Big Switch Networks Advances SDN-Driven Pervasive Security in the Data Center With Blue Coat

Certified Joint Solution Through Blue Coat's Encrypted Traffic Management (ETM) Program Helps Customers Combat Sophisticated Attacks by Addressing Malware Hiding in SSL Traffic


SANTA CLARA, CA--(June 7, 2016) - Big Switch Networks®, the leader in bringing hyperscale-inspired networking to data centers worldwide, announced today it has become a Blue Coat Encrypted Traffic Management (ETM)-Ready Certified Partner. Blue Coat's SSL Visibility Appliance and Big Switch's Big Monitoring Fabric joint solution provides customers an efficient, simplified and cost-optimized solution to combat increasingly sophisticated attacks that are cloaked in encrypted SSL traffic.

Security administrators are forced to deploy multiple advanced security tools at the network edge, in the demilitarized zone (DMZ), to protect enterprise applications, data and users. This has increased operational complexity across network and security domains tremendously, especially for change management and for traversing selective traffic through a chain of designated security tools. Additionally, as much as 70 percent of enterprise network traffic today is SSL encrypted which creates a blind spot for security tools such as firewalls, IDS/IPS, anti-malware devices and more. As a result, a new agile and comprehensive security architecture is needed to accelerate security service chaining together with specialized SSL visibility devices, while ensuring high availability and scalability in the DMZ.

The combined SSL Visibility Appliance and Big Monitoring Fabric solution provides the following key benefits to customers:

  • Unmatched ETM - Blue Coat's encrypted traffic management (ETM) solution eliminates the encrypted traffic blind spot and combats security threats hidden in encrypted traffic while preserving data privacy, policy and regulatory compliance.
  • Enhanced tool efficiency - The solution supports chaining of multiple tools in a single tool chain. Policies can be set up to forward only the relevant traffic to the right tools in the chain. In addition, same tool interfaces can be shared across multiple chains, thus increasing tool efficiency.
  • Simplification of multi-team operational workflows - The combined solution eliminates the need for complex error-prone and proprietary hardware bypass devices and ensures clear role separation between network and security admins.
  • Policy-based security enforcement - The Blue Coat SSLV provides powerful policies based on specific types of traffic -- for example, it can identify and block known malware and malnet traffic, while identifying, allowing and specifically not decrypting known, good traffic that must be kept private such as personal healthcare and banking traffic -- through the intelligent Host Categorization service.
  • Simplified management - Big Monitoring Fabric controller provides a single pane of glass management/configuration for inline traffic chaining and the ability to do selective SPAN for out-of-band monitoring.
  • High availability - The solution is highly resilient against network, tool or controller failures and supports customizable health check based on Layer 2 through Layer 4 headers with aggressive health timers.

The joint solution enables policy-based insertion and chaining of security services in the DMZ, leveraging commodity open networking Ethernet switches at 10G/40G/100G speeds managed by SDN controller software. Big Monitoring Fabric selectively redirects encrypted traffic to the SSLV which decrypts SSL traffic for the use and benefit of downstream security tools. Specific chaining of security tools is attained by creating service chain policies in BMF's SDN controller. Traffic egressing the tool chain can also be optionally re-encrypted by the SSLV. The solution thus provides unmatched encrypted traffic management (ETM) to detect and eliminate SSL encrypted traffic blind spots while offering an economical solution and SDN-centric operational simplicity.

"Increasingly, today's security administrators are forced to deploy multiple security tools to protect enterprise applications, data and users from sophisticated security threats," said Peter Doggart, vice president of business development, Blue Coat Systems, Inc. "This has increased operational complexity across network and security domains tremendously, requiring a new and agile security architecture to address the need. Our partnership with Big Switch has enabled enterprise customers to deploy our powerful solution to detect, prevent and combat security threats in encrypted traffic while preserving data privacy, policy and regulatory compliance."

"We are excited to become a Blue Coat ETM Ready technology partner by delivering an innovative, SDN-based solution to combat cyber-attacks embedded within SSL encrypted traffic," said Prashant Gandhi, VP Products and Strategy at Big Switch Networks. "Our joint solution further strengthens the DMZ security service chaining and enables organizations with visibility into encrypted traffic to effectively detect and eliminate advanced threats."

Big Monitoring Fabric: 
Solution Briefs: Blue Coat SSLV and Big Monitoring Fabric (Inline) 
Blue Coat Security Analytics and Big Monitoring Fabric (formerly Big Tap)
Blue Coat ETM-Ready Certified Partners Page: 
Big Switch Technology Partnership Page:

About Big Switch Networks
Big Switch Networks is the market leader in bringing hyperscale-inspired data center networking technologies to a mainstream data center audience to deliver order of magnitude improvements in network agility, flexibility and operational efficiency. The company is taking three key hyperscale technologies -- OEM/ODM bare metal and open Ethernet switch hardware, sophisticated SDN control software, and core-and-pod data center designs -- and leveraging them in fit-for-purpose products designed for use in enterprises, cloud providers, and service providers. The company's Big Monitoring Fabric is a feature-rich next-generation Network Packet Broker to monitor and protect existing networks, and Big Cloud Fabric is the industry's most advanced open networking switching fabric intended for new data center pods such as OpenStack private cloud, VMware workloads, big data, and VDI. For additional information, email, follow @bigswitch, or visit

Big Switch Networks, Big Cloud Fabric, Big Monitoring Fabric, Switch Light OS, and Switch Light VX are trademarks or registered trademarks of Big Switch Networks, Inc. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners.