Call a Specialist Today! 800-886-5369

Blue Coat Malware Analysis S500 Appliance
Hybrid Sandboxing For Detecting And Analyzing Advanced And Unknown Malware

 

Blue Coat Products
Blue Coat MAA Appliances
Blue Coat Malware Analysis Appliance S500-10
#MAA-S500-10
Please Call for Pricing!

Overview:

A new breed of hackers – including cybercriminals, nation states, hacktivists, and insiders – are perpetrating increasingly sophisticated, targeted and effective exploits on enterprises. This shift in the threat landscape requires a new defense that combines prevention with more effective attack detection, preparedness, and response.

The Blue Coat Malware Analysis Appliance is part of the Security and Policy Enforcement Center and bridges the gap between blocking known malware, and detecting and analyzing unknown and advanced malware. Integrated with the Blue Coat Content Analysis System and the Security Analytics Platform, the appliance simulates your systems to detect evasive malware and uses custom virtual environments for faster anomaly detection. Without ever putting actual systems or applications at risk, the Malware Analysis appliance provides a map of the damage a threat would cause if allowed to run in your network, so you can contain zero-day threats and unknown malware.

The net result: your business can move beyond fear and start focusing on possibilities.

Diagram Advanced Threat Protection Solution: A Lifecycle Defense

The Malware Analysis Appliance is a key component of the Blue Coat Advanced Threat Protection solution. The solution integrates products from the Security and Policy Enforcement Center and the Resolution Center to deliver a comprehensive lifecycle defense that fortifies the network by blocking known threats, proactively detecting unknown and already-present malware, and automating post-intrusion incident containment.

life-saver Superior Analysis and Accuracy
Automatic sample classification and risk scoring by highest matched pattern, along with support for existing malware analysis workflows, allow you to flag detected system events based on potential malicious activity.
Ease of Use and Alerting
Real-time incident reporting with detailed analysis of the event provides immediate notification to security analysts while a best-in-class, web-based user interface enables interaction with malware and the ability to click through installers. The web-based dashboard enables easy searches of the malware intelligence and collection database, store samples, reports, and events.
exclamation
dial Scalable Architecture and Performance
Process 55,000 samples per day with parallel sample processing on up to 55 virtual machines per single Malware Analysis appliance. Multiple VMs with Windows XP and Windows 7 OS’s and unlimited software configurations can be supported.
Threat Intelligence Network Effect
Post-detection and analysis, intelligence on new threats is shared with the Blue Coat ProxySG appliance to move protection to the gateway and with the Security Analytics Platform for eradication of the full scope of the attack.
triple-head

Advanced Threat Protection Solution: A Lifecycle Defense. The Malware Analysis Appliance is a key component of the Blue Coat Advanced Threat Protection solution. The solution integrates products from the Security and Policy Enforcement Center and the Resolution Center to deliver a comprehensive lifecycle defense that fortifies the network by blocking known threats, proactively detecting unknown and already-present malware, and automating post-intrusion incident containment.

Features:

The Blue Coat Malware Analysis Appliance is a key component of Blue Coat’s Security and Policy Enforcement Center. Integrated with the Blue Coat Content Analysis System, it bridges the gap between blocking of known malware and detection and analysis of unknown and advanced malware.

The customizable appliance delivers comprehensive malware analysis and detonation with a dual detection approach that allows you to analyze suspicious files and reduce the impact posed by zero-day threats and unknown malware.

Dual Detection Approach: Best Way to Detect More Malicious Behavior

The Malware Analysis Appliance utilizes a powerful dual-detection approach that combines the benefits of code emulation with virtual machine introspection. This captures more malicious behavior across a wider range of custom environments than other solutions that typically rely on a single methodology. The dual detection approach includes:

  • Sandbox® – A bare metal environment that emulates an actual system to detect malware that otherwise will not detonate in a virtualized environment.
  • IntelliVM – Virtual machine profiles that replicate actual production environments, including custom applications, to quickly spot anomalies and differences in behavior that unveil anti-analysis and other advanced malware evasion techniques.

Simulated Systems: Detonation for Evasive Malware

The unique sandboxing technology simulates bare metal environments to detect evasive malware. The Malware Analysis Appliance uses malware detonation to execute files within the simulator as they would on a real system – without executing code on the targeted CPU, loading into real memory, or communicating with any other physical system components.

Working at the kernel level, the emulator exercises the malware, intercepting behavior and converting it into step-by-step forensic intelligence. Without ever putting actual systems at risk, the sandboxing technology provides a map of the damage the threat would cause if allowed to run on a real machine.

Custom Virtual Environments for Faster Anomaly Detection

With IntelliVM technology, the Malware Analysis Appliance uses virtual machine profiles to mirror different types of custom environments, so you can quickly detect anomalies and differences in behavior that unveil advanced malware evasion techniques. The Malware Analysis Appliance can monitor a wide range of system events for signs of malicious behavior in a safe, instrumented virtualized environment.

IntelliVM profiles can be customized to add flexibility when analyzing non-traditional malware, and to precisely mirror production environments to detect advanced malware and targeted attacks. Security analysts can analyze all types of threats, in any version of any application they choose. They are able to precisely match their organizations’ desktop environments, gathering intelligence on malware targeting their specific organizations which may be looking to exploit specific application vulnerabilities.

Shared Threat Intelligence: Operationalize Learned Knowledge to Fortify Security Infrastructure

As unknown or advanced malware and zeroday threats are detonated, the new threat intelligence is shared locally across the security infrastructure, as well as with all of Blue Coat’s 15,000 customers and 75 million users worldwide through a Global Intelligence Network. Turning unknown threats into known threats and sharing that information across the security infrastructure increases the scalability and effectiveness of the defense by moving protection to Blue Coat ProxySG secure web gateways.

Malware Analysis Appliance Benefits

  • Superior analysis and accuracy– Unique dual detection approach combines sandboxing with IntelliVM to deliver unrivaled malware and threat detection. Automatic sample classification and risk scoring by highest matched pattern along with support for existing malware analysis workflows allows you to flag detected system events based on potential malicious activity.
  • Ease of use and alerting– Real-time incident reporting with detailed analysis of the event provides immediate notification to security analysts while a best-in-class, web-based user interface enables interaction with malware and the ability to click through installers. The web-based dashboard enables easy searches of the malware intelligence and collection database, store samples, reports, and events.
  • Scalable architecture and performance– Process hundreds of thousands of files per day with parallel sample processing on up to 55 virtual machines per single Malware Analysis Appliance. Multiple VMs with Windows XP and Windows 7 OS’s and unlimited software configurations can be supported.

Deployment:

Malware Analysis

Specification:

Malware Analysis Appliance Series MAA S400-10 MAA S500-10
Performance
Malware Samples 12,000 samples per day 50,000 samples per day
System
Disk Drives 2 x 500GB 6 x 1TB
RAM 32GB 96GB
Onboard Ports (1) 1000Base-T Copper, System Management Port
(1) 1000Base-T Copper, BMC Management Port
(1) 1000Base-T Copper, System Management Port
(1) 1000Base-T Copper, BMC Management Port
Power Supplies 2 2
Physical Properties
Dimensions 572mm x 432.5mm x 42.9mm (22.5in x 17.03in x 1.69in) (chassis only)
643mm x 485.4mm x 42.9mm (25.3in x 19.11in x 1.69in) (chassis w/extensions)
1 RU height
710mm x 433.3mm x 87.2mm (27.95in x 17.05in x 3.43in) (chassis only)
812.8mm x 433.4mm x 87.2mm (32in x 17.06in x 3.43in) (chassis w/extensions)
2 RU height
Weight (maximum) Approx. 12.8 kg (28 lbs) +/- 5% Approx. 30kg (66.12 lbs) +/- 5%
Operating Environment
Power Dual redundant and hot swappable power supplies, AC power 100-127V @ 8A, 200-240V @ 4A, 47-63Hz (DC power available) Dual redundant and hot swappable power supplies, AC power 100-240V, 50-60Hz, 12-5A (DC power available)
Maximum Power 450 Watts 1100 Watts
Thermal Rating Typical 1086 BTU/Hr, Max 1381 BTU/Hr Typical 2598.42 BTU/Hr, Max 3751 BTU/Hr
Temperature 5°C to 40°C (41°F to 104°F) at sea level
Humidity 20 to 80% relative humidity, non-condensing
Altitude Up to 3048m (10,000ft)
For All Malware Analysis Appliances
Regulations Safety Electromagnetic Compliance (EMC)
International CB – IEC60950-1, Second Edition CISPR22, Class A; CISPR24
USA NRTL – UL60950-1, Second Edition FCC part 15, Class A
Canada SCC – CSA-22.2, No.60950-1, Second Edition ICES-003, Class A
European Union (CE) CE – EN60950-1, Second Edition EN55022, Class A; EN55024; EN61000-3-2; EN61000-3-3
Japan --- VCCI V-3, Class A
Mexico NOM-019-SCFI by NRTL Declaration ---
Argentina S Mark – IEC 60950-1 ---
Taiwan BSMI – CNS-14336-1 BSMI – CNS13438, Class A
China CCC – GB4943.1 CCC – GB9254; GB17625
Australia/New Zealand AS/NZS 60950-1, Second Edition AS/ZNS-CISPR22
Korea --- KC – RRA, Class A
Russia CU – IEC 60950-1 GOST-R 51318.22, Class A; 51318.24; 51317.3.2; 51317.3.3
Environmental RoHS-Directive 2011/65/EU, REACH-Regulation No 1907/2006
Product Warranty Limited, non-transferable hardware warranty for a period of one (1) year from date of shipment. BlueTouch Support contracts available for 24/7 software support with options for hardware support.

Documentation:

Download the Blue Coat Malware Analysis Appliance Datasheet (PDF).

Pricing Notes:

Blue Coat Products
Blue Coat MAA Appliances
Blue Coat Malware Analysis Appliance S500-10
#MAA-S500-10
Please Call for Pricing!
Cold Standby Blue Coat MAA Appliances
Blue Coat Cold Standby Unit, Blue Coat Malware Analysis Appliance S500-10
#MAA-S500-10-CS
Please Call for Pricing!
Malware Analysis Content New Subscriptions - 1, 3 and 5 Years
Blue Coat Malware Analysis Appliance S500-10 Annual Content Subscription - 1YR
#MAA-S500-10-1YR
Please Call for Pricing!
Blue Coat Malware Analysis Appliance S500-10 Annual Content Subscription - 3YR
#MAA-S500-10-3YR
Please Call for Pricing!
Blue Coat Malware Analysis Appliance S500-10 Annual Content Subscription - 5YR
#MAA-S500-10-5YR
Please Call for Pricing!
Malware Analysis Content Subscription Extensions
Blue Coat Malware Analysis Appliance S500-10 Annual Content Subscription - 1YR Extension
#MAA-S500-10-1YR-EXT
Please Call for Pricing!