What’s your choice? Blue Coat or ISA ? hardware or software proxy?
Almost every enterprise IT security managers are facing the same problems: how to control the internet? how to implement the granular security policy at the perimeter ? When you dig the Internet, you must find a bunch of discussions and threads, among which the discussions and debates between Thomas and Antishinder are quite interesting.
The assertions by Bluecoat is as the following:
- The ISA firewall cannot be as secure as Blue Coat proxies because it runs on a general purpose server that has ongoing security vulnerabilities
- The ISA firewall is unable to inspect traffic inside an SSL tunnel
- The ISA firewall is unable to inspect and manage peer-to-peer, instant messaging and multimedia connections
- The ISA firewall has limited support for granular access control
- The ISA firewall’s network performance is inferior to Blue Coat’s proxy performance
The fight back from Thomas is very strong. Personally speaking, I think the origin of this debate depends on your attitude of hardware or software security devices. The former will help lower the installation and operation cost, while the latter has lower price. So if your enterprise is very lucky to be mature on server operations, the software proxy solution is as good as, or better than the hardware solution.
Recent Comments