10 Feb 2011
There are two basic ways to prevent employees getting up to no good on the web and keeping web-based threats at bay; you can do it at the a network edge, or you can force all access via an on-demand proxy service (web security-as-a-service). In general terms, the first approach suits on-premise users (i.e. those behind the firewall) and the latter suits mobile users. Of course, most businesses have to support both types of users. So, a hybrid approach using a combination of both delivery methods can make sense.
The approach taken by a given vendor depends on its heritage. So, Blue Coat, a long-established vendor of web security appliances has always been firmly in the network edge camp – but not for much longer. This week it has announced the Blue Coat Cloud Service. Blue Coat customers will now have a choice of approaches. However, initially, it will not be possible to integrate the new on-demand service at the management and policy level with existing Blue Coat Proxy SG appliances, although this is planned for a later date. So, at this stage Blue Coat’s announcement is more about making its technology available to new customers who want an on-demand service than extending the protection it provides for existing customers.
Blue Coat will not be alone in having both offerings but not fully integrating them. Other vendors already have the same problem. Ever since its acquisition of MessageLabs, Symantec has been building out its on-demand service to bolster its on-premise ones. Initially Symantec was focused mainly on email but its acquisitions of MI5 (2009) and Rulespace (2010) allowed it to expand its offering to include the web, although with four products involved its policy engines are yet to be fully integrated.
McAfee should in principle, with its ePolicy Orchestrator (ePO), be able to provide a coherent approach to defining policy across both its on-premise and on-demand security services, but in practice it has yet to fully integrate the latter and ePO does not cover its cloud-based services. Cisco too, which acquired the market-leading on-demand web security firm ScanSafe in 2010, is still to integrate policy with its IronPort on-premise appliances (IronPort was originally purely for email security, but Cisco is adding web security).
The most integrated approach to both on-premise and on-demand web security is available from a veteran in the space; Websense. Its TRITON Security Gateway Anywhere has offered a hybrid approach for over a year now allowing customers to define policy for both web and email security in one place to deliver on-premise or on-demand.
Other vendors, such as Webroot, which focuses on the small and mid-sized business market, where on-demand services fit well, says it sees a future where 90% of all its business services are delivered online. However, it is hedging its bets by partnering with Palo Alto Networks, whose next-generation firewalls sit firmly at the network edge and include URL filtering based on Webroot’s BrightCloud technology (Palo Alto Networks does support remote users by forcing access back via its firewall, it calls this Global Connect). Trend Micro has a hybrid offering for email security but not currently for web activity, its InterScan Web Security is available only as an appliance.
So, the Blue Coat announcement will be good news for those who have always wanted to benefit from its technology but think such security is best delivered on-demand, but unless its customers want to manage policy and other aspects of web security in two places, they will not be able to extend their on-premise security to the cloud just yet. Furthermore, Blue Coat is yet to add email security services to any of its products. As many of its competitors already offer both, this is another limitation
Bob Tarzey, analyst and director, Quocirca
Add your comment
