Many businesses accept the axiom that regulatory compliance requires ever-tighter constraints on end-user activities. New services, innovative use of technology, and employee productivity often take a back seat to security mechanisms designed to block, prohibit, exclude, and forbid – particularly in heavily regulated industries such as banking.

However, the experience of Jefferies – an independent investment bank in the US – points to a new possibility: security can also be empowering. Using Blue Coat Business Assurance Technology, Jefferies has been able to meet increasingly complex compliance requirements, strengthen cyber security, offer new internal technology services, improve enforcement of corporate policies, and give its IT staff something they never expected from a security solution: peace of mind.

Meeting compliance goals was just the beginning

It’s no secret that for financial institutions, compliance requirements have been growing and evolving rapidly over the past few years. There are financial reporting and disclosure mandates such as Sarbanes-Oxley, privacy requirements such as the Gramm-Leach-Bliley Act, data security standards specified by non-US data protection regulations; the list goes on.

To help meet the increasing compliance burden, Jefferies selected the Blue Coat ProxySG appliance, an integral part of the Blue Coat Security and Policy Enforcement Center, in 2009.

Howard Berkis, VP, IT at Jefferies, says: "Initially, we were interested in getting better control over all website channels with written communications – from emails to blogs to instant messages. To be in line with regulatory requirements we needed to record all of the data safely and securely. Blue Coat has provided us the ability to selectively filter and, where necessary, block channels that are not archived and captured as per regulatory requirements. Blue Coat certainly met our needs in that area."

The Blue Coat solution was thought to be more comprehensive than other products in its capabilities, providing the needed data protection through sophisticated web filtering, visibility into SSL-encrypted traffic, web traffic inspection, content caching, bandwidth management, stream- splitting and more.

From Compliance to Enablement

"As time marched on, we saw that our compliance requirements were only increasing," explains Berkis, "and we saw that more security measures sometimes translated to lower productivity. So we were at a crossroads: we needed to satisfy our internal and external requirements and meet compliance mandates, but we needed to do so in a way that did not constrain our employees or our clients."

Berkis found that Blue Coat was uniquely capable of addressing both requirements. "We discovered that Blue Coat’s solutions gave us the capability to improve security and IT service levels at the same time," he says.

As an example, Jefferies’ human resources department wanted to enable prospective employees to post their resumes on the company’s website.

Any external connection to internal HR resources, however, would introduce security, privacy, and other compliance issues. But with Blue Coat’s Web Application Reverse Proxy (WARP) capability within its Trusted Applications Center, Jefferies was able to secure inbound connections, authenticate users, scan files for malware and put better access controls in place.

"Blue Coat’s WARP capability enabled us to provide a new service in a way that better complied with all regulations and policies, and Blue Coat made it easy and cost-effective for us to implement the solution," says Berkis. "We had looked at more traditional anti-virus solutions, and they were far more expensive, yet less effective."

Best of all, the new service was empowering without being disruptive. "The security is invisible to our employees, our website is easy for job applicants to access, and IT can be confident that it’s safe, secure, and compliant," Berkis notes. "We can still sleep at night."

Better Intelligence for Stronger Security

Today, Jefferies is expanding its use of Blue Coat solutions to get better intelligence that can be used to secure a variety of other resources, applications, and IT services.

For example, Blue Coat has helped Jefferies protect against the influx of Java-related exploits. Like many other companies, Jefferies has experienced problems related to patching multiple versions of Java – applications written with certain versions of JavaScript were vulnerable to attacks and more likely to break when rolled out into the production environment. With Blue Coat’s Security and Policy Enforcement Center, Jefferies was able to use sophisticated filtering to analyze and limit access to specific JavaScript-based sites, which enabled the company to mitigate risks by narrowing the threat environment on the web.

Even more recently, Jefferies has begun using Security Analytics Platform by Solera, for Advanced Threat Protection. Developed by Solera, a Blue Coat company, the software brings Big Data analytics to traditional security, providing a new level of intelligence that informs and guides security preparedness.

"The Security Analytics Platform gives us the ability to look at historical records we didn’t have access to in the past," says Berkis. "Now we can analyse what happened 15 minutes ago or 15 days ago – we can see exactly what led up to a security alert as well as what happened after the fact.

"It’s like having a security camera and a DVR," he added. "We can see exactly what happened, play it back again to examine it even more closely, apply analytics, and draw insights about how to protect our network. So if there is a malware incident, we can find out how the user was infected – how he or she downloaded it – and whether there was suspicious traffic not detected by the proxies. We’re better prepared, and in the end we’re better able to prevent attacks from being successful."

Blue Coat’s recent acquisitions of both Solera Networks and Netronome’s SSL technology are likely to pay off for Jefferies in other ways, according to Berkis.

"Once the capabilities of Blue Coat, Solera, and Netronome are fully integrated, we’ll be able to feed data from Blue Coat’s WebPulse (which analyses, categorizes, and rates up to a billion web sites daily) into the Solera analytics solution – and add SSL visibility on top of that. We’ll have comprehensive web intelligence to help us to identify and resolve the full scope of advanced threats, as well as enhanced intelligence for prevention."

‘Always a step ahead’

Blue Coat’s comprehensive capabilities are helping Jefferies stay a step ahead in the fast-changing threat landscape, according to Berkis.

"The role of security is changing in two key ways," says Berkis. "Cyber criminals are more cunning, so you need more sophisticated protection. And it’s no longer enough to keep criminals out; you also need to keep honest people honest – which is why the role of compliance is growing. Blue Coat helps us address both aspects. Maybe the simplest way to put it is this: Blue Coat gives us the ability to make auditors and compliance officers happy, while enabling us to keep our business moving forward."