Blue Coat Security Analytics Appliances

Accelerating Your Incident Response & Improving Your
Network Forensics
With the increasingly sophisticated threats targeting your organization, you need increasingly intelligent defenses
that enable you to quickly and effectively respond. This requires full visibility into your network traffic and insightful
security intelligence capable of uncovering breaches, so they can be quickly contained and remediated. Blue Coat
Security Analytics Appliances deliver the complete network visibility and forensics you need, out of the box – so
you can react to security issues, in real time, to protect your workforce, fortify your network and improve your
security processes.
Integrated, Turnkey Solution
Blue Coat Security Analytics Appliances are
part of Blue Coat Security Platform’s Incident
Response and Forensics solutions. The
turnkey, pre-configured appliances harness
the Blue Coat Security Analytics software
to capture, index and classify all network
traffic (including full packets) in real time. This
data is stored in an optimized file system for
rapid analysis, instant retrieval and complete
reconstruction to support all your incident
response activities.
The appliances can be deployed anywhere
in the network: at the perimeter, in the core,
in a 10 GbE backbone, or at a remote link to
deliver clear, actionable intelligence for swift
incident response and resolution and realtime network forensics. There are two solution
deployment options:
• 2Gbps appliances: Offering highperformance analytics; massive scalability;
and centralized management.
SECURITY ANALYTICS
APPLIANCES
• 10Gbps appliances and SAN storage:
Providing enterprise-proven capabilities via
more interfaces, storage and memory (up to
720 TB on a single sensor).
Next-Generation Capabilities for
Advanced Protection
AT A GLANCE
The Security Analytics Appliances are the only
completely integrated solutions designed to
deliver the security analytics and advanced
threat protection you need to reduce the
time it takes to resolve security incidents and
conduct swift forensic investigations. With the
Security Analytics Appliances, you can:
• Speed Threat Identification – providing
complete visibility into your network traffic,
with full traffic capture, classification and
deep packet inspection capabilities.
Speed Threat Identification
The solution gives you total visibility into your
network traffic, from your data center to your
remote offices, through full network packet
recording and classification to accelerate the
identification of attacks in your environment
and shorten your exposure window. The
Security Analytics Appliances deliver:
• Application Classification: Through
powerful deep packet inspection (DPI), more
than 2,400 applications and thousands of
descriptive, metadata attributes, including
content types, file names, and more are
classified for easy analysis and recall.
The integrated, turnkey Security Analytics
Appliances:
• Reduce Incident Response Times &
Streamline Forensics – providing context
around what is happening in your network to
support fast incident response and resolution
and streamlined post-breach forensics.
• Deliver Quick Time to Value – offering easy
to deploy, turnkey appliances that seamlessly
integrate with your environment to enhance
and streamline your security activities.
DATASHEET
BLUE COAT SECURITY ANALYTICS APPLIANCES
DATASHEET
Security
Empowers
Business
• Real-time Threat Intelligence: Direct access
to the latest threat intelligence, via tight
integration with the Blue Coat Intelligence
Services and Global Intelligence Network,
which is made up of more than 15,000
customers and 75 million users worldwide, as
well as numerous 3rd-party threat reputation
services. Blue Coat provides real-time,
actionable threat and URL and file reputation
data directly to the Security Analytics
Appliances, so you can be confident you
have the most up-to-the-minute information
on the attacks targeting your organization.
• Layer 2 through 7 Analytics: A variety of
analytics tools, such as complete session
reconstruction, data visualization, Root
Cause Explorer, timeline analysis, file and
object reconstruction, IP geolocation and
trend analysis ensure you have all you
need to fully understand the threats in your
environment. For example, the Root Cause
Explorer uses extracted network objects
to reconstruct a timeline of suspect web
sessions, emails and chat conversations, so
you can find evidence of the full source and
scope of a security event.
• Emerging, Zero-Day Threat Detection:
Automatic brokering of unknown files to
Blue Coat’s Malware Analysis solution for
sandboxing and threat scoring helps you
incriminate or exonerate suspicious activity in
your environment.
• Tight Integration with Security
Infrastructure: The appliances integrate
with best-of-breed security technologies,
including security information and event
management (SIEM) systems, nextgeneration firewalls (NGFW), intrusion
prevention devices (IPD), malware
sandboxing and endpoint forensics, to
help you leverage your existing security
investments and improve the effectiveness of
established processes and workflows.
Reduce Incident Response Times &
Streamline Forensics
The Security Analytics Appliances give you
the insights you need to understand the
context of security events in your environment,
so you can quickly contain and remediate
the full extent of a security incident and
support post-breach forensics activities. The
appliances enable situational awareness, with
clear, concise actionable intelligence about
the threats to your applications, files and web
content via:
• Context-Aware Security: Blue Coat offers
you context for all your security alerts, so
you can understand what happened, before,
during and after an attack. You can pivot
directly from any alert or log and obtain the
full-payload details to support quick incident
resolution and ongoing forensics activities.
Quickly Achieve Results with Easyto-Deploy, Integrated Turnkey
Appliances
The durable, certified, thoroughly tested
appliances quickly add value to your security
operations. The easy-to-deploy, integrated
turnkey solutions offer:
• High Performance: 2-10 Gbps interfaces
provide lossless packet capture, indexing
and classification that meet the performance
demands of your environment. The carrierclass appliances are based on certified,
industry standard hardware platforms that
provide the high availability and serviceability
you require to maximize uptime and
performance.
• Scalability: Massive storage capacity is able
to accommodate extended historical capture
windows. Optimized high-density SAN
storage, with support for add-on capacity,
up to petabytes in size, enables you to meet
your fast-changing requirements and growing
network traffic demands.
• Turnkey Deployment: The appliances
come with pre-installed and pre-configured
Security Analytics Software for a fast
deployment that delivers immediate value.
The Security Analytics Central Manager
enables you to centrally monitor and manage
your distributed Security Analytics appliances
from a single pane of glass. The built-in
Security Analytics Dashboard makes it easy
to get the information you need to accelerate
your incident response and forensics
activities.
DATASHEET
Security
Empowers
Business
Media Panel: View all images files and all associated
metadata
See where all your traffic and threats are coming from
Customized dashboard view for quick analysis
SECURITY ANALYTICS APPLIANCES: DIRECT-ATTACHED STORAGE
2G APPLIANCE
10G APPLIANCE
STORAGE MODULE
CENTRAL MANAGER
INTERFACES
3 x 10/100/1000 BaseT
7 x 10/100/1000 BaseT
2 x 10 GbE
2 SAS3 (12 Gb/s)
4 x 10/100/1000 BaseT
ON-BOARD STORAGE
6TB Usable (Capture + Index):
- 5TB RAID-5 Capture (6 x 1TB)
- 1TB RAID-1 Indexing (2 x 1TB)
- 1TB RAID-1 System (2 x 1TB)
22TB Usable (Capture + Index):
- 18TB RAID-5 Capture (19 x 1TB)
- 4TB RAID-5 Indexing (5 x 1TB)
- 1TB RAID-1 System (2 x 1TB)
44TB (44TB Usable / 48TB Raw)
3TB Usable:
- 1TB RAID-1 System (4 x 1TB)
MAX. USABLE STORAGE
Up to 1 40TB Storage Module - 50TB
usable storage
Up to 6 44TB Storage Modules - 264TB
usable storage
SAS 12 Gb/s Self-Encrypting
---
CPU
2 Intel® Xeon® Processor E5-2620 v3
(15M Cache, 2.40 GHz, 6 Core)
2 Intel® Xeon® Processor E5-2680 v3
(30M Cache, 2.50 GHz, 12 Core)
---
2 Intel® Xeon® Processor E5-2620 v3
(15M Cache, 2.40 GHz, 6 Core)
MEMORY CAPACITY
16 x 8GB RDIMM
16 x 16GB RDIMM
---
8 x 8GB RDIMM
RACK HEIGHT
1 RU
2 RU
2 RU
1 RU
RACK DEPTH
710 mm / 28 inches
723 mm / 28.5 inches
710 mm / 28 inches
710 mm / 28 inches
CHASSIS CONFIGURATION
Up to 10 Hard Drives
Up to 26 2.5” Hard Drives
---
Up to 4 Hard Drives
POWER SUPPLIES
Dual, Hot-Plug, Redundant (1+1), 750W
Dual, Hot-Plug, Redundant (1+1), 1100W
Dual, Hot-plug, Redundant, 600W
Dual, Hot-Plug, Redundant (1+1), 750W
POWER CORDS
2 x NEMA 5-15P to C13 Wall Plug,
125V 15A
2 x NEMA 5-15P to C13 Wall Plug,
125V 15A
2x C13 to C14, PDU-style, 12 amp, 2ft,
Redundant PDUs
2 x NEMA 5-15P to C13 Wall Plug,
125V 15A
RAILS
ReadyRails™ Sliding Rails with Cable
Management Arm
ReadyRails™ Sliding Rails with Cable
Management Arm
Rack Rail, 2Us, Static
ReadyRails™ Sliding Rails with Cable
Management Arm
INTERNAL RAID CONTROLLER
12 Gb/s SAS
12 Gb/s SAS
---
12 Gb/s SAS
EXTERNAL RAID CONTROLLER
12 Gb/s SAS
2 12 Gb/s SAS
---
---
EMBEDDED MANAGEMENT
Full remote console access with remote
removable media support
Full remote console access with remote
removable media support
---
Full remote console access with remote
removable media support
INPUT POWER
320 W (1091.9 Btu/h)
646 W (2204.2 Btu/h)
370 W (1262.5 Btu/h)
372 W (1269.3 Btu/h)
AIR FLOW
24.2 CFM (11.4 I/s)
32.6 CFM (15.4 I/s)
6.5 CFM (3.1 I/s)
28.75 CFM (13.5 I/s)
TOTAL WEIGHT
37.3 lbs (16.9 kg)
65 lbs (29.5 kg)
63.1 lbs (28.6kg)
40.6 lbs (18.4kg)
DATASHEET
SECURITY ANALYTICS APPLIANCES: HIGH-DENSITY SAN STORAGE
Security
Empowers
Business
10G HD APPLIANCE
240TB STORAGE ARRAY
CAPTURE INTERFACES
2 port 10GigE
N/A
ON-BOARD STORAGE
Eight (8) 1TB 7.2K FIPS 140-2 Self-Encrypting NLSAS 6Gbps 2.5in
Hot-plug Hard Drives. For system partition only
240TB (60x4TB 7.2K FIPS 140-2 Self-Encrypting NLSAS 3.5in
Hot-plug Hard Drives)
MAX USABLE STORAGE
N/A
208TB
2 R5 (4+1) index partitions = 32TB
4 R5 (11+1) capture partitions = 176TB
2 Hot Spares
CPU
2 x Intel Xeon E5-2680 v3
N/A
MEMORY CAPACITY
256 GB RAM
N/A
RACK HEIGHT
1.68”
7”
RACK DEPTH
29.72”
32.5”
CHASSIS HEIGHT (CHASSIS CONFIGURATION)
1U
4U
POWER SUPPLIES
Dual hot-plug power supplies
Dual hot-plug power supplies
POWER CORDS
2 x NEMA 5-15P to C13 Wall Plug, 125V 15A
2 x Power Cord, C20 to C19, PDU Style, 250V, 16A, 2ft (0.6m)
RAILS
ReadyRails with Cable Management Arm
Static rails
SERVER RAID CONTROLLER
PERC H730P Integrated RAID Controller
N/A
EXTERNAL RAID CONTROLLER
N/A
N/A
STORAGE NETWORK INTERFACE
2 x Emulex LPe16002B Dual Port 16 Gb/s Fibre Channel Host Bus Adapters
2 x 8GB Caching Controller with 16 Gb/s Fibre Channel support
EMBEDDED MANAGEMENT
iDRAC Enterprise remote management
Modular Disk Storage Manager
HEAT DISSIPATION
1563 BTU/hr
4262 BTU/hr
INPUT VOLTAGE
100 – 240V AC, auto ranging, 50Hz/60Hz
200 - 240V AC, auto ranging, 50Hz/60Hz
TOTAL WEIGHT
37.3 lb (16.92kg)
232 lb (105.23kg)
AIR FLOW
33.8 CFM
231 CFM
POWER CONSUMPTION
458 W
1249 W
Blue Coat Systems Inc.
www.bluecoat.com
Corporate Headquarters
Sunnyvale, CA
+1.408.220.2200
EMEA Headquarters
Hampshire, UK
+44.1252.554600
APAC Headquarters
Singapore
+65.6826.7000
© 2015 Blue Coat Systems, Inc. All rights reserved. Blue Coat, the Blue Coat logos, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter, CacheOS, CachePulse, Crossbeam, K9, the K9 logo, DRTR, MACH5, PacketWise, Policycenter, ProxyAV, ProxyClient,
SGOS, WebPulse, Solera Networks, the Solera Networks logos, DeepSee, “See Everything. Know Everything.”, “Security Empowers Business”, and BlueTouch are registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain
other countries. This list may not be complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the trademark. All other trademarks mentioned in this document owned by third parties
are the property of their respective owners. This document is for informational purposes only. Blue Coat makes no warranties, express, implied, or statutory, as to the information in this document. Blue Coat products, technical services, and any other technical data
referenced in this document are subject to U.S. export control and sanctions laws, regulations and requirements, and may be subject to export or import regulations in other countries. You agree to comply strictly with these laws, regulations and requirements, and
acknowledge that you have the responsibility to obtain any licenses, permits or other approvals that may be required in order to export, re-export, transfer in country or import after delivery to you. v.DS-SECURITY-ANALYTICS-APPLIANCES-EN-v5e-1215