We are helping a customer with a major implmentation of Bluecoat Proxy, and it does seem that folks are able to bypass this as/when they want via tethered mobiles, etc...
My understanding is that the integration between Defender ATP & MCAS resolves this aspect of a "potential blind spot" with respect to Shadow IT - Defender ATP logs from devices out in the field are fed back into Defender ATP Console - then piped into MCAS?
Is this correct? There is a Bluecoat SG connector in MCAS (but not one in Azure Sentinel?) so we can see this can be plumbed in - but we're looking at how to showcase that MCAS can this gap if this does stand up?
Do we *NEED* to connect Bluecoat Proxy to Sentinel or MCAS? If we can "pick up" the same info via Defender ATP & MCAS integration, then is this needed….?
Is anyone from the MCAS or Defender ATP side going to be at the RSA Conference in Singapore next week?