Cybercrime is one of the greatest threats facing financial institutions today. Protocols such as SSL/TLS are designed to help ensure data security and privacy, but they also introduce new levels of risk. Seventy-one percent of malware installed through phishing hides in SSL/TLS encryption. To make things even more challenging, your security inspection tools—next-generation firewalls (NGFW), intrusion detection/prevention systems (IDS/IPS), data loss prevention systems (DLP), and others—are increasingly blind to SSL/TLS traffic. And those devices that can decrypt often introduce latency when decrypting and re-encrypting across daisy-chained devices, creating additional management overhead.
71% of malware installed through phishing hides in SSL/TLS encryption.
The good news is that you don’t have to pay the high costs associated with these challenges—the highest of all being a security breach due to hidden malware. Adding F5 SSL Orchestrator to your environment ensures encrypted traffic can be decrypted, inspected by security controls, then re-encrypted. As a result, you can maximize your investments in security inspection technologies—preventing inbound and outbound threats including exploitation, callback, and data exfiltration—which also enhances your cyber-resilience strategy.
SSL Orchestrator does more than provide visibility into encrypted threats; it also applies context-based intelligence to deliver policy-based traffic steering. This allows you to decrypt only the traffic that needs to be decrypted and subsequently inspected by only the necessary inspection tools. You can manage the flow of all encrypted traffic across your entire security chain, which ensures that decryption of regulated privacy data is appropriately bypassed .
Designed to easily integrate with existing and changing architectures, and to centrally manage the SSL/TLS decrypt/encrypt function, SSL Orchestrator delivers the latest SSL/TLS protocol versions and encryption ciphers across your entire security infrastructure.
SSL Orchestrator is vendor agnostic when it comes to integrating with inspection tools, as it supports multiple topologies and protocols, so you can add and remove security services as needed without disrupting traffic flow.
READ THE TECHNICAL INTEGRATION GUIDES TO LEARN MORE ABOUT PRACTICES RECOMMENDED BY SOME KEY F5 PARTNERS.
High performance SSL/TLS decryption/re-encryption Support for inbound and outbound encrypted traffic
Dynamic service chaining
Policy-based steering of decrypted traffic; Decoupled from physical interface, port, or VLANs; Simplified security service insertion; Service monitoring and resiliency; Load balancing of multiple security devices
Contextual policy engine
Source and destination IP and subnet Port;Protocol Domain; IP geolocation; IP reputation (subscription); URL categorization (subscription); Policy-based block, bypass, and forward for inspection actions
Header changes; Support for port translation; High availability with TCP session resiliency
Robust cipher and protocol support
TLS 1/1.1/1.2/1.3; Forward secrecy/perfect forward secrecy; RSA/DHE/ECDHE with forward secrecy support SHA, SHA2, AES, AES GCM; Proxy-level control over ciphers and protocols
Outbound layer 3 explicit proxy; Outbound layer 3 transparent proxy; Inbound layer 3 reverse proxy; Outbound layer 2; Inbound layer 2; Existing application (existing LTM application)
Supported service types
HTTP web proxy services; Inline layer 3 services; Inline layer 2 services; ICAP/DLP services; Tap services
Up to 9.3 Gbps on virtual edition; 8500 transactions/second; Up to 24 Gbps on appliance; 53K transactions/second