The release of version 4.0 of F5 Networks’ SSL Orchestrator solves one of the most vexing security problems of the last five years: visibility into encrypted user traffic. Security budgets have invested billions in high-falutin’ security controls that are amazing at sandboxing, deep-packet inspection, and artificial intelligence, but blind when it comes to encryption. The situation is critical, because the percentage of encrypted user traffic has more than doubled since 2014, exceeding 80 percent, according to F5 Labs' 2017 TLS Telemetry report. So, of course, now there are SSL visibility solutions that provide decryption services allowing those security controls to see what they’re doing.
But visibility, by itself, isn’t enough. Security teams and network operations have found that setting up decryption zones is not easy. Not easy at all. Security teams often have to resort to manual daisy-chaining or tedious configuration to manage decryption/encryption across the entire security stack. And then they find that exceptions abound. Basically, it’s been a pain in the *checks notes* neck.
Enter version 4.0 of F5’s SSL Orchestrator, which sure enough delivers visibility but differentiates itself from the pack with orchestration. Orchestration provides policy-based traffic steering to a service chain based on risk and dynamic network conditions.
Via the virtue of being a full-proxy for both SSL/TLS andHTTP, SSL Orchestrator can make intelligent decisions to steer inbound and outbound traffic to service chains within the security stack. No other solution can do that.
The key takeaway, should you neglect to read after the fold, is that no matter how complicated your inbound and outbound encryption requirements are, the SSL Orchestrator can bring visibility back to your millions of dollars of inspection hardware.
More Dynamic Service Chaining
F5 introduced the concept of security service chaining in the earlier versions of the SSL Orchestrator. Different kinds of network traffic should get different kinds of inspection, amirite? For example, outbound traffic from admin workstations should receive the most scrutiny and pass through all existing security controls unencrypted. But VDI sessions from the business units’ contractors can skip the sandbox and the IPS on their way out.
Version 4.0 improves its security control insertion chaining, load balancing, and monitoring methods in notable ways, such as those described below.
Visibility Gets (More) Visual!
If you’re thinking that sounds complicated or confusing, stay with us through the mid-sentence anxiety, because the SSL Orchestrator makes service chaining easy! As it happens, the Orchestrator’s Visual Policy Editor (VPE) lets you drag-and-drop chains into your architecture so you can actually see the way traffic visibility is enabled.
Visibility: Not Just for HTTPS Anymore
Sure, the majority of your traffic is HTTPS, but if you’re a larger organization and you have all kinds of protocols flowing through your kit, you might also be handling some FTP(S), IMAP, POP3, and ICAP. And, because of the recent focus on opportunistic encryption, many applications are using STARTTLS for those services. You’re probably thinking “that’s WAY too advanced for F5 to handle.” Well, you’re wrong, Kenny, because SSL Orchestrator can now detect and correctly decrypt opportunistic encryption like STARTTLS within FTP, IMAP, POP3, and ICAP.
Optimizing ICAP
The majority of ICAP services we integrate with are anti-virus (AV). AV can add significant latency (obviously) so SSL Orchestrator has added some tweaks. You can now create policies that only send certain types of requests/responses over ICAP. One common example is to scan only POST requests and bypass the rest of payloads. We’re not saying that’s the recommended way to do it, but that’s what the people want so we gave it to them.
All That and a Bag of Chips
If you want to know more about the chewy goodness that’s inside version 4.0 of the SSL Orchestrator, here’s a splash of bullet points (and links to more information further below).
What’s New in Version 4.0
- Updated setup utility with resource provisioning capabilities
- Inspection of all traffic for malware and data exfiltration
- Flexible deployment modes to integrate across your entire security infrastructure
- Analytics and enhanced logging settings and categories
- L7 application settings for specific traffic (IMAP, SMTPS, POP3, FTP, HTTP)
- High availability with best-in-class load balancing, health monitoring, and SSL offload capabilities
And lastly, remember this: You need to scan your inbound and outbound traffic for tomorrow’s threats, and SSL Orchestrator is the tool that lets your security controls keep your organization’s name out of the (figurative) papers and away from those pesky GDPR fines.
Additional Resources
- SSL Orchestrator product page
- SSL Orchestrator solution overview
- Partner-themed blog on SSL Orchestrator
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...