On May 15, 2009, at 4:20 PM, David Kaiser wrote:
http://www.applicationperformance.techweb.com/login.jhtml?_requestid=260594
Their blurb says this: "organizations rely more heavily on SSL
encryption, but unfortunately, IT is increasingly 'blind' to that
traffic. Until now, there has not been a practical solution for
'inside-out SSL.' Learn how Blue Coat's SSL proxy functionality
enables you to extend the power of the intelligent and secure proxy
appliances to all SSL traffic."
Anyone know if this product exists, works, or what it does?
For the life of me, I can't imagine a good reason why any IT
department
between me and the Internet has a right or need to see what I am
transmitting over SSL.
So Blue Coat used to be/is one of those companies that thought there
was a fundamental difference between wireless and wired so they
produced services/servers/applications which would do authentication,
packet shaping, proxying etc for wireless or wired. My initial look
see at them was when I was looking for a wired and wireless
authentication/shaping/captive portal implementation. They had a very
strong package for wireless use but it all feel apart because it could
only work for wireless and could not be used for wired. Found
Perfigo's Clean Access at the same time and went with them, that
product (later Cisco Clean Access) went on to destroy Blue Coat's
business / product models because it could do wired and wireless
authentication with rudimentary packet shaping of both.
I believe the Riverside downtown wireless project was initially using
their products for authentication management. I recall going to a
sales pitch meeting for Blue Coat at a local IT support company and
walking away from the meeting having converted them from blue coat
resellers to clean access resellers in the space of about 2 hours...
That said....
The product above just sounds like a SSL proxy redirect that you put
in front of any service you already have that is only accessible on
http and it is now "secure" with the additional benefit that it
attempts to compress the data stream as much as possible (hello
mod_gzip/deflate/etc?). I do not think it is a SSL inspection
appliance but rather a "your coders are not smart enough to utilize
compression, https, ssl-accelerators or any other encrypted protocols,
but thats okay we can fix that by wrapping it in a SSL proxy" solution.
I have never used their products so could be completely wrong...
- Brian
