Blue Coat Systems, a player in the application delivery networking space, has announced that Blue Coat ProxyAV appliances now support true file type detection from IT security and control firm Sophos, a Blue Coat Technology Integration partner. With true file type detection, Blue Coat ProxyAV appliances provide comprehensive detection of Web threats in compressed attachments that are masquerading as other files at the Internet gateway.
ProxyAV appliances complement Blue Coat ProxySG appliances to provide distributed enterprises with scalable malware detection at the Internet gateway. Blue Coat ProxySG appliances already support true file type detection for uncompressed attachments to determine if the masquerading file is malware, spyware or some other malicious threat. If there is a true file type discrepancy, where the file is not what it claims to be, ProxySG appliances can block or allow the file according to established corporate IT policies. For compressed files, such as those using .zip or .tar formats, ProxySG appliances hand the scanning task off to Blue Coat ProxyAV appliances for in-depth threat analysis and malware detection. Using the new Sophos true file type detection feature, ProxyAV appliances can detect a file failure within the compressed file and feed that information back to ProxySG appliances for policy enforcement.
"While threat detection engines block all known malware, true file type detection closes a well-known loophole to hackers attempting to infiltrate corporate networks,' said Dave Asprey, vice president of technology and corporate development at Blue Coat Systems. "By enabling detection and consistent policy enforcement across all types of traffic and attachments, the Blue Coat and Sophos solution provides a layered security approach that protects businesses from increasingly sophisticated malware threats."
In the joint solution, Blue Coat ProxyAV appliances support the Sophos anti-virus engine, which utilises Behavioral Genotype Technology to proactively protect against evolving malware. By recognising the genome of a particular threat, Sophos can proactively block mutated or altered versions of that threat without having to wait for updated signatures. This intelligent recognition of mutated threats not only reduces memory dedicated to signatures but also provides proactive protection against a rapidly evolving landscape.
Updated Date: Jan 31, 2017 02:09 AM