"The integration enables malicious domains to be automatically shared from the FireEye MPS to Blue Coat ProxySG appliances, allowing administrators to implement a block/deny policy to stop all attempted connections to such domains and provide logging for customizable reporting specific to the defined categories. Administrators can customize categories and policies to deal separately with zero-day infection URLs and callback URLs. For zero-day, infection URLs, for example, customers can create a policy that refers end users to a coaching page that informs them a drive-by download was blocked. For the callback URL policy, the end user could be alerted that their machine was previously infected and to immediately take remediation steps. The technical integration works seamlessly and adds significant value to organizations."
This is significant for me as I have done some work in the past at trying to get these two technologies to work together. One such example is a script to scrape certain snort rules (within the FireEye MPS) for domains so that I could feed them to Blue Coat. Use caution with this one as FireEye has some rules for domains that you may not want to block.
I am always in favor of vendors stepping up to create and support a stable solution as opposed to some scripts I hacked up to make my life easier. Hopefully the vendors will do a decent job and not charge an arm and a leg to their customers who already pay top dollar for these technologies!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.