SSL/TLS Orchestration

Increase the ROI of Security Inspection Tools

MALWARE HIDES IN SSL/TLS ENCRYPTION

Cybercrime is one of the greatest threats facing financial institutions today. Protocols such as SSL/TLS are designed to help ensure data security and privacy, but they also introduce new levels of risk. Seventy-one percent of malware installed through phishing hides in SSL/TLS encryption. To make things even more challenging, your security inspection tools—next-generation firewalls (NGFW), intrusion detection/prevention systems (IDS/IPS), data loss prevention systems (DLP), and others—are increasingly blind to SSL/TLS traffic. And those devices that can decrypt often introduce latency when decrypting and re-encrypting across daisy-chained devices, creating additional management overhead.

71% of malware installed through phishing hides in SSL/TLS encryption.

HOW YOU CAN GAIN VISIBILITY INTO ENCRYPTED TRAFFIC

The good news is that you don’t have to pay the high costs associated with these challenges—the highest of all being a security breach due to hidden malware. Adding F5 SSL Orchestrator to your environment ensures encrypted traffic can be decrypted, inspected by security controls, then re-encrypted. As a result, you can maximize your investments in security inspection technologies—preventing inbound and outbound threats including exploitation, callback, and data exfiltration—which also enhances your cyber-resilience strategy.

SSL Orchestrator does more than provide visibility into encrypted threats; it also applies context-based intelligence to deliver policy-based traffic steering. This allows you to decrypt only the traffic that needs to be decrypted and subsequently inspected by only the necessary inspection tools. You can manage the flow of all encrypted traffic across your entire security chain, which ensures that decryption of regulated privacy data is appropriately bypassed .

Learn More about How F5 SSL Orchestrator Integrates with Your Security Inspection Tools

Designed to easily integrate with existing and changing architectures, and to centrally manage the SSL/TLS decrypt/encrypt function, SSL Orchestrator delivers the latest SSL/TLS protocol versions and encryption ciphers across your entire security infrastructure.

SSL Orchestrator is vendor agnostic when it comes to integrating with inspection tools, as it supports multiple topologies and protocols, so you can add and remove security services as needed without disrupting traffic flow. 

READ THE TECHNICAL INTEGRATION GUIDES TO LEARN MORE ABOUT PRACTICES RECOMMENDED BY SOME KEY F5 PARTNERS. 

KEY BENEFITS OF CENTRALIZED SSL/TLS DECRYPTION AND RE-ENCRYPTION

  • Decrypts SSL/TLS traffic ingressing or egressing your applications or network, routes to security inspection tools to expose threats or stop attacks, and then re-encrypts before sending the traffic to its destination.

  • Dynamically chains security tools based on your custom polices and network/device conditions, providing resiliency to your security stack by monitoring health and load balancing.

  • Uses the built-in context engine supporting geolocation, IP reputation, URL categorization, protocol, and other attributes to let your custom policies define intelligent routing to appropriate security inspection tools.

  • Enables the bypassing of decryption for regulated privacy data, such as traffic to or from banking- or healthcare-related websites or applications.

  • Reduces administrative costs by delivering a single platform for centralizing cipher change management across the entire security infrastructure and minimizes architectural changes.

  • Re-enables passive inspection of traffic inbound to your applications with out-of-band tools even when the traffic is encrypted with perfect forward secrecy.

  • Supports any deployment mode by flexibly integrating into complex layer 2 or 3 architectures.

 

SSL ORCHESTRATOR FEATURES

Visibility

High performance SSL/TLS decryption/re-encryption Support for inbound and outbound encrypted traffic

Dynamic service chaining

Policy-based steering of decrypted traffic; Decoupled from physical interface, port, or VLANs; Simplified security service insertion; Service monitoring and resiliency; Load balancing of multiple security devices

Contextual policy engine

Source and destination IP and subnet Port;Protocol Domain; IP geolocation; IP reputation (subscription);  URL categorization (subscription); Policy-based block, bypass, and forward for inspection actions

Granular control

Header changes; Support for port translation; High availability with TCP session resiliency

Robust cipher and protocol support

TLS 1/1.1/1.2/1.3; Forward secrecy/perfect forward secrecy; RSA/DHE/ECDHE with forward secrecy support SHA, SHA2, AES, AES GCM; Proxy-level control over ciphers and protocols

Deployment modes

Outbound layer 3 explicit proxy; Outbound layer 3 transparent proxy;  Inbound layer 3 reverse proxy; Outbound layer 2; Inbound layer 2; Existing application (existing LTM application)

Supported service types

HTTP web proxy services; Inline layer 3 services; Inline layer 2 services; ICAP/DLP services; Tap services

Throughput

Up to 9.3 Gbps on virtual edition; 8500 transactions/second; Up to 24 Gbps on appliance; 53K transactions/second

Are You Equipped to Decrypt?

Nearly 90% of page loads are encrypted with SSL/TLS and Attackers commonly use encryption to hide malicious payloads. If you’re not inspecting SSL/TLS traffic, you will miss attacks, and leave your organization vulnerable.

Read the article
Watch the video

DISCOVER MORE

Demo

SSL Orchestrator Guided Demo

Watch the demo to see how SSL Orchestrator enables your security inspection tools to inspect encrypted traffic egressing your network.

Talk to F5

Speak with F5 Security Experts

Ready to understand how to identify hidden threats and prevent attacks with SSL Orchestrator? Contact F5 today.

PRODUCT

SSL Orchestrator

Explore the latest SSL/TLS encryption management technologies, easily integrated into your entire infrastructure, and enabling your existing security inspection tool investments.

Webinar

How to Uncover Attacks Hiding in Encryption

Hear from F5 security experts on the risks associated with encrypted traffic and how to manage inspection across all your security solutions.