Security Lab

Blue Coat Security Lab

Blue Coat Web Security solutions deliver complete threat protection, granular control and actionable intelligence without compromising network performance. 

Today, organizations are facing new infrastructure and communications models, the proliferation of mobile devices and a rapidly evolving threat landscape.  With on-premise appliances, an Internet-delivered service and a hybrid offering that combines the best of both, Blue Coat gives businesses the flexibility to deploy the solution that best meets their location and user-specific requirements and budget needs.  Across its Web Security solutions, Blue Coat delivers consistent policy, proactive threat protection and unified reporting for all users regardless of location. 

The Latest from Our Security Blog

Lazy Bad Guys

May 15, 2012 - By Chris Larsen
Near the end of April, shortly before taking off on a couple weeks of heavy travel, I was poking around in some of the sites involved in the big Fake-AV attack we blogged about a couple of times last month. One domain caught my eye because it showed up as a relay site (in this case, a hacked site being used as a relay to an attack site). When the attack site came up, I knew I had to grab a screenshot to share:

The Bad Guys Can't Shake WebPulse

May 1, 2012 - By Chris Larsen | Co-Authored By Jon Dinerstein
[A nice post from Dr. Jon in our internal blog a week ago, that deserves a larger audience. -- C.L.] The Bad Guys are well-known for rapidly changing domain names in an effort to avoid being blocked. They're like bank robbers fleeing the scene of a crime before the police can arrive -- they're betting that speed and recklessness will allow them to get away with the crime.  Typically, the Bad Guys change domain names once every few hours to once every few days. However, there are some occassional examples that take me by surprise.

Big Fake-AV Attack Rolls On...

April 24, 2012 - By Chris Larsen
Another item in the post-vacation queue for the blog is an update on the big Fake AV attack we posted about at the beginning of the month. From last Friday's logs, I pulled data on one sample server. Here's what it had been up to: - 2400+ URLs in the week from 4/13 (when it joined the attack) to 4/20. - 63 different "sibling sites" (on various creatively named .info domains)
Security Blog Archive
Subscribe to Blue Coat Security Blog