Does anyone know....
...a good alternative to Bluecoat? Given Symantec's track record of fucking up everything they touch, I reckon it will be flat on it's ass in a year.
Blue Coat has scrapped its IPO plans in favour of a $4.65bn takeover by IT security rival Symantec. Greg Clark, Blue Coat CEO, will take the helm at Symantec, so resolving the question of succession of Mike Brown, who announced his resignation as CEO in April. On a pro-forma basis, the combined company would have $4.4bn in …
For the WAN acceleration part I can definitely recommend Riverbed. We picked it because, at the time, it was basically the cheapest option. But it did and still does the job. There's some "next-gen" firewalls that also include this nowadays, but the features seem limited.
Yeah, sure...a new CEO. This one is different from the last two - he will be bringing his executive leadership team with him in the acquisition. This will be a lot like Symantec's Axent acquisition in 2001 - the brand was still Symantec, but all the leadership heads got changed.
Overpaid for the acquisition? Maybe. More like Symantec had to pay. Mike Brown f'd things up so badly with the executive turnover and his inability to retain any talent, Symantec had to buy itself an org chart or face folding.
No worries, having spent 10++ years in the Symantec mines they'll fuck this up in no time and BlueCoats customers will be running screaming for the hills.
The good part is by buying the company, Symantec's board has someone new to blame when it once again ends in tears and redundancies....!
Agree, also seen Symantec for years from the inside; doesn't matter if the BlueCoat guy is the new CEO, he'll be infected with the Symantec fail, supported by useless upper management who contnue to survive for reasons passing logic and as usual will result in the destruction of another class leading product...Veritas, Verisign,GuardianEdge, PGP, Altiris, MessageLabs, PCTools etc, it's what they do best.
See title. Symantec needs to have its status as Certificate Authority revoked and removed from all browsers and SSL clients RIGHT NOW. Otherwise all clients will trust the certs that Blue Coat uses, and will not question or even flag the MITM nasties that Blue Coat has built a business on.
(Fine if used in a company and policies and employment contracts are clear about private use; But really bad if we see this kit popping up at ISPs and hosting companies, in line with bills like IPB)
You have a point. That said, if Symantec do this it will be noticed, and very quickly browsers will no longer trust any certificates which have been issued by their certificate authority. So all they'd be doing is flushing their CA business down the toilet. Browser makers won't do it until abuse has happened though.
MITM technology in proxies is just an enabling technology - it's not really good or evil in itself. In the workplace it's a way of protecting your business against malware in HTTPS. This is good in that it protects businesses from threats, but also bad in that it potentially impinges on the privacy of the company's employees. You try to mitigate that by telling employees that use is monitored. Doing MITM on generic internet HTTPS traffic for sig int purposes (GCHQ, NSA etc.) is bad because of the 1984 overtones, but also good in that the primary purpose of such activity (primary *stated* purpose, at least) is to gather intelligence on terrorist threats - and stopping terrorist plots from coming to fruition is a good thing. The spy agencies don't seem to be interested in mitigating the problematic aspects of this activity though, which does suggest they're not being entirely up front about what it's really all for.
You can argue the toss about whether a particular usage of the technology is justified or not, but it's a bit pointless trying to claim the whole idea is evil and should be banned, or criticising the companies who make the products. You don't attack car companies because their products are used as getaway vehicles in bank robberies. You go after the bank robbers. Save your ire for the spooks who abuse the technology, not the technology companies themselves.
How about this then? http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/
Their gear is already being used in non-consentual ways. Just not by our own governments yet (to our knowledge).
Also, there's a new ElReg article highlighting the same issue, quoting concern in the security community about the acquisition: http://www.theregister.co.uk/2016/06/14/symantec_blue_coat_analysis/
The thing is that for enterprise-level security, backed by clear consent (via employment contract, code of conduct etc), there's no need to have a proper cert on the Blue Coat appliances. The Blue Coat cert will just be added to trusted lists on all clients and you're good to go.
Having an already widely trusted cert just enables much easier misuse of decryption, without any added security benefit for the normal enterprise customer.
Wasn't too long ago that Symantec was threatened to be "untrusted" by Google as well, because of other blunders:
Five years ago I would have agreed with your analogy to cars. However, nowadays every citizen is presumed guilty and subjected to extreme surveillance, further extended by IPB & Co, which is a hard to grasp concept already. To add insult to injury we see privacy not only infringed by government agencies, but also by lots of big enterprises; and Symantec/Blue Coat would make it so much easier for everybody, that I find it difficult to give them the benefit of a doubt and assume all the best intentions. Complacency and ignorance is what got us into this state of surveillance, and we're only at the beginning of it. Forgive me if I cannot just look at Symantec/Blue Coat and assume best intentions. For the protection of a local network with Blue Coat, a proper CA signed cert isn't needed; for transparent decryption in other places on the other hand, it is.
My original argument was that Symantec can no longer be trusted as a CA because their cert on Blue Coat appliances used by others will enable transparent decryption.
I stand by that. Trust, for me, is not only defined as to whether I think an entity is doing the right thing and has good intentions, but also if whatever they provide can be misused by others. An analogy to that would be a trusted network vs a DMZ. You control servers in the DMZ, and should be able to trust them, but they can potentially cause harm due to the fact that others may compromise (gain access, misuse) them, hence you keep them away from the crown jewels.
Blue Coat is a large IT company based in Sunnyvale, California, that is best known for providing filtering and censorship devices for countries such as Syria and Burma. The company also provides network analysis systems called "Intelligence Centres," which are used by companies and governments to monitor online traffic and identify performance problems. They allow for the monitoring of individual online behaviour.
Another good reason to get rid of symantec products...
What they actually do is sell a range of equipment and software that can help large corporates secure and accelerate their networks. The vast majority of the kit they sell is used for entirely legitimate purposes. Like most infrastructure this kit is almost completely invisible to the public at large, so Blue Coat remain practically unknown outside large IT departments. As a result they probably are best known to the wider public as being linked to oppressive regimes, but it's disingenuous at best to portray it as the company's mission statement. It's a bit like writing a biography of Robert Oppenheimer saying he's best known as being responsible for the bombs that dropped on Hiroshima and Nagasaki, while failing to note that he was a physicist.
Any technology can be abused, but it's not the fault of the technology supplier or the technology itself. The people to blame for the oppressive use of this technology are those in charge of the oppressive regimes in Syria and Burma.
Biting the hand that feeds IT © 1998–2021