Blue Coat to cleanse encrypted traffic

New SSL decrypting feature would prevent viruses, spyware and other pests from stealthily entering a network.

Joris Evers
Joris Evers Staff Writer, CNET News.com

Joris Evers covers security.

2 min read
Encrypting Web traffic can protect privacy and secure transactions, but it can also provide a cover for viruses, spyware and other pests trying to get into a corporate network, according to Blue Coat Systems.

Secure Sockets Layer, or SSL, has many legitimate uses, but also provides an "encrypted tunnel" that lets malicious code and phishing sites bypass most network security methods, Blue Coat said. The company announced Tuesday that it is updating its proxy product, ProxySG, to eliminate that "blind spot" in network security.

To improve corporate security, the new feature will enable organizations to decrypt SSL traffic so they can scan traffic for malicious code and other threats, the Sunnyvale, Calif.-based company said. It would also enable companies to provide better internal policy enforcement by, for example, governing which encrypted applications their employees are allowed to use.

SSL is widely used on the Internet to secure connections between a user's browser and services such as online banking, travel booking and other Web-based applications. When SSL is in use, the user typically sees a "padlock" icon in the bottom-right corner of the browser.

Essentially, Blue Coat's decryption feature would enable the overseer of corporate networks to view all aspects of employee traffic, such as the contents of a purchase made over a so-called secure connection.

Blue Coat isn't the first to decrypt SSL traffic for network security. Other vendors provide similar Big Brother-esque functionality. Finjan Software, for example, also sells an appliance that is capable of scanning the encrypted SSL content.

Blue Coat's new SSL proxy functionality is due in January as an option for its ProxySG product. Pricing ranges from $450 to $11,995, the company said.