My managment has asked me to provide a greenfield DLP solution within our AWS cloud environment. The on-prem solution used is currently provided by Symantec using a BlueCoat SG explicit proxy configuration feeding DLP via ICAP. lLooking to do the same exact deployment within AWS with no inter dependencies between AWS and the on-prem solutions.
Since I am not familiar with deploying Symantec within the AWS cloud enviroment, I was hoping I could get some real hands practical feedback on how to deploy both the DLP and proxy solutions in AWS to meet the above stated requirements.
My initial plan was to create an inside forward-proxy BlueCoat instance ELB sandwich using transparent proxy, but found out that the AWS version of BlueCoat doesn’t support this method. My alternate plan is to use an explicit proxy configuration with both the Windows and LINUX EC2 instances to forward the internet bound HTTP/S traffic to the BlueCoat sandwich. The traffic of interest would then be sent decrypted to the Symantec DLP via secured ICAP for inspection. Does anyone have any experience with this type of solution?
If not, is there any better recommendations with getting the ec2 instances internet bound HTTPS traffic decrypted, sent to the DLP, then back to the proxies to encrypt and send onto destination if no mitigation is required? Also, can someone confirm whether or not if the AWS BlueCoat instances support ICAP? One of the customer’s resources told me that they don’t so looking for confirmation on that feature.
At this point am open to any suggestions and all feedback would be greatly appreciated.
Thanks in advance,