According to F5 Labs’ 2017 TLS Telemetry Report, 70% of all internet traffic is now encrypted. And, according to F5 Labs’ recently published Phishing and Fraud Report, 68% of malware sites leverage encryption, and 90% of all phishing websites are encrypted. So, it’s easy to see that encryption is now the norm.
Driving this new norm are cloud-based apps such as Microsoft Office 365, Google G Suite, and others that liberally leverage encryption, as do today’s web apps and social media. And, while regulations such as the European Union’s General Data Protection Regulation (GDPR) don’t require encrypted communications and traffic, many organizations feel that they must implement encryption to ensure their user’s privacy.
While great for privacy, encryption delivers drawbacks in other areas. Traffic visibility is significantly reduced due to the explosion in the use of SSL/TLS encryption, increasing an organization’s exposure to hidden threats. In addition, leveraging existing security solutions to perform the encryption/decryption/inspection functions degrades performance, particularly at scale, resulting in latency and a subpar user experience. Complexity is also increased, burdening staff with inefficiencies and creating more chances for human error.
Encrypted communications cannot be seen like clear text and therefore are passed through without inspection, creating security blind spots. Cryptologic advances, such as Perfect Forward Secrecy (PFS), force organizations to deploy their security devices inline to conduct traffic inspection. However, many security devices are unable to perform decryption at scale if placed inline. So, security teams resort to manually connecting point products, creating a daisy-chained security stack consisting of multiple security devices. But, these statically configured security stacks are complex, fail to adapt to changing network conditions, and can introduce latency and single points of failure.
Attackers leverage the blind spots left by encrypted traffic by commonly hiding malware and other exploits within encrypted payloads. They also use encrypted channels to evade detection during command-and-control (C2) activities, and even data exfiltration. Without consistent, sustainable visibility into encrypted traffic, organizations are defenseless against these threats that compromise their critical assets and data.
Cisco has delivered one of the industry’s first fully-integrated, threat-focused next-generation firewalls (NGFW) with unified management. Cisco Firepower Next-Generation Firewall (NGFW) is a leading next-generation firewall and intrusion prevention system (IPS) built to block more threats and quickly mitigate those that breach defenses with hardware and software options that combine Cisco’s proven network firewall with the industry’s most effective next-gen IPS and advanced malware protection (AMP).
When coupled with the F5 SSL Orchestrator, the Cisco Firepower series’ threat mitigation and performance capabilities are optimized. As SSL Orchestrator performs the computationally heavy workload of decrypting traffic before distributing it to other devices in a security stack, those same security devices are now able to cost-effectively scale and ensure security, which is what they’re meant to do in the first place.
F5 SSL Orchestrator centralizes traffic decryption and re-encryption using its best-in-class hardware acceleration with modern cipher implementations and software orchestration, decrypting traffic, then distributing it to other devices, like the Cisco Firepower NGFW, in a security stack. This enables Cisco Firepower NGFW to focus on providing advanced threat detection and protection.
But, visibility into encrypted traffic is now just table stakes; more is needed. F5 SSL Orchestrator identifies and categorizes encrypted traffic so that it’s handled according to policy, ensuring compliance with privacy regulations and business practices. It enables policy-based steering of traffic, eliminating the need to daisy chain multiple security devices.
Cisco Firepower NGFW has onboard SSL decryption capabilities but organizations can choose to offload that work to F5 SSL Orchestrator so that all of the considerable horsepower of Cisco Firepower NGFW can be dedicated to protecting their network.
Together, F5 SSL Orchestrator and Cisco Firepower NGFW help optimize actionability, availability, and orchestration, increasing security posture and threat mitigation, future-proofing existing investments in security solutions, and delivering a superior user experience.