You would like to know if we can use our ProxySG/ASG and ProxyAV to block this malware or do we need additional equipment such as SSLVA appliance.
To block cryptolocker or gameover zeus, our MAA (https://www.symantec.com/products/atp-content-malware-analysis) appliance would be needed and also the ProxySG/ASG will need to enable SSL Interception as the malware traffic is traveling via SSL. The SSL Intercept is to break down to see the traffic and the MAA is to detect the malware. You’ll need to refer to our Bluecoat SE for further details on this MAA devices if you are planning to implement in your environment.
If want to block this malware from being downloaded from websites, then the Blue Coat Web Filter (BCWF) and WebPulse would help but this is if the site has been reviewed and categorized; then the proxy can just deny users access to the site if configured. If those sites are new and has not been categorized yet, then it might still pass through. So best bet is to use the MAA appliance mentioned above.
Additional notes: Another options to decrypt SSL traffic are by installing SSLVA (https://www.symantec.com/products/ssl-visibility-appliance) into your environment. The benefit of having SSLVA is that its allow to decrypt and analyze the content of SSL traffic as required. You may refer to our Symantec SE for further details on this SSLVA device if you want to know more.
Imported Document ID: 000023761
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.