advanced threat protection
Global Financial Services Firm
24 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
ENCRYPTED TRAFFIC MANAGEMENT / SSL VISIBILITY
SALES TOOLS
Aktuell verfügbare Sales Tools
At a Glance (AAG) sheet
Encrypted Traffic Management (ETM) Playbook
Online E-Guide
Infographic
Updated ETM Customer-facing presentation
FAQs
Gartner white paper: “Security Leaders must Address
Threats from Rising SSL Traffic” (Dec 2013)
SANS white paper: “Finding Hidden Threats by Decrypting
SSL” (Nov 2013)
SSL Visibility Appliance Sizing and Deployment Guide
Blue Coat University CBT presentation on “SSL Visibility”
Reference Architecture presentation with Audio (for SEs)
BlueBox Try & Buy (TAB) & NFR programs
25 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
MARKETING CAMPAIGN ENCRYPTED TRAFFIC MANAGEMENT
• Establish 3rd party validation and drive ETM awareness
• Introduce & position ETM POV
• Help customers/prospects understand our value-prop
• Generate demand / pipeline
Campaign Objectives
Target & Audience
Market
• Global 2000 organizations / 5.5k named account
• Medium to Large Enterprise customers
• Highly regulated industries—Finance, Healthcare, Energy,
Government, Service Providers
Buyers
• CTO, CSO or CISO or Compliance/Risk Officer, Security
Architects, ITSEC Leaders
Profile
• ProxySG (add SSL Intercept, Encrypted TAP)
• ATP: Content Analysis/Malware Analysis/Security Analytics
• Greenfield / Whitespace
26 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only
ATP TEAM
Advanced Threat Protection Group – Overlay Team
Mission: Unterstützung für die 3 ATP Produktfamilien
• Malware Analysis Appliance (MAA)
• Security Analytics Platform (SAP)
• SSL Visibility Appliance (SSL-VA)
Key Contacts
• Cyberdefense Strategist: [email protected]
• Senior System Engineer, ATP: [email protected]