Blue Coat's SG line of appliances provide policy-based Web and WAN traffic control for small to large enterprises at the corporate gateway, including content filtering, IM/P2P control, and bandwidth management. The AV appliance line integrates with the SG appliances and provides additional anti-virus scanning capabilities for Web traffic. The AV appliances come loaded with the user's choice of anti-virus scanning technology; with Sophos, Ahn Lab, McAfee, Panda, and Kaspersky all listed as possibilities.

The appliances scale through several configurations based primarily on the number of users served and aggregate bandwidth requirements of the organization, from the SG210 with dual 10/100 NICs and an SSL offload card (the SSL offload card is optional in the smallest SG210 offering), to the 4U SG8100, with dual on-board 10/100/1000 ports and a dual or quad GigE card standard. The 8100 also adds the SSL offload card as an option on the smallest configuration and standard on the others; with a 2nd SSL offload card listed as optional on the high end offerings. Dual and Quad GigE copper cards are also listed as optional additions; as is a Quad GigE fiber card.

Key features of the SG appliances are provided via its SGOS operating system, and include:

- Policy definition and management: Security policies can be based on individual users, groups of users, time of day, location, protocol, user agent, content type and other attributes.

- Authentication: Supports user authentication to multiple authentication infrastructures, including local password files, NTLM, LDAP (Active Directory, eDirectory, SunOne), CA eTrust Siteminder, Microsoft Kerberos, Oracle Access Manager, RADIUS and certificates.

- Proxy support for multiple protocols, including HTTP, HTTPS, FTP, MAPI, SOCKS, AOL IM, Yahoo IM, Microsoft IM, MMS, RTSP, QuickTime, TCP-Tunnel, CIFS, and more. SSL termination allows for the examination of SSL traffic.

- Content filtering, through on-box support for the vendor's own WebFilter URL classification engine (more below) or other "leading" URL lists. Additionally, the product allows for the logging/blocking of P2P traffic; the controlling of BitTorrent, eDonkey, Gnutella, and FastTrack usage; and the ability to strip and replace Web content P2P file sharing controls

- IM logging and controls

- Streaming bandwidth controls, supporting Microsoft, Real, and QuickTime

- MACH5 (Multi-protocol Accelerated Caching Hierarchy) acceleration technology, which combines five methodologies with the goal of accelerating application delivery to users especially in branch or remote offices. The acceleration methods utilized within the MACH5 technology include bandwidth management, protocol optimization, object caching, byte caching, and compression; some of which require a Blue Coat appliance (or client) on both sides of the communication stream.

The AV line of appliances are utilized in conjunction with SG appliances, and provide McAfee, Ahn Lab, Sophos, Panda, and Kaspersky based anti-virus controls (user choice) to Web traffic. Traffic is first sent to the SG appliances, where components are identified and sent to the AV for analysis, and then returned to the SG after identification. AV Appliances are currently available in two flavors. Both the AV 510 and the AV 810 sport dual 10/100/1000 NICs; the AV 810 increases RAM (from 1 GB in the 510 to 2 or 3 in the 810) and also offers a dual CPU option (with the 3 GB RAM version).

Blue Coat additionally offers several complementary (and separately available) products for the ProxySG appliances. Among those:

- The aforementioned Blue Coat WebFilter, a URL classification engine that rates Web pages into over 61 pre-defined categories. The vendor notes that their technology focuses on the rating and management of actual Web pages as used by customers; resulting in an average of 94% of those sites visited by users already having been categorized (and returned directly by the onboard engine). For those that remain, the vendor utilizes a hosted, dynamic rating service (Dynamic Real-Time Rating, or DRTR) that the vendor states can retrieve an on-the-fly rating of approximately 98% of the sites passed to it based solely on electronic examination.

New to the Blue Coat WebFilter capabilities is the ability to dynamically rate sites as phishing sites using the DRTR technology; i.e., if a visited site is not already categorized it can be dynamically recognized by the DRTR engine as a potential phishing site, with access controlled accordingly through ProxySG policies.

- Blue Coat Reporter, with the ability to aggregate and report on Web traffic metrics from multiple Blue Coat appliance logs.

- Blue Coat Director, for the centralized management of multiple, distributed Blue Coat appliances.

The Blue Coat ProxySG appliances are available now; pricing starts at $3,000.

Contact Blue Coat Systems for further information.