1.) Main Purpose This is the Blue Coat Systems OVERVIEW presentation as of July 2005.

Proxy Services Proxy Support HTTP, HTTPS, FTP, P2P, Telnet, SOCKS, DNS, TCP-Tunnel, IM (AIM, MSN, Yahoo!), MMS, RTSP, QuickTime Method-level control options Content Filtering, Content Security, Spyware Prevention IM Control, P2P Blocking, Phishing & Pop-up Blocking Web Virus Scanning with ProxyAV Streaming Control Compression (HTTP & TCP/SOCKS) Bandwidth Management SSL Termination & Acceleration This is a summary of proxy services for ProxySG, review our SOLUTIONS presentation for more details.

Firewalls  Keep the Bad Guys Out Intranet Web Servers Public Web Servers Firewall Internal Network Public Internet Hackers But they are not designed to control at user level Users Firewalls block at the perimeter . . . Firewalls provide network security and often leave Port 80 for web traffic open. What was once the “World Wide Wait” is now the “World Wide Water Cooler” with opportunities and threats woven together. User level control with granular policies for content is the new security challenge.

Proxy  Keep the Good Guys Good Total Visibility and Control of All Web Communications Intranet Web Servers Public Web Servers Proxy Firewall Internal Network Public Internet Users Users Restrict or control access to unproductive web sites Control pop-ups, ads, and spyware Restrict or control access to unproductive web sites Stop viruses from webmail (Yahoo, Hotmail, etc) and IM “Splash page” for acceptable Internet use policy Keep intellectual property from getting out over IM Stop web content such as .vbs, .exe Control pop-ups, ads, and spyware Prevent downloading of copyrighted MP3 files Log and archive IM traffic by individual text messages When users are typing away at their computers the opportunities and threats are woven together in an Internet fabric. Users sound busy, however many actions on the Internet are social time sinks, reduce network availability, open back doors and pose legal liabilities. “Splash page” for acceptable Internet use policy Prevent downloading of copyrighted MP3 files Stop web content such as .vbs, .exe Log and archive IM traffic by individual text messages Stop viruses from webmail (Yahoo, Hotmail, etc) and IM Keep intellectual property from getting out over IM

Enterprise Policy Management Set & Enforce Policy Visual Policy Manager Corporate Web Policy Reporter Visual Policy Manager One interface for all policy controls Device configuration and management Policy development and management GUI or CLI Director Configuration and policy across network of Blue Coat appliances (up to 500) Ability to roll-out, backup and restore previous policies Reporter Reports can be viewed via a browser with options for authentication (LDAP, username/password) and role-based viewing allowing users to view specific reports. Custom reports can be created along with pre-defined reports such as: User Reports – track web user usage patterns regardless of location or application, Show access summaries, blocked sites, accessed by category and more. Network Traffic Reports – measure web traffic performance trends, errors, bandwidth, impact, streaming traffic levels and more. Security Reports – evaluate security risks and track user activity that is potentially dangerous. Quickly determine which users have accessed malicious content and report on activity into and out of firewalls. Instant Messaging Reports – evaluate security risks and track user activity within all major Instant Messaging protocols that may violate company policy or industry regulations. Top Ten Summaries – list top 10 sites accessed, users, categories, content types, and more. Distribute Policy Director Monitor & Report

World’s Major Institutions Trust Blue Coat Financial Health & Pharmaceuticals Energy, Oil & Gas Mfg/Industrial Consumer & Retail                                                                                                                     Blue Coat is an enterprise grade solution with a background in large scale ISP data centers. Some of the largest and most successful enterprises deploy Blue Coat to control Internet communications. Case studies and customer press releases are located on the Blue Coat website – www.bluecoat.com – for more details. Government

Web Application Control Example Different Policies for Facebook throughout an Organization Read Only Policy No comments, posting, upload/download, games, email, chat, etc Global Policy Everyone Marketing HR/Recruiting CEO, CIO Group Policy Limited Use Policy Can comment, post, upload, email and chat, no games, downloads, etc Group Policy Expanded Use Policy Can comment, post, upload, download, email, chat, but no games, etc. When we look at what is really happening within the enterprise, you see that on every level, there are evolutions that are encouraging this fluidity of boundaries. At the device level, enterprises are increasingly moving from corporate owned devices to employee owned devices, blurring the lines not only between corporate and personal use but also blurring the boundaries of where and how policies can be enforced. 73% of smartphones, 46% of laptops are employee owned. 60% are used for both work & Personal At the application level, the shift that is taking place is from applications selected, deployed and maintained by IT to applications that employees introduce into the network themselves. Often this is to increase productivity or solve a problem that can’t be addressed by existing tools. For example, sending this presentation to my team. The file was too big for Outlook, so I needed to use YouSendIt. When the file got too big for that, I needed to use Dropbox. This along with the mobile trend of personal device use is driving the consumerization of IT With this influx of employee mandated applications, the network is naturally changing. Its well defined perimeter, which was managed by IT has give way to a network that extends to and includes the web, an unwieldy beast that gives IT little to no control. For employees, how they access the network and applications has changed as well. Leaving your work at the office is a distant memory. Now, employees are always on. Always accessing not just the Internet at all hours but also the corporate network and applications. Full Use Policy No Restrictions Individual Policy

Web Application Policy Engine 2 clicks to set policy

2.) Main Function This is the Blue Coat Systems OVERVIEW presentation as of July 2005.

Client Proxy Internet Byte Caching Protocol detection Logging BW management Authentication Policy Internet Clients Caching Antivirus Protocol optimization URL-Filtering Compression

? Application proxy .mp3 .xxx Internet Streaming AOL-IM Yahoo-IM HTTP & HTTPS FTP MSN-IM Internet MAPI .mp3 .xxx ? gral.se CIFS P2P Telnet/Shell DNS TCP-Tunnel SOCKS

Authentication DACHSER LDAP NT, W2000 or W2003 DC RADIUS Server Netegrity SiteMinder Policy Substitution AD Directory Directory Directory Clients Internet LDAP Client Certifficate On box Database Oblix Directory X509/CA List Directory

How We Secure the Web   Intranet Web Server Public Web Server Internal Network Public Internet   AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.

How We Secure the Web     Intranet Web Server Public Web Server Internal Network Public Internet   AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password. Policy Processing Engine: All user web application requests are subjected to granular security policy 

How We Secure the Web       Intranet Web Server Public Web Server   Internal Network Public Internet  AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password. Policy Processing Engine: All user web application requests are subjected to granular security policy Content Filtering: Requests for content are controlled using content filtering based on granular policy   

Content Filtering Organizations need to control what users are doing when accessing the internet to protect from legal liability and productivity risks Blue Coat and our partners enable enterprise-class content filtering Powerful granular user control using Blue Coat’s Policy Processing Engine By user, group, destination IP and/or URL, time of day, site, category, lots more Multiple logging and reporting options Integrates with all authentication (LDAP, RADIUS, NTLM, AD, 2-factor, etc) Coaching, warnings, etc. High performance with integrated caching Drop-in appliance for easy to deploy and manage De-facto industry content filtering platform Content filtering, on the other hand, is about controlling what types of web sites users can access, preventing them from accessing inappropriate content. For example, content security would enable you to turn off access to all JPEGs, thereby breaking many web pages, whereas content filtering would prevent users from accessing sites that host JPEGs that are inappropriate for a work environment, such as sports related sites.

Content filtering databases Digital Arts InterSafe Optenet IWF WebWasher Proventia Smartfilter Websense SurfControl Clients Internet BlueCoat webfilter Your lists exceptions DRTR

How We Secure the Web         Intranet Web Server Public Web Server    Internal Network Public Internet  AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password. Policy Processing Engine: All user web application requests are subjected to granular security policy Content Filtering: Requests for content are controlled using content filtering based on granular policy Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.    

How We Secure the Web           Intranet Web Server Public Web Server    Internal Network Public Internet    AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password. Policy Processing Engine: All user web application requests are subjected to granular security policy Content Filtering: Requests for content are controlled using content filtering based on granular policy  Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting. Web Virus scanning: Potentially harmful content entering network via HTTP, HTTPS and FTP is stripped or scanned by ProxyAV.   

Virus, Code & Script scanning Other ICAP servers Clients Internet Sophos McAfee ProxyAV Kaspersky Panda

ProxyAV Purpose-built appliances for speed ProxySG & ProxyAV Large Enterprise/Network Core Scan once, serve many (cache benefit) Internet Internal Network ProxyAV ProxySG Virus Scans HTTP, FTP with caching benefit ProxySG Load Balances Purpose-built appliances for speed “Scan once, serve many” to increase performance High-availability & load-balancing Purpose built operating systems

How We Secure the Web             Intranet Web Server Public Web Server    Internal Network  Public Internet    AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password. Policy Processing Engine: All user web application requests are subjected to granular security policy Content Filtering: Requests for content are controlled using content filtering based on granular policy  Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting. Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV. Spyware: Prevention is better than a cure.    

BlueCoat Spyware Prevention Solution Stops spyware installations Detect drive-by installers Blocks spyware websites On-Proxy URL categorization Scans for spyware signatures High-performance Web AV Detects suspect systems Forward to cleansing agent Internet Internal Network ProxyAV ProxySG Blue Coat Gateway Anti-Spyware blocks spyware installations ProxySG™ appliances provide policy controls that inspect, filter and block Web content associated with Spyware installation software and masked Web sites used to phish users. Blue Coat Gateway Anti-Spyware scans for spyware signatures High-performance ProxyAV™ Web anti-virus appliance scans Web traffic for known spyware signatures using proven third party anti-virus scanning engines. The ProxyAV is the only solution capable of virus scanning Web traffic with low latency, leveraging cache intelligence logic to optimize performance. Blue Coat Gateway Anti-Spyware prevents spyware communications Blue Coat blocks client communications to known spyware and adware sources. Reporting features combined with on-proxy URL filtering identify Spyware “calling home” activity on the network. Communication attempting to reach a spyware domain is immediately terminated by Blue Coat’s ProxySG. The ProxySG supports five leading on-proxy URL filtering databases, plus custom categories, overrides and exceptions to advise, coach and enforce users. Blue Coat Gateway Anti-Spyware targets spyware infected systems for cleansing Blue Coat’s custom logging and reporting features enable administrators to target suspect systems and trigger spyware clean-up. Blue Coat will interoperate with InterMute’s SpySubtract solution for targeted cleansing and removal of spyware agents from desktops.

How We Secure the Web               Intranet Web Server Public Web Server    Internal Network  Public Internet    AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password. Policy Processing Engine: All user web application requests are subjected to granular security policy Content Filtering: Requests for content are controlled using content filtering based on granular policy Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting. Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV. Spyware: Prevention is better than a cure.    IM Traffic Control: IM traffic is subjected to policies and is logged    

How We Secure the Web                 Intranet Web Server Public Web Server    Internal Network   Public Internet     AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password. Policy Processing Engine: All user web application requests are subjected to granular security policy Content Filtering: Requests for content are controlled using content filtering based on granular policy   Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting. Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV. Spyware: Prevention is better than a cure. IM Traffic Control: IM traffic is subjected to policies and is logged Caching: Acceptable, clean content is stored in cache and delivered to requestor.     

How We Secure the Web                   Intranet Web Server Public Web Server     Internal Network   Public Internet    IM Traffic Control: IM traffic is subjected to policies and is logged Caching: Acceptable, clean content is stored in cache and delivered to requestor. Reporting: All browser, streaming, IM & virus activity, can be reported using Bluecoat's highly configurable reporter. AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password. Policy Processing Engine: All user web application requests are subjected to granular security policy Content Filtering: Requests for content are controlled using content filtering based on granular policy Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting. Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV. Spyware: Prevention is better than a cure.         

Reporter

3.) The Reporter This is the Blue Coat Systems OVERVIEW presentation as of July 2005.

Management User Interface Scalable management Reporting tools HTTP (HTTPS), web GUI Interface Telnet (Cisco CLI) SSH & Serial console Java Policy interface CPL, Policy Language SNMP MIBII + Traps Monitor network status and statistics Reporting tools BlueCoat Reporter Scalable management Centralized configuration management in Director

Reporting (example) 18.2 % Spyware (gator) 16.5 % Aftonbladet 9.5 % Ad’s (in top 40) 6.8 % https (encrypted)

System-wide Management and Control Blue Coat Director Centralized configuration of Blue Coat appliances – set up, policy, etc Centralized monitoring – appliance health, application use, user experience Blue Coat Reporter Enterprise roll-up and analysis of application delivery information: appliances, application use, user experience Both Director and Reporter are proven, with thousands of nodes under management…

4.) The Director This is the Blue Coat Systems OVERVIEW presentation as of July 2005.

Director configuration Management Remotely and securely manage via GUI or CLI. Work- station Configuration Management Policy Management Disaster protection centrally Configuration Management Monitor and control Resource Management Monitor network status and statistics Profile Management Backup configuration Create overlays using GUI or CLI. Automate changes License Management Director (2) Snapshot profile and save on Director (3) Create and edit overlays using GUI or CLI. “Profile” system Configuration Management Standardize configurations, provide disaster protection, centrally monitor and control Policy Management Distribute and synchronize web security and user policy Resource Management Conserve valuable resources with bandwidth policies and content positioning Monitor network status and statistics Quickly view statistics. Rapidly view/edit individual cache configurations. Common look and feel with browser console Create profile. Snapshot of good device configuration. Strips nongeneric settings (IP, licenses, etc). Customize by region with overlays. Create overlays using GUI or CLI. Create from scratch or copy from existing caches. Distribute License Keys. Real, WMT, Websense, SmartFilter, etc. Import keys and automatically distribute with profiles. Standardize Configurations. Schedule overlays. Schedule changes with advanced configurations. Automate policy changes Automate network changes Quickly change individual settings via GUI. Time-based management Schedule any command or config change Powerful CLI automation. All configurations stored as CLI commands. Create policies. Create with Visual Policy Manager. Distribute to groups of devices. Schedule or manually distribute. Centrally store policies and configurations. Examples: Filter files, CPL, WCCP, PAC, ICP, RIP, etc. Store and manage on Director or on distributed web servers. Three types of snapshots. Profile + overlay + advanced configuration Automated snapshot with every profile distribution Scheduled backups – tied to individual devices Rollback/restore Rollback to good snapshot upon discovery of problems Script rollbacks if necessary Control streaming impact Set bandwidth policies by protocol. By user, by group Proactively preposition content Schedule distribution of large files during off-peak hours. Distribute both internal and external content. Schedule all b/w policy changes. Use overlays or advanced configurations; or Set times within policies (4) Push profiles and overlays to one or more systems (1) Configure and test “profile” system Production systems

Director GUI

5.) SSL Interception This is the Blue Coat Systems OVERVIEW presentation as of July 2005.

Why SSL Intercept? Increased granularity for content filtering SSL Proxy vs. SSL Interception SSL Proxy alone can do content filtering (without SSL Interception) Explicit vs. Transparent interception Deep level protocol inspection (HTTP) HTTPS is just encapsulated HTTP HTTP Headers, etc. are readable after SSL Interception ICAPS handoff Antivirus (AV) inspection; RespMod Data Leakage Protection (DLP) inspection; ReqMod Logging and Reporting for SSL/HTTPS

42

SSL Interception Model

Resources SSL Proxy Deployment Web Guide https://bto.bluecoat.com/sgos/ProxySG/63/SSL_Proxy_Deployment _WebGuide/SSL_Proxy_WebGuide.htm Configuring SSL Interception on the ProxySG Appliance https://bto.bluecoat.com/support/ssl-interception Blue Coat Knowledge Base https://kb.bluecoat.com Blue Coat Technical Support Case https://bto.bluecoat.com/support/sr/list Configuring SSL Interception for Transparent Proxy https://kb.bluecoat.com/index?page=content&id=KB3700 Writing SSL Interception/Access Policy https://kb.bluecoat.com/index?page=content&id=KB3716

Questions ?