Often times when I come to a company it is to bolster, revamp or help them re-evaluate their web security posture, with a focus on data exfiltration investigations and outbound web proxy is a great place to start. 90% of the time, when I finally gain access to the management console, I am greeted by an appalling SGOS 5.4 or 5.5 header across the top… This is sad because those versions of code were released 4-5 years ago, and have since been replaced by a much much richer SGOS code, with many more added features that companies should really be taking advantage of. Update your kit, people!!!
Reasons to upgrade to 5.5
1. Better ProxyAV Malware Threat handling works like WebFilter, but for Malware scanning policy so now we are getting a "best practices" malware policy constructed by bluecoat 2. VPM now includes a CPL Layer now you can see CPL within VPM and do not have to SSH to proxy)
Reasons to upgrade to 6.x
1. BlueCoats recommended long term release is 6.2 Long Term Release (LTR): These releases are identified for customers who would like to qualify and remain with a release for an extended period of time. LTR’s are supported for a minimum of 3 years. Multiple releases have been designated as LTR – details are available here. The ones listed on the table above are recommended on a specific platform. 2. Enhanced controls for Application Control Allows granular control of certain applications and how they function Think Facebook uploading pictures, posting, etc... --> http://www.bluecoat.com/application-and-operation-controls 3. 6.x is a 64 bit OS and uses the CPU architecture of the device to its fullest. The following ProxySG appliance platforms can be upgraded to SGOS 6.x: 32-bit platforms: SG210 (except for 210-5) and SG510 64-bit platforms: SG300, SG600, SG810, SG900, SG8100, and SG9000
It is much easier to upgrade incrementally vs doing one forklift upgrade every few years. The latter option normally comes with its fair share of business continuity impacting issues, that are not taken lightly by Sr. Mgmt. So please, please, please – just upgrade your kit. Put together an upgrade procedures document, list out how long you wait after a revision/patch/release to upgrade, and adhere to this update schedule – as updated by vendor, of course.