BLUE COAT LIVEde.security.westcon.com/documents/54387/BlueCoat Webinar 2111201… · Can inherit...

1 Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Blue Coat Confidential – Internal Use Only

BLUE COAT LIVE

LICHT IM (SSL)DUNKELN

SO KLAPPT ES AUCH BEI IHREN

KUNDEN

PATRICK K. KUTTRUFF

Cyberdefense Strategist, CISM

21. November 2014


HIGH DEMAND, HUGE OPPORTUNITY

SSL ENCRYPTED TRAFFIC MANAGEMENT

SSL Encrypted Traffic is 25% of

Enterprise Traffic and Growing!

Advanced Persistent Threats Use

Encryption to Hide

Most installed Security Solutions

are “Blind” to SSL

• Those that do have SSL decryption are

expensive and suffer from a 30 - 80%

performance degradation

Your Customers Need Blue Coat

Encrypted Traffic Management Typical deal size:

$40K - $130K

Short Sales Cycle


SSL VISIBILITY OPTIMIZES

EXISTING INVESTMENTS

NGFW Security

Analytics Anti-

Malware IDS / IPS DLP

Global

Intelligence Network • Policy categories

• WW malware reporting &

blocking

‘Einmal entschlüsselt – mehrfach genutzt’


TWO OPTIONS FOR SSL VISIBILITY

Encrypted Tap for ProxySG

• Additional License for Existing

ProxySG appliances

• SSL Visibility for web traffic

• Requires SGOS 6.5 and higher

• Full policy integration

• Single output stream support

• Can feed a single passive security

solution

SSL Visibility Appliances

Standalone transparent proxy

appliances

Integrates with IDS/IPS, Forensics,

Logging, Compliance, Malware, etc.

High Performance, all Ports

Can inherit ProxySG Policies for

inspection

Multiple output stream support

• Can feed active and passive security

solutions at the same time


ENCRYPTED TAP FOR PROXYSG

What is it?

• Feature to allow decrypted contents of SSL session

to be transferred to a logging system

• Decrypted SSL traffic can then be consumed by

network traffic analysis tools like Wireshark, network

intrusion detection systems like Snort, etc.

Customer Value

• For highly regulated industries, or those with high

security concerns, allows for complete logging

• Gives the ability to do forensics, research, after an

incident has occurred


NEXT GENERATION SSL VISIBILITY

APPLIANCES

Scalable proven line of SSL Inspection

Appliances

Complete price/performance configurations

Supports 10/100, 1000, 10000 interfaces

Fixed configuration or Modular scalable

solutions

SSL visibility solutions for every point in your network


SSL VISIBILITY APPLIANCE FAMILY

PERFORMANCE

Function SV800-250M SV800-500M SV1800 SV2800 SV3800

Total Packet Processing 8 Gbps 8 Gbps 8 Gbps 20 Gbps 40 Gbps

SSL Visibility

Throughput

250 Mbps 500 Mbps 1.5 Gbps 2.5 Gbps 4 Gbps

Concurrent SSL Flow

States (CPS)

20,000 20,000 100,000 200,000 400,000

New Full Handshake

SSL sessions (CPS)

(i.e. Setups / Tear Downs)

1,000 2,000 7,500 10,500 12,500

Configurations Fixed Fixed Fixed Modular 3 Slots Modular 7 Slots

Input / Output 8

10/100/1000

Copper

(fixed)

8

10/100/1000

Copper

(fixed)

8

10/100/1000

Copper or Fiber

(fixed)

2x10G-Fiber,

4x1G Copper,

4x1G Fiber

Network Mods

2x10G-Fiber, 4x1G

Copper, 4x1G Fiber

Network Mods

Resiliency Fail-to-Wire

(FTW) /

Fail-to-

Appliance (FTA)

FTW / FTA FTW / FTA FTW / FTA FTW / FTA

List Price (USD) $15,000 $25,000 $51,000 (copper)

$55,000 (fiber)

$64,000 $82,000


WHAT’S NEW?

SV800 APPLIANCE

• Entry-level SSL Appliance

• Appropriate for smaller, less-demanding

environments

• Appropriate for branch or remote offices

within larger enterprises

• Two models

• 500 Mbps decrypt/re-encrypt capability

• 250 Mbps decrypt/re-encrypt capability

• The -250M model is upgradable to the -500M

through a software license

• Compatible with v3.8 s/w and

beyond

SV800-

250M-C

SV800-

500M-C

Total Packet

Processing 8.0 Gbps 8.0 Gbps

SSL Inspection

Throughput 250 Mbps 500 Mbps

Concurrent SSL Flow

States

(Connections/ Second)

20,000 20,000

New Full SSL

Handshake Sessions

(Setups/ Teardowns) 1,000 / sec 2,000 / sec

Cut-through Latency <40µs <40µs


NEW OPERATING SYSTEM (v3.8) FOR

SSL VISIBILITY FAMILY

• Meets a requirement for

heavily regulated industries

• Supports 3rd party Hardware

Security Modules (HSM) that

security store cryptographic keys

and certificates

– SafeNet Luna SP supported

• Used when inspecting outbound

SSL traffic

• Support for policies based

on Traffic Classes

V3.8 s/w supports all SSL Visibility Appliance models

Secure storage and

management of

certs & keys

SafeNet Luna SP

HSM

SSL Visibility

Appliance Mutually

Authenticated

HTTPS

INTERNET

Outbound


INHERITING PROXYSG’S SSL

INTERCEPTION POLICY

Network Deployment

Security Solution

SSL Visibility

Appliance

ProxyAV, DLP, etc.

ProxySG


SSL VISIBILITY APPLIANCE: “DAMIT GEHT WAS”

Kurzer Saleszyklus (Aktueller Rekord: 14 Tage!)

Typische Grösse: $40k - $130k


ENCRYPTED TRAFFIC MANAGEMENT

REVENUE OPPORTUNITIES

Advanced Threat Protection

Projects: SSL Visibility

Appliance

Blue Coat Installed-base: ProxySG

Security Infrastructure Upgrade

Projects: SSL Visibility Appliance

Target Buyer: Security or Network

Administrator / Manager

Target Buyer: Network Security

Architect / Director / VP

Target Buyer: Network Security

Architect / VP / Director



REVENUE OPPORTUNITIES

• Become a trusted advisor

• Incremental Revenue – sell Encrypted TAP

• Customers with 3rd party forensics

or sandbox solutions

• Upsell to Security Analytics and

Malware Analysis Installed Base

• Part of an $11B market • Protect & enhance existing investment

and ROI on IDS/IPS, NGFW and DLP

Advanced Threat Protection

Projects: SSL Visibility

Appliance

Blue Coat Installed-base: ProxySG

Security Infrastructure

Upgrade Projects:

SSL Visibility Appliance


SALES OPPORTUNITY:

PROXYSG INSTALLED BASE

Become a Trusted Advisor for

Encrypted Traffic Management

Sell Encrypted TAP

license

100+ customers

“Turn on”

SSL Intercept

10,000+ customers

Enable ICAP-

connected AV, DLP

solutions

5,000+ customers

Incremental Revenue

Opportunity

SSL Vis Appliance Upsell

Opportunity


Anti-Malware / Security Analytics / Forensics Tools are USELESS

without SSL Decryption and Inspection

Customers with 3rd

party malware

analysis /sandbox

solutions

10,000+ customers

Upsell to Security

Analytics and

Malware Analysis

Installed Base

1,000+ customers

Customers with 3rd

party security

analytics / forensics

solutions

5,000+ customers

SALES OPPORTUNITY:

ADVANCED THREAT PROTECTION NEEDS ETM

Revenue Opportunity


Pursue customers with:

• IDS / IPS Solutions

• Next-Gen Firewall (NGFW) Solutions

• DLP Solutions

Largest Revenue Opportunity

as part of an $11B market,

with 20,000+ potential customers

Protect and Enhance Existing Investment and ROI

SALES OPPORTUNITY: SSL VISIBILITY APPLIANCE AND

EXISTING SECURITY INFRASTRUCTURES


HIGH DEMAND, HUGE OPPORTUNITY FOR


For every $100 invested in a Network Security Infrastructure,

$35 is wasted due to SSL Traffic

Wasted or lost investment due to lack of visibility

Extended loss

due to poor performance

• SSL Encrypted Traffic is 25 – 35% of Enterprise Traffic

• Advanced Threats Increasingly Use SSL Encryption to Hide

• Your Customers Need Blue Coat Encrypted Traffic Management • ProxySG

• SSL Visibility Appliance

• Most installed Security

Solutions are “Blind” to SSL • Those solutions that can see

and inspect SSL traffic suffer up

to 80% performance loss once it

is enabled – further Reducing

the ROI


NGFW

€200,000

IDS / IPS

€200,000

Sandbox

€200,000

€200,000 €200,000 Save €375,000 vs. Incremental Investment strategy!

Greater scalability to meet future decryption needs

Extend SSL visibility – Decrypt Once Feed Many

“NSS has concerns for the viability of SSL inspection …

without the use of dedicated SSL decryption devices.”*

25% Infrastructure

Under-utilization

Opportunity

Cost: €150,000

+

SSL risk is

unaddressed

Alternative 1

Incrementally invest

in greater security

solution capacity

50% SSL

Performance Hit

Performance +

Opportunity

Cost:

€250,000 Alternative 2

Invest in Blue Coat

SSL Visibility

Appliance

Investment +

Opportunity

Cost: €450,000

Total

Investment:

€75,000

SSL VISIBILITY APPLIANCE ROI

- €50,000 - €50,000 - €50,000 - €100,000 - €100,000

* “SSL Performance Problems”, NSS Labs, 2013

€75,000


CASE STUDY:

GLOBAL AUTOMOTIVE MANUFACTURER

Pain Point:

• Lack of visibility into SSL

encrypted traffic

• Concerned about threats and

compliance risks

IT Solution:

• Detect/Decrypt once, feed many

architecture to address SSL

across all ports/apps

• 2 SV1800 Visibility Appliances

• Integration with Blue Coat

Security Analytics Platform

Innovative Auto Manufacturer


CASE STUDY:

FINANCIAL SERVICES

Pain Point: • Lack of visibility into SSL encrypted traffic

• Compliance adherence and risks

• Advanced Persistent Threats (APTs) and malware

IT Solution: • Detect / Decrypt Once-Feed Many

architecture supporting Sourcefire IPS and FireEye solutions

• Existing Blue Coat ProxySG and AV customer looking for continued WebPulse / Global Intelligence Network collaboration

• Over 25 SSL Visibility Appliances deployed across North America, LANTAM and Europe

• Considering Blue Coat Security Analytics Platform for complete advanced threat protection

Global Financial Services Firm


ENCRYPTED TRAFFIC MANAGEMENT / SSL VISIBILITY

SALES TOOLS

Aktuell verfügbare Sales Tools

At a Glance (AAG) sheet

Encrypted Traffic Management (ETM) Playbook

Online E-Guide

Infographic

Updated ETM Customer-facing presentation

FAQs

Gartner white paper: “Security Leaders must Address

Threats from Rising SSL Traffic” (Dec 2013)

SANS white paper: “Finding Hidden Threats by Decrypting

SSL” (Nov 2013)

SSL Visibility Appliance Sizing and Deployment Guide

Blue Coat University CBT presentation on “SSL Visibility”

Reference Architecture presentation with Audio (for SEs)

BlueBox Try & Buy (TAB) & NFR programs


MARKETING CAMPAIGN ENCRYPTED TRAFFIC MANAGEMENT

• Establish 3rd party validation and drive ETM awareness

• Introduce & position ETM POV

• Help customers/prospects understand our value-prop

• Generate demand / pipeline

Campaign Objectives

Target & Audience

Market

• Global 2000 organizations / 5.5k named account

• Medium to Large Enterprise customers

• Highly regulated industries—Finance, Healthcare, Energy,

Government, Service Providers

Buyers

• CTO, CSO or CISO or Compliance/Risk Officer, Security

Architects, ITSEC Leaders

Profile

• ProxySG (add SSL Intercept, Encrypted TAP)

• ATP: Content Analysis/Malware Analysis/Security Analytics

• Greenfield / Whitespace


ATP TEAM

Advanced Threat Protection Group – Overlay Team

Mission: Unterstützung für die 3 ATP Produktfamilien

• Malware Analysis Appliance (MAA)

• Security Analytics Platform (SAP)

• SSL Visibility Appliance (SSL-VA)

Key Contacts

• Cyberdefense Strategist: [email protected]

• Senior System Engineer, ATP: [email protected]

mailto:[email protected]

mailto:[email protected]


Q&A

BLUE COAT LIVEde.security.westcon.com/documents/54387/BlueCoat Webinar 2111201… · Can inherit...

Documents

Transcript of BLUE COAT LIVEde.security.westcon.com/documents/54387/BlueCoat Webinar 2111201… · Can inherit...