Recent F5 Labs analysis shows that 71% of malware installed through phishing hides in encryption. However, security inspection tools—next-generation firewalls (NGFW), intrusion detection/prevention systems (IDS/IPS), data loss prevention systems (DLP), and others—are increasingly blind to SSL/TLS traffic. In many cases, they also introduce latency by decrypting and re-encrypting on multiple daisy-chained devices. The lack of a centralized point of encrypted traffic management also creates frustrating overhead when configuration changes are necessary.
The good news is that you don’t have to live with paying the high cost of breaches due to hidden malware. Adding F5 SSL Orchestrator to your environment ensures encrypted traffic can be decrypted, inspected by security controls, then re-encrypted. As a result, you can maximize your investments in security inspection technologies—preventing inbound and outbound threats including exploitation, callback, and data exfiltration.
F5 SSL Orchestrator does more than provide visibility to encrypted threats, though. It delivers dynamic service chaining and policy-based traffic steering, applying context-based intelligence to encrypted traffic handling. This allows you to intelligently manage the flow of all encrypted traffic across your entire security chain, which also ensures you appropriately bypass decryption of regulated privacy data within the traffic.
71% of malware installed through phishing hides in SSL/TLS encryption.
Designed to easily integrate with existing and changing architectures, and to centrally manage the SSL/TLS decrypt/encrypt function, F5 SSL Orchestrator delivers the latest SSL/TLS protocol versions and encryption ciphers across your entire security infrastructure.
SSL Orchestrator is vendor-agnostic when it comes to integrating with inspection tools, as it supports multiple topologies and protocols, so you can add and remove security services as needed without disrupting traffic flow.
Read the technical integration guides below to see what practices some key F5 partners recommend.
|Visibility||High performance SSL/TLS decryption/re-encryption Support for inbound and outbound encrypted traffic|
|Dynamic service chaining||Policy-based steering of decrypted traffic
Decoupled from physical interface, port, or VLANs
Simplified security service insertion
Service monitoring and resiliency
Load balancing of multiple security devices
|Contextual policy engine||Source and destination IP and subnet Port
IP reputation (subscription)
URL categorization (subscription)
Policy-based block, bypass, and forward for inspection actions
|Granular control||Header changes; Support for port translation
High availability with TCP session resiliency
|Robust cipher and protocol support||TLS 1/1.1/1.2/1.3
Forward secrecy/perfect forward secrecy RSA/DHE/ECDHE with forward secrecy support SHA, SHA2, AES, AES-GCM
Proxy-level control over ciphers and protocols
|Deployment modes||Outbound layer 3 explicit proxy
Outbound layer 3 transparent proxy
Inbound layer 3 reverse proxy
Outbound layer 2
Inbound layer 2
Existing application (existing LTM application)
|Supported service types||HTTP web proxy services
Inline layer 3 services
Inline layer 2 services
|Throughput||Up to 9.3 Gbps on virtual edition
Up to 24 Gbps on appliance
Got a security question, issue, or something else you’d like to discuss?
We’d love to hear from you!