SO

LU

TIO

N B

RIE

F

Challenge

SSL encrypted traffic is pervasive in organizations around the world, representing 35% of all enterprise network traffic today. With a 20% annual growth rate, SSL encrypted traffic increasingly presents a blind spot in organizations; most current security solutions cannot see or manage this traffic. As witnessed in several of recent security breaches, malware traffic is being SSL encrypted to remain under the radar of network security solutions. According to Gartner, this trend is likely to expand rapidly and in 2017, more than half of the network attacks targeting enterprises will use encrypted traffic to bypass controls. Since most of the security tools such as next-generation firewalls, IDS/IPS devices are typically blind to SSL traffic or experience significant performance degradation if SSL inspection is enabled, specialized devices are needed to handle SSL encrypted traffic. As a result, it becomes critical for the DMZ traffic to be sent selectively through a chain of services that can decrypt the traffic, inspect for malware, and then re-encrypt the traffic. A new security architecture is clearly needed which can simplify the deployment of these services while ensuring high availability, continued maintenance, and scalability.

Solution: Blue Coat’s SSL Visibility Appliance and Big Switch’s Big Monitoring Fabric

Blue Coat’s encrypted traffic management (ETM) solution eliminates the encrypted traffic blind spot and combats the security threats hidden in encrypted traffic while preserving privacy, policy and regulatory compliance. Comprised of the market-leading Blue Coat SSL Visibility Appliance, it enhances existing security solutions by providing visibility into previously hidden traffic and advanced threats without requiring significant upgrades or re-architecture of the network security infrastructure.

The SSL Visibility Appliance is a high-performance purpose-built solution that utilizes comprehensive policy enforcement to inspect, decrypt and manage SSL traffic in real time while ensuring data privacy and regulatory compliance. The SSL Visibility Appliance’s unique “decrypt once, feed many” design when deployed in conjunction

with Big Monitoring Fabric (inline) empowers multiple security tools with newfound visibility into encrypted traffic to effectively detect and eliminate advanced threats without hindering device or network performance

Big Monitoring Fabric (Inline Mode) enables pervasive security in the demilitarized zone (DMZ) and addresses the challenges faced by traditional solutions while offering lower-cost and SDN-centric operational simplicity. BMF Inline consists of a BMF Controller and open Ethernet switches deployed in High availability configuration. The inline security tools directly connect (optionally via link aggregation) to these Ethernet switches. Leveraging the BMF controller as the central point of management, BMF Inline configures policies that create paths through the inline tools. The solution supports load balancing across multiple instances of the same tool as well as chaining of a set of tools on a per-policy basis.

The Blue Coat SSL Visibility Appliance is an integral component to an organization’s encrypted management strategy. Big Monitoring Fabric (Inline mode) can be deployed in a highly available (HA) configuration to enable visibility and threat mitigation in the demilitarized zone (DMZ) by chaining multiple services based on policies. The joint deployment

BLUE COAT TECHNOLOGY PARTNER: BIG SWITCH NETWORKS

Partner: Big Switch NetworksPartner Product: Big Monitoring Fabric (BMF)Blue Coat Product: SSL Visibility Appliance (SSLVA)

SO

LU

TIO

N B

RIE

F

of Big Monitoring Fabric (Inline) with Blue Coat SSL Visibility Appliance enables policy-based insertion and chaining of the service with other threat prevention devices at the DMZ to selectively decrypt SSL traffic for malware detection and then re-encrypting the traffic. The solution thus provides best-in-class ETM to detect and eliminate the SSL encrypted traffic blind spots while offering an economic solution and SDN-centric operational simplicity.

How it Works

The diagram below demonstrates how the Blue Coat and Big Switch work together to provide best-in-class ETM combined with SDN-centric operational simplicity.

The solution consists of the BMF controller and open networking Ethernet switches deployed in a High Availability configuration with the Blue Coat SSL Visibility Appliance and Intrusion Protection System

directly connected to the Ethernet switches. With BMF inline switches, traffic in the DMZ can be selectively redirected through the chain of security devices based on policies set by the user.

• SSL traffic can be sent to the Blue Coat SSL Visibility Appliance, which decrypts the content and sends it to the BMF inline switch that is connected to it.

• The BMF inline switch then sends the decrypted traffic to the IPS service, which can then inspect it for malware.

• If the decrypted traffic is not blocked/dropped by the IPS, it is returned back to the BMF inline switch.

• It is then sent to the SSL Visibility Appliance, which completes its task for the outbound direction by encrypting the traffic and sends it back to the inline switch. The packet is then sent out to the Internet or into the production network depending on the direction of the flow

Firewall 1

Span Traffic

Untrusted Traffic

Trusted Traffic

OOB

Inline Inline

BMF Controllers

Core Switch 1

10 G 10 G10 G10 G

Firewall 2

SSL Visibility Appliance

Core Switch 2Security Analytics

Figure 1: Blue Coat SSL Visibility Appliance with Big Monitoring Fabric (Inline)

SO

LU

TIO

N B

RIE

F

© 2016 Blue Coat Systems, Inc. All rights reserved. Blue Coat, the Blue Coat logos, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter, CacheOS, CachePulse, Crossbeam, K9, the K9 logo, DRTR, MACH5, PacketWise, Policycenter, ProxyAV, ProxyClient, SGOS, WebPulse, Solera Networks, the Solera Networks logos, DeepSee, “See Everything. Know Everything.”, “Security Empowers Business”, and BlueTouch are registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain other countries. This list may not be complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the trademark. All other trademarks mentioned in this document owned by third parties are the property of their respective owners. This document is for informational purposes only. Blue Coat makes no warranties, express, implied, or statutory, as to the information in this document. Blue Coat products, technical services, and any other technical data referenced in this document are subject to U.S. export control and sanctions laws, regulations and requirements, and may be subject to export or import regulations in other countries. You agree to comply strictly with these laws, regulations and requirements, and acknowledge that you have the responsibility to obtain any licenses, permits or other approvals that may be required in order to export, re-export, transfer in country or import after delivery to you. v.SB-TECHPARTNER-SSL-BSN-EN-v1b-0516

Blue Coat Systems Inc. www.bluecoat.com

Corporate Headquarters Sunnyvale, CA

+1.408.220.2200

EMEA Headquarters Hampshire, UK

+44.1252.554600

APAC Headquarters Singapore

+65.6826.7000

Benefits

The combined SSL Visibility Appliance and Big Monitoring Fabric solution has the following benefits:

• Best-in-class ETM – Blue Coat’s encrypted traffic management (ETM) solution eliminates the encrypted traffic blind spot and combats the security threats hidden in encrypted traffic while preserving privacy, policy and regulatory compliance.

• Enhanced Tool Efficiency – The solution supports chaining of upto 4 tools in a single chain. Policies can be setup to send only the relevant traffic and same tool interfaces can be shared across multiple chains, thus increasing tool efficiency. It also supports inline tool health check for the tools connected in the service chain.

• Simplification of Multi-team operational workflows – The solution eliminates the need for complex error-prone Network Packet Brokers (NPBs) needed and clear role separation between network and security admins.

• Policy-based security enforcement – The SSLVA allows policy to be tailored to the destination of an SSL flow or a specific to a type of traffic through the Blue Coat Host Categorization service.

• Simplified Management – Big Mon supports single pane of glass management/configuration for inline monitoring and the ability to do selective SPAN for out-of-band monitoring.

• High Availability – The solution is highly resilient against network, tool or controller failures and supports customizable health check based on Layer 2 through Layer 4 headers with aggressive health timers.

About Big Switch Networks

Big Switch Networks is the market leader in bringing hyperscale data center networking technologies to a broader audience. The company is taking three key hyperscale technologies – OEM/ODM bare metal and open Ethernet switch hardware, sophisticated SDN control software, and core-and-pod data center designs – and leveraging them in fit-for-purpose products designed for use in enterprises, cloud providers and service providers. For additional information, email info@bigswitch.com, follow @bigswitch or visit www.bigswitch.com.