Blue Coat Spyware Interceptor

Blue Coat Spyware Interceptor

Summary: Simple to deploy and easy to manage, the Blue Coat Spyware Interceptor is a cost-effective way of identifying and blocking spyware infections without the need to configure and manage software on individual client PCs.

TOPICS: Security, Reviews
  • Editors' rating:
  • User rating:
  • RRP:


  • Traps inbound/outbound spyware traffic at the network edge
  • can block both known and new spyware exploits
  • ridiculously easy to install and manage, with automatic updates
  • built-in reporting tools


  • False positive exceptions not easy to configure
  • the ability to add antivirus and other security tools would be an advantage

Able to cope with networks of up to 1,000 users, Blue Coat’s Spyware Interceptor is a self-contained network appliance designed to screen out and block keyloggers, pop-up ads, malicious ActiveX/Java components and other spyware traffic. No client software is required, and the proxy server technology involved has no obvious impact on performance. It's also remarkably easy to deploy, with automatic updates and very little setup work or day-to-day management required.

Blue Coat makes big claims for the SCOPE technology -- short for Spyware Catching Object Prevention Engine -- on which the Interceptor is based. This intercepts all executable Web traffic as it passes through the proxy server, applying pre-set policy rules to remove either known or potential spyware executables based, on an analysis of over 8 million sites and common spyware characteristics.

The SCOPE software, in turn, runs on a custom security-hardened operating system, InterceptOS, with the Spyware Interceptor effectively a self-contained server complete with processor, memory and internal hard disk. The hardware, though, is tiny: just 1U high, and about a third the width of a standard rack shelf, so it can either be placed on a desktop or rack-mounted using the special brackets supplied.

Power comes from an external AC adapter and there are just two Ethernet 10/100Mbps connectors at the back -- to cable the Interceptor between an existing Internet router and the local network.

With so little to worry about, it took us just five minutes to install the Spyware Interceptor, and it was reassuring to find that data was passing between the two Ethernet interfaces even before the appliance was turned on. So even if the hardware gives up the ghost altogether, your Internet connectivity won’t be lost.

The initial software setup is also a delight. Simply browse to the URL supplied and a Blue Coat hosted wizard will first identify the Interceptor appliance, and then take you through the steps required to get it working -- these include assigning a local IP address, administrator name and password and an email address for alerts. You can also choose whether to simply monitor traffic or actively intercept and block suspected spyware.

That done, the Interceptor starts filtering straight away, and you’re taken to the built-in SSL-encrypted Web page for more detailed configuration. Not that you really need to change anything, as most of the time the appliance can simply be left to get on with it by itself.

You will, however, want to check on activity from time to time, and to this end a number of reports are available to, for example, see a summary of the top 10 spyware-infected workstations, list blocked downloads and so on. You might also want to exempt particular servers and/or workstations from filtering checks, or manually list sites known to harbour spyware.

No special skills are required to make these changes and we were very impressed with the results we got. Common tracking cookies, for example, were blocked as a matter of course, and when we browsed to known spyware hosts the appliance either stopped us connecting to the sites concerned or blocked the downloading of infected content.

Customisable warning messages can be displayed in each case; the Blue Coat appliance will also filter outbound traffic so already infected desktops can be identified and so-called 'phone-home' attempts to return harvested information blocked. Email alerts can be issued in such cases and, if you want, infected systems quarantined to prevent them leaking further information onto the Web.

There were not too many false positives, and we were only stopped from performing a couple of legitimate downloads on our tests. The host names and addresses can then be white-listed to get round the problem, although it would be nice if this could be automated rather than having to manually retrieve the details and type them in again.

Another minor criticism is that the Interceptor is solely dedicated to blocking spyware, which means employing other tools keep out would-be hackers, trojans, viruses and so on. Still, most companies will have tools to deal with those threats already, and the Blue Coat appliance is very effective at what it does. It’s also incredibly easy to set up and manage, and even if it only stops a handful of infections a week is likely to pay for itself in no time at all.


There are currently no specifications for this product.


There are currently no prices available for this product.

Topics: Security, Reviews

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • 10.0

  • 9.5

    I've had the product running for two weeks in my shop. It is Great. It keeps the end users from calling about thier spyware scanners by blocking the Spyware before it gets to the desktop. It is VERY inexpensive when you consider the time previously spent removing spyware by a tech.
  • 10.0

    Product is easy to set up, and is very effective
  • 10.0

    This product just works. It is easy to install, it blocks spyware and cost us a lot less than we were spending on our spyware problem, which was much worse than we anticipated.
  • 9.0

    We started using Spyware Interceptor in the Summer and were impressed at how much spyware it began blocking instantly. It also creates a top-10 list of infected PCs so it helped us find the machines that needed to be cleaned. Really, it's been tremendously helpful and it's very fast. We just don't have spyware now. I'd like some additional reporting so I massage reports a bit more, but my rep says that is coming.
  • 10.0

    I installed this on my 12 node network, and 24 hours later, pulled up the summary report. 1200 blocked spyware attempts. 2 nodes running spyware internally (this is on machines running ad-aware and spybot - both missed this!). I can't recommend this enough - as I said, it ROCKS.
  • 6.5

  • 10.0

  • 10.0

  • 7.0

    Too many sites on the Internet do not follow Internet standards. The BlueCoat enforces Internet standards. It's not really BlueCoat's fault, but deploying this will disappoint your users.