Content Analysis System blocks known threats and detects and analyzes zero-day and advanced malware

November 19, 2013

5 Min Read


SUNNYVALE, Calif., Nov. 18, 2013 – Blue Coat Systems, Inc., the market leader in business assurance technology, today introduced the Blue Coat Content Analysis System with malware analysis to automate advanced threat protection at the Internet gateway. The Content Analysis System blocks known threats and detects and analyzes zero-day and advanced malware, sharing new threat intelligence to continually fortify the network. This allows organizations to bridge the gap between the day-to-day security operations team and the advanced security team that is focused on incident containment and resolution.

Today, enterprises are forced to use ad hoc malware analysis or sandboxing solutions that operate in a silo and cannot share the threat intelligence required to bridge the gap between blocking known threats and detecting and analyzing unknown threats or advanced malware. This gap is made worse because existing technologies fail to help security operations teams maneuver through the stages of the advanced threat lifecycle.

The Blue Coat Content Analysis System addresses this gap by combining whitelisting and malware scanning for known threats with dynamic malware analysis of unknown threats at the gateway. The new system also helps align security operations teams by sharing new threat intelligence locally across the security environment and worldwide through the Blue Coat Global Intelligence Network of 15,000 customers and 75 million users.

"To protect their networks from advanced targeted attacks and zero-day malware, businesses need a systematic approach that aligns security teams on the right strategy, process and action to block the threats they can, detect the ones they can't and respond to the ones that are already on the network," said Greg Clark, CEO at Blue Coat Systems. "Our Content Analysis System is a key technology for organizations that want to build an automated defense into their networks that continually fortifies the network by operationalizing new threat intelligence. This allows our customers to protect and empower their business."

The Content Analysis System supports up to two leading anti-virus signature databases and provides application whitelisting and dynamic malware analysis. Together, these technologies deliver the following benefits for businesses:

· Best-of-Breed Sandboxing: Powered by Norman Shark, a Blue Coat Business Assurance Technology partner, the Blue Coat malware analysis technology – available as an appliance today and via the cloud in the future – combines customizable virtual environments with sandbox emulation for the most comprehensive detection of unknown or advanced malware, including malware that employs evasive detection techniques.

· Malware Analysis Orchestration: The Blue Coat Content Analysis System acts as a broker for multiple sandboxing or malware analysis instances, simultaneously sending unknown or suspicious files to both the Blue Coat sandbox as well as third-party sandboxes. By seamlessly integrating into existing security infrastructures, the Content Analysis System allows enterprises to optimize their existing investments in sandbox technologies while building out an advanced malware defense in-depth. The system also future proofs customers' infrastructure via a scalable interface that can incorporate other advanced malware analysis technology via the broker capability.

· Threat Intelligence Feedback Loop: New intelligence from the analysis of advanced or unknown malware is shared with Blue Coat ProxySG appliances to automate blocking of newly identified threats at the gateway for a more scalable defense. New intelligence is also shared with the Security Analytics Platform from Solera, a Blue Coat company, which delivers advanced threat profiling and remediation of the full scope of the attack. The network effect of the Blue Coat Global Intelligence Network further automates protection by sharing threat intelligence from 15,000 customers worldwide.

Blue Coat is partnering with Norman Shark to deliver flexible, customizable sandboxing. The malware analysis technology of the Content Analysis System is powered by Norman Shark's leading IntelliVM and SandBox technologies, giving advanced security teams the ability to analyze any threat type, in any version of any application they choose. This allows security teams to gather intelligence on malware targeting their specific environment and application vulnerabilities in order to more effectively contain and resolve the incident.

"Existing sandboxing technologies cannot effectively replicate real-world environments, leaving organizations with little information that will help them contain or resolve an incident," said Stein Surlien, CEO at Norman Shark. "The Norman Shark IntelliVM and SandBox technologies solve this problem by delivering customizable environments for more comprehensive and detailed detection of unknown malware."

"Analysis of unknown and advanced malware is critical intelligence for security teams tasked with containing and resolving the threats that get past traditional preventive defenses. Dynamic, customizable sandboxing can provide an opportunity for organizations to improve their defensive posture and security response capabilities," said Jon Oltsik with industry analyst firm ESG Global. "When used in conjunction with traditional front-line and advanced defenses, this enhancement can certainly improve an organization's ability to defend against advanced persistent threats and targeted attacks."

The Content Analysis System with malware analysis is a key component of the Blue Coat Advanced Threat Protection solution, which is purpose-built to bridge the gap in security organizations between day-to-day operations, incident containment and resolution. The new solution is the first to deliver a comprehensive Advanced Threat Protection lifecycle defense that fortifies the network by blocking known threats, proactively detecting unknown and already-present malware and automating post-intrusion incident containment. Please see today's release titled, "Blue Coat Empowers Business with New Advanced Threat Protection Solution" for additional information. To learn more, please visit the Blue Coat Advanced Threat Protection Resource Center.


The Blue Coat Content Analysis System will be available in December with application whitelisting and support for anti-malware signature databases from leading anti-virus vendors. The malware analysis technology will be available as an appliance at the same time and via the cloud in the future.

About Blue Coat Systems

Blue Coat empowers enterprises to safely and quickly choose the best applications, services, devices, data sources, and content the world has to offer, so they can create, communicate, collaborate, innovate, execute, compete and win in their markets. For additional information, please visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights