Blue Coat unveils proxy antivirus appliance

A new security appliance from Blue Coat Systems Inc. will allow companies to scan Web traffic to their network at a high speed, spotting viruses and malicious file downloads from Web pages or Web-based e-mail at the network perimeter, the company said on Monday.

The Blue Coat ProxyAV is an appliance 1.72 inches high, or about 1U, that scans traffic to Web browsers for Trojan horse programs, Internet worms and malicious content buried in HTTP (Hypertext Transfer Protocol) traffic. By joining antivirus detection to Blue Coat’s proprietary operating system and dedicated hardware platform, the ProxyAV is designed to make antivirus scanning of Web traffic feasible for large networks and give executives the ability to see how employees are using the Internet, said Steve Mullaney, vice president of marketing at Blue Coat.

ProxyAV works together with Blue Coat’s ProxySG series appliances. Inbound Web traffic is scanned first by the ProxySG to determine whether it contains content that needs to be scanned. Web objects that meet the ProxySG’s criteria are sent to the ProxyAV appliance, which scans them for viruses. Objects that are found to contained viruses are discarded. Objects that pass the scan are returned to the ProxySG appliance and cached for future reference.

The new appliance is available in two models, a 400 and 2000 series, and works with antivirus engines from Sophos PLC, Network Associates Inc.’s McAfee antivirus unit, Trend Micro Inc. and Panda Software SL.

The 400 series comes in two models: the 400-E0, which features an 850MHz Intel Corp. Celeron processor and 512MB of RAM (random access memory), and the 400-E1, which comes with a 1.26GHz Intel Pentium IIIprocessor. The 2000 series ranges from the 2000-EO, which features a 2GHz Intel Xeon processor and 768MB of RAM, to the 2000-E3, which features two 2.4GHz Xeons and 3GB of RAM.

The appliances can process up to 249M bits per second of throughput with just 4 milliseconds of latency, on average, for Web traffic, Blue Coat said.

The State of Delaware investigated ProxyAV after being hit by a number of viruses which required considerable time and effort to remove from the network, which serves Delaware’s State Police, Governor’s office and most state departments, said Glenn Wright, senior telecommunications technologist for the state’s Department of Technology and Information.

The state tested ProxyAV on its 35,000 person network of state employees, then expanded its use of the product, clustering three devices and extending coverage to its 114,000-user education network. The product has helped Wright and his team stop viruses borne by Web-based e-mail, which averaged over 1,000 a week on the education network alone. It has also helped information technology staff spot the source of outbreaks on the network when they do occur and the destination of attacks, he said.

So far, users haven’t noticed any slowdown in Web traffic, he said.

Blue Coat still has some things to “work out” in ProxyAV, he said, including the need for easier configuration when the device is first deployed, some changes to the user interface, and configuration issues with some Cisco Systems Inc. hardware, which Wright blamed on Cisco rather than Blue Coat.

The Blue Coat Proxy AV is available immediately from Blue Coat and its partner companies. Prices range from $4,500 to $21,000 for higher-end devices, the company said.