BLUE COAT COMPETITIVE BRIEF

Overview
Blue Coat lacks modern security defenses for advanced threats, data theft and forensic reporting. Seven product
releases focused on WAN Optimization has left security customers unprotected. The inline defense is a single AV
engine on a separate appliance lacking central management while the primary proxy appliance lacks neither inline
defenses nor the inline ability to analyze web page content, active scripts and links. WebPulse as a cloud-assist
service designed for unrated HTTP requests lacks SSL and social media private page analysis. WebFilter is the only
choice for URL filtering and the 9+ year old Java GUI lacks forensic reporting and threat analysis. New cloud
services are developing; however a reduction in ~30% of resources and the closing of many development centers
has Blue Coat left with few hands on deck.

Customers use the command-line interface as a default, plus custom scripts and content policy rules that new
administrators cannot easily learn or maintain. Without rule hit counters and last accessed dates, these archaic
policy files become difficult at best to maintain. Proxy gateways provide the ultimate visibility and control point
for web traffic inspection; however is the effort worth it when few modern defenses exist with Blue Coat.

Strategic points about Blue Coat

No inline real-time defenses other than a single AV engine for SSL traffic that continues to increase due to cloud
apps and services. Plus Facebook and social media site private pages where lures, scams and redirects continue to
flourish are not inspected inline. Rated sites are not analyzed for web page content, active scripts, exploit code or
embedded malware where the majority of threats reside and operate today.

No data theft defenses, containment or forensic reporting. Defenses lack outbound data theft defenses, or the
ability to provide forensic reporting on who, how, where and what data was targeted. Forensic data capture for
security incidents is not provided. While WebFilter provides a Dynamic DNS category, Blue Coat is far from
providing containment defenses against data theft and advanced malware communications.

DLP as a defense is missing as Blue Coat missed the opportunity to invest in DLP technologies years ago while
focused on WAN Optimization. The ability to detect proprietary (criminal) encrypted uploads, password file theft,
slow data leaks (or Drip DLP), confidential data in images, or geo-location awareness on communications is not
provided. Nor does Blue Coat provide any malware sandboxing tools or cyber security research services.

Lacking unified security intelligence for web, email and social networking against blended threats, spear-phishing
and targeted attacks. Leading security vendors partner with Facebook for social networking awareness to new
threats, plus unify defenses for web and email threats against blended attacks. Blue Coat has limited lab
resources and continues to rely on automation focused on unrated web sites.

Decreasing AV effectiveness as noted by IDC in their Threat Intelligence Update (Feb’12) notes that AV and
traditional defense are 30-50% effective against today’s known threats. Blue Coat defenses are primarily built
around AV engines with one at the gateway, an array in the cloud assist WebPulse service for unrated sites, plus
Websense Confidential: Sales and Partner Use Only
BLUE COAT COMPETITIVE BRIEF

inline for the emerging cloud services as a security SaaS. While sufficient years ago, this aging defense is no longer
enough for web gateways facing advanced threats, targeted attacks and data theft.

Reductions and misses past and present continue as Director, ProxyAV and Reporter products have had
development labs close due to consolidation and staff reductions. Mid-market product launch of ProxyOne was
pulled back after initial product launches. After acquiring Packeteer the goal to integrate PacketShaper with
ProxySG never materialized. Unifying security and WAN optimization into one TCP stack and OS resulted in high
bug counts and customer frustration. RTMP features fell flat as Adobe backed away from the technology.

Feature Comparison
Features Blue Coat Websense

Inline Real-Time Defenses (other  

than AV) including active scripts
Facebook Partnership for social  
networking threat/lure analysis
Integrated DLP & Advanced Data  
Theft Defenses
Unified Web, Email, Data Security  
Intelligence
Forensic Reporting (who, how, where  
and what)
Forensic Data Capture for Security  
Incidents
Proprietary (Criminal) Encryption &  
Password File Theft Detection
Malware Analysis Sandbox  

Network Port Monitor & Controls  

Web Proxy w/SSL Inspection  

Cloud Web Security SaaS  

Role-based Reporting  

Summary
Blue Coat has not kept pace with modern defenses against advanced threats and data theft. Years behind
competitors, plus lacking resources and having closed several development centers, its future is questionable.
Traditional AV and URL filtering defenses are not enough to protect customers; however the proxy gateway
remains the definitive network device for visibility and control over web requests. Customers with hardware
renewals should consider more advanced threat and data theft defenses in proxy gateway competitors with unified
security intelligence and forensic reporting. The complexity of maintaining content policy files and scripts without
central management tools for traditional defenses decreasing in effectiveness is an unacceptable risk.

Updated August 2012 Websense Confidential: Sales and Partner Use Only
© 2012 Websense, Inc. All rights reserved. Websense and ThreatSeeker are registered trademarks of Websense, Inc. in the United States and certain international markets. TRITON, X-Series,
X10G, and Websense Security Labs are trademarks of Websense, Inc. in the United States and other countries. Websense has numerous other registered and unregistered trademarks in the
United States and internationally. All other trademarks are the property of their respective owner. Specifications are subject to change.