Call a Specialist Today! 800-886-5369

Blue Coat SSL Visibility 2800 Appliance
Greater Visibility Into Network Traffic, Higher Performance for Security Applications

Blue Coat SSL Visibility 2800 Appliance

Blue Coat Products
Blue Coat SSL Visibility Appliances
Blue Coat SSL Visibility 2800 Appliance
#SV2800
Please Call for Pricing!

More pricing below, click here!

Overview:

A new offering within the Security and Policy Enforcement Center, the Blue Coat SSL Visibility Appliance decrypts multiple streams of SSL content across all network ports to provide intrusion detection and prevention (IDS/IPS), logging, forensics, and data loss prevention. The SSL Visibility Appliance preserves complete network and web traffic histories necessary for compliance, threat analysis, and more. This enables organizations to add SSL inspection capabilities to their network security architecture and close the security loophole created by SSL; it also allows network appliance manufacturers to provide their security applications with visibility into both SSL and non-SSL network traffic and increase their applications' performance.

Use of SSL encryption is growing fast. Encryption protects data from being viewed in transit over the Internet—but it also creates a serious blind spot for threats, malware, DLP, and other regulatory or compliance risks.

The Blue Coat SSL Visibility appliance, part of the Security and Policy Enforcement product line, enables end users to add SSL inspection capabilities to their network security architecture and close the security loophole created by encrypted traffic. It also allows network appliance manufacturers to give their security applications complete visibility into both SSL and non-SSL network traffic—and increase their applications’ performance. With the Blue Coat SSL Visibility appliance you get:

  • Scalable flow-based processing: At speeds up to 40 Gbps (20 Gbps each direction), the SSL Visibility appliance analyzes up to 6,000,000 simultaneous TCP flows to check whether they contain SSL and supports up to 400,000 concurrently active SSL sessions.
  • Line-rate network performance: Non-SSL flows are sent to the attached security appliance(s) or cut-through in less than 40 microseconds, minimizing delay for applications such as VoIP.
  • Network transparency: Deployment of the SSL Visibility appliance is transparent to end systems and intermediate network elements and does not require network reconfiguration, IP addressing, topology changes, or modification to client IP and Web browser configurations.
  • Web-based management: The SSL Visibility appliance is configured and managed via an SSL-secured web-based graphical user interface, keeping administration simple.

Complements Blue Coat ProxySG, PacketShaper and Security Analytics Products

The SSL Visibility appliance integrates with Security Analytics products to provide visibility into the full scope of advanced targeted attacks. The SSL Visibility appliance also complements the Blue Coat ProxySG and PacketShaper appliances, allowing you to consistently enforce security and performance policies across all traffic on the network.

Features & Benefits:

The unique capabilities of the Blue Coat SSL Visiblity Appliance helps to remove risks arising from lack of visibility into SSL traffic while also increasing the performance of security and network appliances.

  • Line-rate Network Performance:
    • Non-SSL flows will be sent to the attached security appliance(s) or cut-through in less than 40 microseconds, minimizing delay for applications, such as VoIP.
    • Supports decryption of up to 4 Gbps of SSL traffic for a variety of SSL versions and cipher suites.
  • Scalable Flow-based Processing: At up to 40 Gbps, the SSL Visibility appliance supports the analysis of up to 6,000,000 simultaneous TCP flows to check if they contain SSL.
  • High Connection Rate/Flow Count: The SSL Visibility Appliance supports up to 400,000 concurrently active SSL sessions that are being inspected. The setup and teardown rate of up to 11,500 SSL sessions per second is more than 10x higher than other solutions.
  • Network Transparency: Deploying the SSL Visibility Appliance is transparent to end systems and to intermediate network elements and does not require network reconfiguration, IP addressing or topology changes, or modification to client IP and web browser configurations.
  • Application Preservation: Intercepted plaintext is delivered to security appliances as a generated TCP stream with the packet headers as they were received. This allows applications and appliances, such as IDS, IPS, forensics and data loss prevention, to expand their scope to provide benefits for SSL-encrypted traffic.
  • Input Aggregation: Allows aggregation of traffic from multiple network taps onto a single passive-tap segment for inspection.
  • Output Mirroring: Allows the SSL Visibility Appliance to feed traffic to up to two attached passive security appliances in addition to the primary security appliance.
  • Management: Powerful web UI management interface. Custom web UI and third-party management options for OEMs.
  • High Availability: Integrated fail-to-wire/ fail-to-open hardware and configurable link state monitoring and mirroring for guaranteed network availability and network security.
  • FIPS 140-2 Level 2 Certification: Versions of the product that are certified to FIPS 140-2 Level 2 will be available. (In process)
  • Flexibility: Supports both passive and active appliances.
    ›› In-line and Tap modes of operation
    ›› Inbound and outbound SSL visibility
    ›› Support for asymmetrically routed traffic
  • SSL Policy Enforcement: Provides a single point to control usage of SSL throughout the enterprise.
  • Web-based Management: The SSL Visibility Appliance is configured and managed via an SSL-secured, web-based graphical user interface, keeping administration simple.
  • E-mail Alerting: Logs can be configured to trigger alerts that can be forwarded via email immediately or at intervals to designated network administrators.
  • SSL Session Identification: The session log provides details of all SSL flows, inspected or not, allowing suspicious trends or patterns of SSL use to be detected.

Deployment:

SSL Visibility Deployment

Multiple Segment Support

Supports multiple in-line or tap segments that feed one or more active or passive attached appliances. Number of segments varies depending on model number.

Support for multiple re-signing CAs, as well as server keys, allowing rules based per-flow signatures and keys.

Multiple Segment Support

Port Mirroring

Decrypt once, feed many

Capable of sending copies out to many devices over the additional ports on the SSL Visibility Appliances. This allows you to feed all traffic (decrypted and non-SSL) to additional passive devices on the network.

Port Mirroring

Specifications:

Models: SV1800 SV2800 SV3800
Performance
Total Throughput 4 Gbps (line rate) 20 Gbps (line rate) 40 Gbps
SSL Inspection Throughput 1.5 Gbps 2 Gbps 4 Gbps
Cut-through Latency <40μs <40μs <40μs
Concurrent SSL Flow States 100,000 200,000 400,000
SSL Flow Setups/Teardowns 6,500 per second 9.500 per second 11,500 per second
SSL Session Log Entries 50,000,0000 50,000,0000 50,000,0000
Specifications
Configurations Network Interfaces:
Fixed 8 x 1 Copper or 8 x 1 Fiber (SX)
Network Interfaces:
3 Netmod Slots - Various 1 Gbps and 10 Gbps Interface Options
Network Interfaces:
7 Netmod Slots - Various 1 Gbps and 10 Gbps Interface Options
Power Supplies 1+1 Redundant 450W 1+1 Redundant 650W 1+1 Redundant 750W
Management Interfaces 2 x RJ45 2 x RJ45 2 x RJ45
Display LCD 20 x 2 Char. Display LCD 20 x 2 Char. Display LCD 20 x 2 Char. Display
Operating Temperature 5°-40°C 5°-35°C 5°-35°C
Storage Temperature -10-60° C -10-60° C -10-60° C
Dimensions (in.) H x W x D 1.75 x 17 x 20 1.75 x 17.5 x 29 3.5 x 17.5 x 29
Regulatory and Environmental
Standards/Compliance
CE (EN55022, EN55024, EN60950), FCC part 15 class A, UL60950-1
Modes of Operation
(per network segment)
Passive Tap, Passive In-line, Active In-line (Fail-to-wire), Active In-line (Fail-to-Appliance)
Proxying Modes
(per network segment)
Controlled-client (Re-sign) Mode [In-line Only], Controlled-server (Known-key) Mode
Encryption TLS 1.0, TLS 1.1, TLS 1.2, SSL3, partial SSL2
Public Key Algorithms RSA, DHE, ECDHE
Symmetrical Key Algorithms AES, 3DES, DES, RC4, Camellia
Hashing Algorithms MDS, SHA-1, SHA-2
RSA Keys 512-8192 bits

Documentation:

Download the Blue Coat SSL Visibility Appliances Datasheet (PDF).

Pricing Notes:

Blue Coat Products
Blue Coat SSL Visibility Appliances
Blue Coat SSL Visibility 2800 Appliance
#SV2800
Please Call for Pricing!
Blue Coat SSL Visibility Network Module (Netmod) Cards
NIC, 4-port Gigabit Ethernet Copper, SV Platforms
#NIC-SV-4x1G-C
Please Call for Pricing!
NIC, 4-port Gigabit Ethernet Fiber, SV Platforms
#NIC-SV-4x1G-F
Please Call for Pricing!
NIC, 2-port 10 Gigabit Ethernet LR, Fiber SV Platforms
#NIC-SV-2x10G-LR
Please Call for Pricing!
NIC, 2-port 10 Gigabit Ethernet SR, Fiber SV Platforms
#NIC-SV-2x10G-SR
Please Call for Pricing!
Blue Coat SSL Visibility Appliances
Host Categorization for SSL Visibility Appliance SV2800, 1 YR
#CATS-SV2800-1YR
Please Call for Pricing!