Wide area network (WAN) security has become more about Internet security as enterprises continue to develop business uses for social media, adopt Software as a Service (SaaS) and consider replacing private circuits with standard broadband connections at branch offices. Now recreational traffic is intermingling with business-critical applications on the Internet, requiring WAN managers to get a clearer understanding of what sites users are accessing and the danger these sites pose.
"The whole notion of the WAN is changing. It's not just a private connection to the data center -- it could be a public connection with security controls to the data center, to the Internet, to SaaS providers," said Jon Oltsik, senior principal analyst at Enterprise Strategy Group. "It changes your [WAN security] requirements."
Blue Coat Systems recently joined the pack of WAN security vendors offering application-aware Web gateways and firewalls that give WAN managers more granular control than traditional block/allow platforms. The updates to its ProxySG appliance enables networking pros to limit what applications users can interact with on specific sites and create unique policies for each business group.
Those kinds of controls are especially crucial to WAN security as enterprises develop legitimate business uses for consumer social networking sites, such as Facebook and Twitter, Oltsik said. WAN managers need tools to establish separate security policies for marketing personnel who use Facebook to do their jobs versus recreational users who are at risk of clicking on infected URLs or playing malware-infested games, he said.
"It's a pretty harsh decision to just block social networking sites," Oltsik said. "What companies want to do is provide access to those sites to some employees at least, but they want to manage what they do."
WAN security: Creating a 'read-only Facebook'
Blue Coat's latest updates to its ProxySG appliance introduce a new feature to its Reporter software add-on: the Blue Coat Web Application Policy Engine. Previously, the ProxySG had supported Web filtering that enabled WAN managers to block or allow entire websites.
"[Enterprises] have the ability with our product now to block such things as emailing through Facebook, posting or chatting, so effectively what they would create for their users is a read-only type of Facebook experience," said Sasi Murthy, global technology director and general manager at Blue Coat. "Conversely, if a business is actively using Facebook or LinkedIn for marketing purposes, you similarly have the controls ... to engage in some of the operations like posting videos."
Although Blue Coat's marketing has focused on adding granular controls for social networking site, the updates to the ProxySG can be used for any Web-based application that might become vectors for attack, according to Blue Coat spokeswoman Jennifer Ruzicka.
Blue Coat is far from the first vendor to tackle WAN security from the perspective of Web-based applications or social networking tools. Network security vendors have been hammering the issue for years with next-generation firewalls, and niche vendors such as Actiance and Socialware focus specifically on social media security and compliance.
But combining the new WAN security tools with the ProxySG's other integrated features, such as WAN optimization, makes the update worthwhile for customers looking for all-in-one branch office boxes, Oltsik said.
"Blue Coat is expanding its footprint and saying to customers, 'You don't have to buy three different software packages or gateways. You can buy one.' And the [market] is going toward that model," he said.
→ For more information, learn how WAN architecture must evolve for social media traffic in this complementary article.
Let us know what you think about the story; email: Jessica Scarpati, Senior News Writer.