By Cameron Sturdevant  |  Posted 2004-07-19 Print this article Print

Blue Coat Systems Inc.s innovative ProxyAV 2000 hardware capably blocked Web-based threats such as viruses, worms and Trojans in eWEEK Labs tests, but only after we overcame a raft of first-release configuration headaches and software quality problems.

Based on our configuration frustrations, we urge IT managers considering Internet anti-virus protection to look at competing products and evaluate Blue Coats ProxyAV 2000 only after a maintenance release. (Company officials said a maintenance release will ship in the coming weeks.)

The ProxyAV 2000, which shipped last month, demands a significant investment. The product line ranges in price from $4,495 to $20,995, depending on the number and power of the processors included and the amount of onboard RAM. Anti-virus licenses are an additional $2.75 to $9.50 per user per year, depending on the anti-virus software that is integrated with the product.

Our ProxyAV 2000 E3 test unit had licenses for Sophos Inc.s Anti-Virus and supports integration with anti-virus tools from Trend Micro Inc., McAfee Inc. and Panda Software S.L. The unit had Intel Corp. dual 2.4GHz Xeon P4 processors and 3GB of memory. To test the ProxyAV 2000 E3s virus-blocking capabilities, we ran the 1U (1.75-inch) ProxyAV 2000 alongside Blue Coats 1U ProxySG 800 appliance, which is available now.

The premise on which the ProxyAV 2000 functions is simple, but its important for IT managers to consider. The ProxyAV 2000 is integrated with an ICAP (Internet Content Adaptation Protocol) virus-scanning server such as Finjan Software Ltd.s Vital Security for Web (formerly known as SurfinGate Web) or Symantec Corp.s AntiVirus Scan Engine to speed the examination process. This offloads processing from the anti-virus scan engine and de- creases the time needed to determine whether to allow or block the content.

Blue Coat officials said the ProxyAV 2000 should work with any Internet proxy that supports ICAP 1.0.

However, although the concept behind the ProxyAV is compelling, there are kinks in this product that proved irksome—or worse—in tests.

The first snag we encountered is that the ProxyAV 2000 cant be configured if its attached to a newer Cisco Systems Inc. switch. We discovered this when we hooked up the ProxyAV 2000 to our standard eWEEK Labs testbed, which uses a Cisco Catalyst 3550 Series switch.

Because the ProxyAV 2000 uses one physical port with two IP addresses, one for management and the other to connect to the network, the Cisco switch rightly saw this as a security problem and balked at allowing the connection.

We substituted a less intelligent Intel Express 460T switch, which allowed us to make the unorthodox connection required by the ProxyAV 2000. Company officials said future versions of the product will be modified to eliminate this problem.

Our next concern arose when the firmware included in our test unit failed to allow us to log on to Hotmail.com and other common Web sites that require a secure connection during the log-on process. After diagnosing the problem, Blue Coat upgraded the system software on our ProxyAV 2000 to correct it.

With these configuration and software problems out of the way, we proceeded to look at the functionality of the ProxyAV 2000.

When it comes to blocking viruses in unencrypted Internet traffic, the ProxyAV 2000 performed admirably. The product consistently blocked viruses from being accessed or downloaded onto our test systems. Taking advantage of its caching expertise, Blue Coat expedites the process of vetting Internet traffic, including e-mail and file transfers, by checking if the content has already been scanned and a verdict has been reached on its suitability.

Typical Web use is subject to virus infection and lends itself to ProxyAVs analysis. We think its worthwhile for IT managers to keep an eye on maintenance releases because our previous experience with Blue Coat has impressed us, especially when it comes to cache-based systems. As an example, we had to go out of our way during testing to create traffic flows that were not cachable.

Senior Analyst Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.

Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel