Airmiles

The Blue Coat SG, a secure proxy appliance, provides the visibility and high-performance needed to review, control, and log Web-based communications across the entire enterprise. Blue Coat appliances function as proxies between users and applications for all inbound and outbound communication sessions. As such, the appliances become a termination point – and therefore an extremely effective control point - between users and applications.

When Chris Fitzpatrick, Infrastructure Analyst at Airmiles was looking for a replacement for their ISA servers to perform a proxy function to provide Internet access for staff, Bluecoat presented the best option.In a recent independent test run by Broadband Testing, Blue Coat proxy servers were compared to a high-end PC running Microsoft’s ISA Server software. In all test scenarios, the Blue Coat appliances significantly out-performed the ISA Server-based alternative, as well as being far easier and quicker to deploy and manage.

Airmiles has been the UK's most popular travel loyalty scheme since 1988 and employs 550 people across 3 sites in the UK, linked via an MPLS Wide Area Network. For Airmiles, Web-based traffic ranges from essential business applications and related information to recreational Web content. This can open the door for malware, bandwidth-hogging personal applications, and loss of confidential information.

In order to provide an environment for employees that would enable them to be productive and safe, Airmiles needed a Web security infrastructure that would allow the good while stopping the bad, both into and out of the organization – regardless of where their users and applications are located.

Airmiles entered into a trial of the Blue Coat SG appliance, supported by Teneo and Chris quickly found that Bluecoat would provide a feature rich replacement for the old ISA servers, offering the ability to:

• Identify, manage and log the most popular Web protocols, user agents, methods, etc. that traverse the firewall
• Define comprehensive use policies that can be applied to all enterprise users, individual users or groups 
• Authenticate and authorize user access when necessary 
• Filter URLs using vendor databases and an administrator’s custom category definitions 
• Scan Web-based email for viruses and malicious mobile code in real time

40% of Malware attacks now come through the browser and webmail is particularly efficient at spreading worms, trojans, and viruses. Spyware can be unintentionally downloaded from hundreds of thousands of URLs. Just as organizations benefit from placing Anti-Virus on MS Exchange servers and other SMTP devices, Chris found that Web-gateway-based virus scanning can substantially improve network security. For this reason, Chris specified that the Bluecoat solution also needed to provide AV capabilities.

Adding AV scanning at the gateway helps with:

• Defense in depth (using a different AV engine at the gateway than on the desktops) reduces risk of damage from new viruses and malware attacks.
• A single appliance can be more reliably updated than thousands of PCs. 
• Blue Coat AV at the gateway with heuristic Trojan detection provides incremental protection against unknown spyware. 
• New root-kit malware is very difficult to remove from PCs, so gateway prevention becomes even more important.

With Airmiles, the Blue Coat appliances were deployed at Internet access points across the network, providing an effective solution to control security for all Web applications and content – including encrypted SSL content. The solution consisted of 2 Bluecoat 800 appliances and 2 Anti-Virus appliances, running Smartfilter for the web and Sophos for anti-virus.

Chris comments:
“Having a dedicated solution with inbuilt security options gives us greater control over internet access with more flexible and easier administration. Having a dedicated product has also improved performance.”