The fact that spyware is becoming as big a problem to businesses as viruses hasn’t gone unnoticed by security appliance vendors. Many are incorporating some form of protection in their all-in-one boxes. However, this can have the effect of reducing protection, as these very same vendors try to tackle yet another security issue and end up spreading themselves too thinly. With the Spyware Interceptor, Blue Coat has gone down the point-solution route and aims to offer some tough anti-spyware measures.
This compact appliance functions as a transparent proxy and Blue Coat claims a ten-minute installation. We can’t argue with this, as the Interceptor slipped smoothly into our test network between our firewall and LAN with time to spare. The appliance also doesn’t represent a single point of failure, since an internal passthrough card will route traffic through the appliance if it goes down for any reason. The secure web interface is easy to use and opens with a Quick-Start Wizard that gets the network connections sorted out and the appliance licensed. The appliance employs Blue Coat’s SCOPE (spyware catching object protection engine), which scans all web traffic for executable content and uses predefined policies to block access to and remove questionable content. It takes a subtle approach to spyware, as it won’t block all suspect web pages outright; it will allow those through that don’t have any executable content. It will also attempt to display pages, but with dubious active content removed.
Although most of them are transparent to the administrator, the engine uses ten methods of spyware detection. It automatically blocks all inbound and outbound spyware-related traffic, but tracking cookies may also be blocked and you can decide whether to have active objects removed from web pages. You can also create your own site-blocking lists and specify sites that are suspect and should be included in the scanning process. The appliance uses one method that relies on the fact that websites that generate spyware aren’t only easier to identify but will frequently continue to propagate for their own profit. Blue Coat uses a list of such sites, regularly downloaded to the appliance (and which currently contains 8 million entries).
If you want to use the appliance initially to check on spyware activity, it can run in a passive mode, where it merely logs and reports on activity. Reporting features are good, as the appliance maintains daily reports on the top ten infected workstations, plus all infected traffic and blocked downloads. An event log helps to spot troublemakers, providing details on spyware events, the host site name, the action taken, and the IP and MAC address of the client. We were impressed with the Interceptor, and it deftly handled all our attempts to access known spyware sites. For example, it handled the 180 Search Assistant site by removing any active content and blocking all attempts to download this utility. For the latter, clients will receive a warning message in their web browser.
Smaller networks with no spyware protection will find the Blue Coat well worth considering. Installation and deployment cause little disruption, reporting is extensive and it provides a range of anti-spyware defences that all-in-one appliances will find hard to match.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
