Blue Coat - Handling the category ‘none’

Note - This blog has been superseded by the Threat Risk blog here

The Blue Coat WebFilter is a database of web pages in 50 different languages that have been classified into 85 different categories which allow for dynamic control of corporate security policies and granular control over select popular web applications and operations.

The Blue Coat Global Intelligence network powered by WebPulse attempts to categorise the majority of the web. The issue is that due to the rapid expansion of the web and the ever changing content on many pages it is impossible to categories the whole web. Blue Coat state that a typical English-Speaking customer using Blue Coat WebFilter has about 90-95% of their traffic rated via the database on their proxies. The question here is what about the other 5% of traffic that is unrated by Blue Coat WebFilter?

There are three clear options; firstly an organisation can just block access to the category ‘none’, but what if the user has a genuine reason to access the site which has not been categorised yet. The second option is to allow the traffic, but what threat could that pose to the organisation. What if the user clicked a link by accident which leads them to a drive by download site containing malware? The third option is to provide a metaphoric speed bump which slows the user down, notifies them that this site is uncategorised and potentially dangerous, and asks them if they are sure they want to proceed. Option three is the option that we will demonstrate in action in this blog.

In the Blue Coat ProxySG GUI Navigate to the Visual Policy Manager by going to Configuration > Policy > Visual Policy Manager and click Launch.

In the Visual Policy Manager window, Select ‘Policy’ from the toolbar and click ‘Add Web Access Layer…’