Bluecoat and Websense are totally different beasts that try to do the same thing. Websense is a web filter that can be installed on almost any platform and integrate from anything from your Cisco firewalls to Microsoft ISA to a dozen other things. Bluecoat, on the other hand, works either as an explicit Proxy (meaning everyone's browsers are set to use it via a PAC file) and/or in-line where the appliance is actually sitting in the middle of all internet bound traffic (basically between your highest level router and your firewall). Both have their advantages and disadvantages... Bluecoat has more of the former.
Biggest thing against Websense is there's no appliance available-- if you want to use it you have to provide your own server hardware and OS. Windows is really the only viable OS to bother with and this is because troubleshooting (which you'll be doing a lot of) is much easier on it. Stability issues, random bugs and problems, I've had them all. Almost all of Websense's failings would be solved with an appliance and a more stable version of the software. Benefits are, of course, it's not a proxy... it can be installed ON a proxy (and at one time you could buy a Bluecoat appliance and install Websense on it) but normally you put it out-of-line. Our implementation is an integration with our Cisco firewalls (they send HTTP to Websense) and then all other protocols are picked up by a 2nd NIC card listening to the traffic pass by on a Mirror port and injecting garbage into the stream when it doesn't like something.
I'm just now starting to find how many more advantages there are when you're actually IN the line of traffic. Biggest thing is SSL interception. Ordinarily, and in Websense, HTTPS traffic is totally encrypted except for the destination IP address so that's what you have to filter on. Makes things very difficult with DNS on multiple IP's and such. Since Bluecoat is in the stream, it can be a man-in-the-middle. Instead of your SSL connection to, say, Google being 1 tunnel from you to the server; it is now an SSL connection between Google and Bluecoat, and you and Bluecoat. This requires some extra certificate juggling but in the end you're able to read the URLs of HTTPS traffic and filter accordingly without guessing.
There's also just so much more that Bluecoat is designed to do... Websense configuration consists of assigning objects (users, groups, IP's) to a policy. Policies consist of 2 parts: A Category Set or a White List, and a Protocol Set. The problem is you can only apply 1 policy per IP... you cannot merge multiple policies if you have them. Bluecoat, on the other hand, uses an ACL to do filtering. It's much more complicated because if you've ever built a firewall ACL it's all about the order-- once a rule matches I stop reading the list. This also means, however, that I can apply multiple policies to a single person depending on if they meet the criteria. It's quite powerful and half of the things you can do I don't even understand like Header rewriting and redirection and such.
Honestly, at this point I'd be happy if Bluecoat just did everything Websense did but stable... but it seems like it can do so much more and be so much more granular in what it does and how it acts.
Btw-- you mentioned filtering for personal use; I haven't looked into it but I was told by Bluecoat that they do sell a consumer version of their product. Would be much easier to buy software to put on the PC instead of building a proxy server.
EDIT-- I found it... it's actually Free... interesting.
http://www.bluecoat.com/products/k9web
