- Traps inbound/outbound spyware traffic at the network edge
- can block both known and new spyware exploits
- ridiculously easy to install and manage, with automatic updates
- built-in reporting tools
- False positive exceptions not easy to configure
- the ability to add antivirus and other security tools would be an advantage
Able to cope with networks of up to 1,000 users, Blue Coat’s Spyware Interceptor is a self-contained network appliance designed to screen out and block keyloggers, pop-up ads, malicious ActiveX/Java components and other spyware traffic. No client software is required, and the proxy server technology involved has no obvious impact on performance. It's also remarkably easy to deploy, with automatic updates and very little setup work or day-to-day management required.
Blue Coat makes big claims for the SCOPE technology -- short for Spyware Catching Object Prevention Engine -- on which the Interceptor is based. This intercepts all executable Web traffic as it passes through the proxy server, applying pre-set policy rules to remove either known or potential spyware executables based, on an analysis of over 8 million sites and common spyware characteristics.
The SCOPE software, in turn, runs on a custom security-hardened operating system, InterceptOS, with the Spyware Interceptor effectively a self-contained server complete with processor, memory and internal hard disk. The hardware, though, is tiny: just 1U high, and about a third the width of a standard rack shelf, so it can either be placed on a desktop or rack-mounted using the special brackets supplied.
Power comes from an external AC adapter and there are just two Ethernet 10/100Mbps connectors at the back -- to cable the Interceptor between an existing Internet router and the local network.
With so little to worry about, it took us just five minutes to install the Spyware Interceptor, and it was reassuring to find that data was passing between the two Ethernet interfaces even before the appliance was turned on. So even if the hardware gives up the ghost altogether, your Internet connectivity won’t be lost.
The initial software setup is also a delight. Simply browse to the URL supplied and a Blue Coat hosted wizard will first identify the Interceptor appliance, and then take you through the steps required to get it working -- these include assigning a local IP address, administrator name and password and an email address for alerts. You can also choose whether to simply monitor traffic or actively intercept and block suspected spyware.
That done, the Interceptor starts filtering straight away, and you’re taken to the built-in SSL-encrypted Web page for more detailed configuration. Not that you really need to change anything, as most of the time the appliance can simply be left to get on with it by itself.
You will, however, want to check on activity from time to time, and to this end a number of reports are available to, for example, see a summary of the top 10 spyware-infected workstations, list blocked downloads and so on. You might also want to exempt particular servers and/or workstations from filtering checks, or manually list sites known to harbour spyware.
No special skills are required to make these changes and we were very impressed with the results we got. Common tracking cookies, for example, were blocked as a matter of course, and when we browsed to known spyware hosts the appliance either stopped us connecting to the sites concerned or blocked the downloading of infected content.
Customisable warning messages can be displayed in each case; the Blue Coat appliance will also filter outbound traffic so already infected desktops can be identified and so-called 'phone-home' attempts to return harvested information blocked. Email alerts can be issued in such cases and, if you want, infected systems quarantined to prevent them leaking further information onto the Web.
There were not too many false positives, and we were only stopped from performing a couple of legitimate downloads on our tests. The host names and addresses can then be white-listed to get round the problem, although it would be nice if this could be automated rather than having to manually retrieve the details and type them in again.
Another minor criticism is that the Interceptor is solely dedicated to blocking spyware, which means employing other tools keep out would-be hackers, trojans, viruses and so on. Still, most companies will have tools to deal with those threats already, and the Blue Coat appliance is very effective at what it does. It’s also incredibly easy to set up and manage, and even if it only stops a handful of infections a week is likely to pay for itself in no time at all.