Blue Coat Doubles Down on CASB

The CASB market, as relatively new as it is, is experiencing an accelerated maturation process, looking at the number of acquisitions, late-stage venture funding, and the entry of established brands. And it makes perfect sense: controlling the access to SaaS apps and protecting the associated corporate data assets heading north to the cloud is a broad-based concern exacerbated by the BYOD and telecommuting aspects of mobility.

Last week's announcement of Blue Coat's acquisition of Elastica is a notable marker of the rapid evolution of this cybersecurity segment with the company clearly doubling down on the palpable cloud access and control security market opportunity by following up their July acquisition of Perspecsys to further bolster their CASB offering. Already possessing essential network-based elements in its ProxySG proxy gateway and SSL decryption products, Blue Coat has key solution components — and this acquisition warrants looking at how these pieces fit together and what this may portend for the CASB market.

Similar to other cybersecurity product categories, CASB is fundamentally rooted in visibility and control, the definition of which is being expanded by Blue Coat and others in meaningful ways:

  • Visibility is more than discovering what "shadow IT" apps are in use since it is also important for a CASB solution to provide context for decision-making. Such context starts with assessing the risk associated with cloud apps (e.g. as a threat vector) and also includes reporting on user activity – auditing of the who, what, and when as the basis from which policies can be set, and thus controls applied. While Blue Coat’s proxy already provides an inventory of cloud apps, Elastica’s knowledge of these apps provides risk ratings augmenting Blue Coat’s cloud app threat intel. IBM and Trend Micro are also bringing their threat intel capabilities to bear in their respective solutions. Elastica also brings a detection bent to the CASB party by applying real-time analytics to identify anomalous user activity – CASB meets UBA. Palerra is another CASB vendor doing interesting things in applying a user behavior analytics approach to protect data loss via cloud apps. Further on the detection realm of visibility is Blue Coat’s ability to employ the anti-malware sandboxing tech it acquired from Norman to vet the runtime behavior of executable files associated with a SaaS app such as those sitting in a company’s online file sharing account. Lastly, Blue Coat’s SSL Visibility product will allow them to perform in-line inspection of encrypted traffic going to/from the cloud.
  • Control allows IT to not only control access to sanctioned IT apps, but also to prevent data loss with a combination of encryption and DLP policies. Technology from the Perspecsys acquisition allowed Blue Coat to add tokenization and encryption at the field-level, granularity that provides flexibility for how data is stored and protected in a business critical cloud application such as Authorized users, including those accessing apps from mobile devices, can still access and report on this data while it is obfuscated from others. Application specific “securelets,” which Elastica developed using the native APIs of many of the leading SaaS apps, provides DLP inspection and policy management including the ability to perform a retrospective application of a policy. This implementation approach also applies to the visibility use case with respect detecting threats and anomalous user activity.

One of the central narratives of the CASB market to date has been a focus on how to best implement these capabilities since doing so requires intermediating a user’s access to the cloud as an authorized man in the middle. The use of cloud app APIs, forward and reverse proxies, and agents are not necessarily mutually exclusive and Blue Coat’s now expanded CASB offering is a good example of how different methods enable different capabilities within the visibility and control use case examples. While “how” has been a central theme to date, here are a few market dynamics for consideration moving forward:

  • Openness: As a former "BD Guy" I can’t help but to always consider the impact of a strategic acquisition on a vendor’s partnering model. Blue Coat’s ProxySG logs and gateway functionality is employed by many CASB vendors creating a dependence, one Blue Coat could exploit or leave alone, opting to differentiate on advanced functionality such as analytics and threat intel.
  • CASB Vendor Goes All Proxy: With the proxy as arguably the pole position given the need to get in the middle, a leading pure-play vendor such as Netskope could decide it needs to formally be in the proxy gateway business to compete and control its own destiny.
  • New Alliances: Elastica has (had?) a reseller partnership with Cisco. Since cloud apps are part of a customer’s extended network, a concept core to Cisco’s security strategy, Cisco very well may double down themselves on this space.
  • Agents No More?: As more and more SaaS apps support redirection to a proxy, the need for agents to enable the final-mile use case of mobile apps may render agents irrelevant, save for the less critical SaaS apps sans redirection.
  • Next Set of Risky SaaS Apps: While most of the deep cloud app integration has been with file sharing tools, office productivity suites — and of course,  companies may become increasingly concerned with the use of EverNote, Slack, HipChat and more as routes of data loss.

Leveraging the sticky control position on the network vies-a-vies their proxy business to build a strong CASB offering is a natural for Blue Coat, one that both expands the definition of this segment and creates a formidable competitor for the venture-backed pure plays such as Skyhigh Networks, Netskope, and CloudLock who defined and created the market. The stakes are high and the rate of market development demonstrates as much. ESG’s forthcoming cloud security research project is highly focused on this segment for those reasons. Stay tuned.

threat intel infographic


Topics: Cybersecurity