Blue Coat Systems says it and five partners can cut the cost of deploying data-leak prevention hardware by requiring fewer DLP devices to protect all sites in a corporate network.
The companies support a new proprietary protocol called S-ICAP to protect traffic between Blue Coat Proxy SG security gateways and DLP devices located somewhere across the WAN in a central corporate location. (Compare DLP products.)
Until now, Proxy SGs and DLP devices had to be deployed at the same site and be connected via dedicated LAN ports if businesses wanted to insure the privacy of the traffic between them. Proxy SGs shunt traffic to DLP devices for inspection and receive filtered traffic in return.
S-ICAP uses SSL sockets to protect the existing ICAP protocol, which is an industry standard used by Blue Coat to connect to other security devices on LANs.
The DLP partners in the project are Code Green Networks, McAfee, RSA, Vericept and Websense, all of which have either included S-ICAP support in their latest software versions or will do so shortly, Blue Coat says.
To deploy the distributed DLP protection requires that each site involved have a Proxy SG device that can secure the traffic and direct it toward the remote DLP device. Proxy SGs come in a range of models to suit branches of different sizes. In general it is less expensive to deploy a Proxy SG in a small branch than to deploy a DLP device.