Category: Information Security

BlueCoat Proxy – Web URL Category Review / Best Practices

This page will attempt to assist you in building a Web URL Category review process, as well as provide best practice recommendations from BlueCoat and my own personal experience with BlueCoat. BlueCoat does not update their Web URL Categories very often, but it does happen about once every 12-18 months. In earlier times, they were…

Read More »

Word To Enterprises… Update Your Security Kit Regularly

Often times when I come to a company it is to bolster, revamp or help them re-evaluate their web security posture, with a focus on data exfiltration investigations and outbound web proxy is a great place to start. 90% of the time, when I finally gain access to the management console, I am greeted by…

Read More »

BlueCoat Proxy And The Need For SSL Decryption

Most organizations will deploy a BlueCoat Web Proxy solution, but not intercept HTTPS (TCP/443) traffic. This may be done for various reasons * Not yet having a PKI infrastructure to manage the SSL browser certificates * Perhaps the AD/GPO team doesn’t want to manage SSL certificate on the user PC * Security teams may be…

Read More »

BlueCoat Proxy – Log Injection For Rule Tracking

Unfortunately BlueCoat doesn’t have a nice and fancy log tracker type utility like CheckPoint has in Smart Tracker. Rules do not have numbers perse – but you can work around this by using some log injection smoke and mirror tricks. There are a few unused (or not very often used) log variables that can be…

Read More »

FireEye Integration With BlueCoat Proxy

This tutorial will assist you with integrating FireEye and BlueCoat a bit, by using a URL list populated by FireEye to use in the BlueCoat as another web filter. This filter can then be used in BlueCoat policy just like the BCWF, McAfee Smartfilter, etc…

Read More »

My Experience With SANS NetWars Tournament

I attended the SANS NetWars Tournament at the SANS Rocky Mountain Conference 2013 in Denver, while attending the SEC504: Hacker Techniques, Exploits & Incident Handling course taught by: James Lyne – Global Head of Security Research at Sophos Kevin Fiscus – Owner/Senior Consultant at Cyber Defense Advisors Both James and Kevin were fantastic instructors with…

Read More »

Blue Coat ProxySG – ICAP, deferred scanning, and data trickling

Recently I was digging into a BlueCoat ProxySG / ProxyAV setup for ICAP and noticed some things that had room for improvement. Not a major overhaul, but some things that were missed from the best practices guide that just so happened to be causing a bit of an issue. Below is part of the small…

Read More »