Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Use Splunk and Blue Coat to better monitor, investigate
and secure your Internet traffic
Splunk® App for Blue Coat ProxySG...
F a c t s h e e t
250 Brannan St, San Francisco, CA, 94107 | 866-438-7758 ...
Upcoming SlideShare
Loading in …5

Splunk for blue_coat_proxy_sg


Published on

Splunk for BlueCoat Application

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Splunk for blue_coat_proxy_sg

  1. 1. Use Splunk and Blue Coat to better monitor, investigate and secure your Internet traffic Splunk® App for Blue Coat ProxySG F a c t S h e e t from point solutions by allowing the end user to create data visualizations that reflect long term trending of threats, see them in the context of other IT data and link solutions together to automate security processes. The Splunk App for Blue Coat ProxySG Available on Splunkbase, the Splunk App for Blue Coat ProxySG is a free App that sits on top of Splunk Enterprise. It ingests data from Blue Coat ProxySG appliances and offers out-of-the-box dashboards, reports and fast access to Blue Coat data. The Splunk App for Blue Coat ProxySG allows Blue Coat customers to easily analyze the amount and type of Internet traffic that is entering and leaving their network, identify web-based security threats and potentially infected internal clients, and quantify potentially inappropriate or wasteful web surfing activity. The Splunk App for Blue Coat ProxySG also contains search capabilities which allow users to enter values such as IP, username, category, or host names to quickly see relevant Blue Coat data. The Blue Coat data can quickly be summarized for a broad picture view, but can also be drilled into to get the raw data on specific Web events. Lastly, customers can also customize the Splunk App for Blue Coat ProxySG by creating their own dashboards, visualizations, forms and alerts to accommodate their specific needs. The Splunk App for Blue Coat ProxySG receives data straight from the Blue Coat ProxySG appliances as syslog over TCP. Splunk indexes this data and allows you to perform further analysis on it. Once the Blue Coat data is indexed by Splunk, it can be correlated with other data in Splunk from sources such as DNS, DHCP, AD, email servers, firewalls and Windows event logs to detect the presence of advanced threats that may hide behind credentials and use other stealthy methods to evade detection from traditional stand-alone security products. Additionally, Blue Coat appliances can also output many different log formats, including customer defined formats, which are easy to add to Splunk. The Splunk App for Blue Coat ProxySG is compliant with the Splunk Common Information Model (CIM), making it easier to correlate Blue Coat data with data already in Splunk. Other Splunk apps that use the CIM include the Splunk App for Enterprise Security, Splunk App for PCI Compliance, Splunk App for FireEye, Splunk App for FISMA, the Cisco Security Suite, and the Splunk App for Symantec. Splunk App for Blue Coat ProxySG — Dashboards, Reports and Search Boxes The Splunk App for Blue Coat ProxySG generates Blue Coat- specific dashboards and reports in real-time, enabling immediate visibility on key Blue Coat metrics. The Splunk App for Blue Coat ProxySG also supports Splunk Enterprise functionality such as the ability to schedule and email reports to others, role-based access Blue Coat® and Splunk The Blue Coat ProxySG appliance provides complete control over all your web traffic with robust features that include user authentication, web filtering, data loss prevention, inspection and validation of SSL-encrypted traffic, content caching, bandwidth management, stream-splitting and more. Blue Coat ProxySG appliances feature an architecture that utilizes patent-protected caching technologies to assure performance as new security features are deployed. With multi-core hardware platforms and the SGOS operating system, ProxySG appliances can provide massive throughput without compromising security. Splunk Enterprise can be deployed as a security intelligence platform that collects, indexes and harnesses machine- generated big data coming from websites, applications, servers, networks and security products such as Blue Coat. Splunk software is often used as a big data platform for security use cases, including incident investigations and forensics, security reporting and visualization, and security information and event management (SIEM) threat correlation. For SIEM use cases, Splunk connects the dots across siloed technologies to help detect and alert on advanced threats that otherwise could evade detection. The Splunk platform extracts additional value • Real-time dashboards, panels and search fields to easily view and investigate Blue Coat ProxySG data • Fast reporting and drill down over massive amounts of Blue Coat ProxySG data • Correlate Blue Coat ProxySG data with other data sources in Splunk Enterprise™ to detect and remediate additional advanced threats H i g h l i g h t s
  2. 2. F a c t s h e e t 250 Brannan St, San Francisco, CA, 94107 | 866-438-7758 | 415-848-8400 Copyright © 2013 Splunk Inc. All rights reserved. Splunk Enterprise is protected by U.S. and international copyright and intellectual property laws. Splunk is a registered trademark or trademark of Splunk Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item # FS-splunk-bluecoat-105 control to limit who can view and/or act on specific data in Splunk or an App, and drill-down actions that enable you to delve deeper into the details behind graphical elements and charts. The following dashboards are among the ones available in the Splunk App for Blue Coat ProxySG: Traffic overview dashboards: • MB sent and received over time • MB sent and received by protocol • Number of requests by protocol • Number of requests by category • Geo-IP mapping of events across the world • Top file types by requests and MBs received • Top web destinations by requests, MBs received, MB sent • Bandwidth savings over time and by site Client profile dashboard: • Can filter by user name or by client IP • MB sent and received over time • Sites visited with malware • Web activity summary Site profile dashboard: • Can filter by destination name or IP • Number of visitors over time • Client URL statistics Security dashboards: • Sites that were blocked • Sites with malware found • Internal usernames and IPs with potential infections • Number of blocked sites over time • Amount of malware over time WFA (Waste, Fraud, Abuse) dashboard: • Potential WFA issues over time • Potential WFA issues detail Free Download Download Splunk for free. You’ll get a Splunk Enterprise license for 60 days and you can index up to 500 megabytes of data per day. After 60 days, or anytime before then, you can convert to a perpetual Free license or purchase an Enterprise license by contacting Try Out the App, it’s Free! Go to > Splunkbase and search for “blue coat” to download the App.