According to F5 Labs’ 2017 TLS Telemetry Report, 70% of all internet traffic is now encrypted. And, according to F5 Labs’ recently published Phishing and Fraud Report, 68% of malware sites leverage encryption, and 90% of all phishing websites are encrypted. So, it’s easy to see that encryption is now the norm.
Driving this new norm are cloud-based apps such as Microsoft Office 365, Google G Suite, and others that liberally leverage encryption, as do today’s web apps and social media. And, while regulations such as the European Union’s General Data Protection Regulation (GDPR) don’t require encrypted communications and traffic, many organizations feel that they must implement encryption to ensure their user’s privacy.
While great for privacy, encryption delivers drawbacks in other areas. Traffic visibility is significantly reduced due to the explosion in the use of SSL/TLS encryption, increasing an organization’s exposure to hidden threats. In addition, leveraging existing security solutions to perform the encryption/decryption/inspection functions degrades performance, particularly at scale, resulting in latency and a subpar user experience. Complexity is also increased, burdening staff with inefficiencies and creating more chances for human error.
Encrypted communications cannot be seen like clear text and therefore are passed through without inspection, creating security blind spots. Cryptologic advances, such as Perfect Forward Secrecy (PFS), force organizations to deploy their security devices inline to conduct traffic inspection. However, many security devices are unable to perform decryption at scale if placed inline. So, security teams resort to manually connecting point products, creating a daisy-chained security stack consisting of multiple security devices. But, these statically configured security stacks are complex, fail to adapt to changing network conditions, and can introduce latency and single points of failure.
Attackers leverage the blind spots left by encrypted traffic by commonly hiding malware and other exploits within encrypted payloads. They also use encrypted channels to evade detection during command-and-control (C2) activities, and even data exfiltration. Without consistent, sustainable visibility into encrypted traffic, organizations are defenseless against these threats that compromise their critical assets and data.
Enter F5 and Cisco
Cisco has delivered one of the industry’s first fully-integrated, threat-focused next-generation firewalls (NGFW) with unified management. Cisco Firepower Next-Generation Firewall (NGFW) is a leading next-generation firewall and intrusion prevention system (IPS) built to block more threats and quickly mitigate those that breach defenses with hardware and software options that combine Cisco’s proven network firewall with the industry’s most effective next-gen IPS and advanced malware protection (AMP).
When coupled with the F5 SSL Orchestrator, the Cisco Firepower series’ threat mitigation and performance capabilities are optimized. As SSL Orchestrator performs the computationally heavy workload of decrypting traffic before distributing it to other devices in a security stack, those same security devices are now able to cost-effectively scale and ensure security, which is what they’re meant to do in the first place.
F5 SSL Orchestrator centralizes traffic decryption and re-encryption using its best-in-class hardware acceleration with modern cipher implementations and software orchestration, decrypting traffic, then distributing it to other devices, like the Cisco Firepower NGFW, in a security stack. This enables Cisco Firepower NGFW to focus on providing advanced threat detection and protection.
But, visibility into encrypted traffic is now just table stakes; more is needed. F5 SSL Orchestrator identifies and categorizes encrypted traffic so that it’s handled according to policy, ensuring compliance with privacy regulations and business practices. It enables policy-based steering of traffic, eliminating the need to daisy chain multiple security devices.
Cisco Firepower NGFW has onboard SSL decryption capabilities but organizations can choose to offload that work to F5 SSL Orchestrator so that all of the considerable horsepower of Cisco Firepower NGFW can be dedicated to protecting their network.
Together, F5 SSL Orchestrator and Cisco Firepower NGFW help optimize actionability, availability, and orchestration, increasing security posture and threat mitigation, future-proofing existing investments in security solutions, and delivering a superior user experience.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...