Documente Academic
Documente Profesional
Documente Cultură
SECURITY ANALYTICS:
REAL WORLD USE CASES
KEY FEATURES AND NEW USES FOR THE
BLUE COAT SECURITY ANALYTICS PLATFORM
WHITEPAPER
Security
SECURITY ANALYTICS: MUCH MORE THAN NETWORK FORENSICS
Empowers Prior generations of security analytics products were mostly used as tools by incident response teams to perform
Business retrospective analysis and forensics on breaches after the fact. This is still an important function, but today’s
security analytics solutions have evolved to deliver business value across a much broader range of circumstances,
and to address a number of critical issues faced by IT and security teams of all sizes.
This white paper briefly discusses the need for security analytics, provides a brief overview of the next-generation
security analytics platform offered by Blue Coat, and describes how a modern security analytics solution can
address seven important, real-world use cases:
1. Situational awareness 5. Data loss monitoring and analysis
2. Continuous monitoring 6. Web traffic monitoring and analysis
3. Security incident response and resolution 7. IT governance, risk management and compliance
4. Advanced malware detection
Situational Awareness
IT Governance,
Continuous
Risk Management
Monitoring
and Compliance
Business pinpoint how the exploit occurred, understand the full scope of the
into play after a breach had been detected, and used
almost exclusively for retrospective analysis and
problem, and completely prevent that exploit from ever happening forensics. But that has changed. Blue Coat has added
again...” real-time threat detection to the Security Analytics
A large online retailer built its security operations center and Platform with add-on software modules called Blue Coat ThreatBLADES.
incident response process around the Security Analytics Platform. ThreatBLADES provide real-time threat intelligence services. Each one is
They use it to identify malicious activity inside and outside the optimized to scan specific protocols (HTTP, SMTP, POP3, Webmail, FTP,
network, to pinpoint all compromised systems through root cause etc.), detect and extract objects (files, URLs, IP addresses, etc.), inspect
analysis, and to conduct assurance testing on preventative controls and categorize those objects as good, bad (malicious), or unknown, and
by replaying attacks in a lab environment. The Security Analytics take appropriate actions in real-time.
Platform provides much-needed context to alerts, including alerts
from their new advanced malware analysis appliances. Those actions can include alerting administrators in real time to
malware, querying the Blue Coat Global Intelligence Network about
unknown files, “brokering” unknown files to Blue Coat’s Malware
Analysis Appliance for detailed analysis in a “sandbox,” and adding file
signatures to a white list or black list.
Malware is often a component of advanced multi-stage attacks. By
identifying malware in real time, ThreatBLADES help security analysts
and incident responders get a jump on finding and analyzing advanced
threats and zero-day attacks.
For more information on Blue Coat ThreatBLADES and how they help
with malware detection, see the white paper Security Analytics Moves to
Real-Time Protection.
Global Dynamic
Intelligence Malware
Network Sandboxing
© 2014 Blue Coat Systems, Inc. All rights reserved. Blue Coat, the Blue
Coat logos, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter,
CacheEOS, CachePulse, Crossbeam, K9, the K9 logo, DRTR, Mach5,
Packetwise, Policycenter, ProxyAV, ProxyClient, SGOS, WebPulse,
Solera Networks, the Solera Networks logos, DeepSee, “See Everything.
Know Everything.”, “Security Empowers Business”, and BlueTouch are
registered trademarks or trademarks of Blue Coat Systems, Inc. or its
affiliates in the U.S. and certain other countries. This list may not be
complete, and the absence of a trademark from this list does not mean it
is not a trademark of Blue Coat or that Blue Coat has stopped using the
trademark. All other trademarks mentioned in this document owned by
third parties are the property of their respective owners. This document is
for informational purposes only. Blue Coat makes no warranties, express,
implied, or statutory, as to the information in this document. Blue Coat
products, technical services, and any other technical data referenced
in this document are subject to U.S. export control and sanctions laws,
regulations and requirements, and may be subject to export or import
regulations in other countries. You agree to comply strictly with these
laws, regulations and requirements, and acknowledge that you have the
Blue Coat Systems Inc. responsibility to obtain any licenses, permits or other approvals that may
www.bluecoat.com be required in order to export, re-export, transfer in country or import after
delivery to you.
Corporate Headquarters
v.WP-NEXT-GEN-SECURITY-ANALYTICS:REAL-WORLD-USE-CASES-
Sunnyvale, CA
+1.408.220.2200 EN-v1d-0714
EMEA Headquarters
Hampshire, UK
+44.1252.554600
APAC Headquarters
Singapore
+65.6826.7000
10