The SSL (Secure Sockets Layer) protocol and its modern, more secure replacement TLS (Transport Layer Security), are used to encrypt web traffic. Encrypting data in transit is standard practice, with approximately 90% of web pages now being encrypted. Although this helps prevent data breaches, cyber criminals use these encrypted channels to propagate malware and exfiltrate data, knowing they can bypass traditional security inspection solutions that don’t decrypt traffic.
Security inspection tools such as next-gen-firewalls (NGFW), data-loss protection (DLP) systems, intrusion detection/protection systems (IDS/IPS), web gateways, and others are great at finding threats within traffic. However they do not efficiently decrypt traffic before inspecting. This leaves security inspection tools blind to encrypted threats, and allows malware or intellectual property data to flow through without being inspected or stopped where appropriate. SSL Decryption, also referred to as SSL Visibility, is the process of decrypting traffic at scale and routing it to various inspection tools which identify threats inbound to applications, as well as outbound from users to the internet.
The use of SSL/TLS encryption for web traffic has increased dramatically due to several reasons:
In addition to threats that hide within encryption, you need to be aware of other challenges when designing or maintaining an architecture to inspect traffic. They include:
By applying policy-based decryption and traffic steering to both your inbound and outbound traffic, you gain visibility into encrypted traffic as well as greater efficiency and resiliency of your entire inspection tool stack.
By choosing an SSL/TLS solution that provides for centralized management, you can simplify the process of choosing and updating the cipher suites that help secure network connections using SSL/TLS. This drives better performance of your traffic inspection security tools, while allowing greater flexibility in managing the ciphers you use in end-to-end encryption.