Secure Network Traffic with Encrypted Traffic Inspection

Moving Beyond Visibility

SECTION 4

We’ve established that better visibility into encrypted traffic is key to securing your data. An SSL/TLS orchestration solution provides cost-effective decryption and encryption of inbound and outbound traffic—mitigating risk with a flexible policy-based approach. 

.     .     .     .    .     .     .     .     .     .     .     .     .    .     .     .     .     .     .     .     .     .    
.     .     .     .    .     .     .     .     .     .     .     .     .    .     .     .     .     .     .     .     .     .    
.     .     .     .    .     .     .     .     .     .     .     .     .    .     .     .     .     .     .     .     .     .    

 

F5’s SSL Orchestrator provides high-performance decryption of inbound and outbound SSL/TLS traffic, enabling security inspection to expose threats, stop attacks, and reduce business risk. 

 

01  |  Visibility Into Encrypted Traffic

With a robust SSL/TLS solution, you get decryption and re-encryption, as well as strong cipher support (including TLS 1.3), all of which allows you to see what’s going on in your encrypted traffic.

02  |  Optimal Flexibility

A solution with a full-proxy architecture gives you more control over, and more flexibility with, the different security inspection devices, network topologies, and supported ciphers in your infrastructure. It also lets you monitor and load balance your security devices to ensure that they’re functioning at peak efficiency. You can even skip a device entirely in case of failure, which adds resiliency to your network.

03  |  Efficient and Dynamic Service Chaining

This is where the real magic is. F5 SSL Orchestrator can dynamically assign, chain together, and re-use security services. This means you can drive different types of traffic through different sets of security devices, and reuse those devices in different chains—or not use them at all for traffic that does not need inspection. This makes it easy to categorize traffic so you can intelligently route it to, or around, inspection devices based on a number of different factors, including the role of specific users. You can dynamically assign, chain together, and reuse security services on the fly.

With dynamic service chaining, you can scale your SSL/ TLS solution and maximize the usage of your current security devices by letting them concentrate on the areas where they can best protect your organization. In addition, you can add or remove security services without experiencing downtime.

04  |  Better Performance

There’s only one decrypt/re-encrypt process rather than several; and it’s carried out by a high-performance orchestration device built for just that purpose.

05  |  Centralized Management

By selecting an SSL/TLS solution that provides centralized management, you can simplify the process of choosing and updating the cipher suites that help secure network connections using SSL/TLS. This drives better performance of your traffic inspection security tools, while allowing greater flexibility in managing the ciphers you use in end-to-end encryption. When necessary, the solution can support secure key storage outlined in Federal Information Processing Standards (FIPS).

SSL Orchestrator has a full-proxy architecture, which gives you more control and more flexibility over different protocols and ciphers.

INTEGRATE AND ORCHESTRATE WITH YOUR CURRENT INFRASTRUCTURE

SSL Orchestrator fits easily into your existing architecture by integrating with leading security partners. This solution creates an ecosystem that strengthens security, increases scale and availability, and lowers operational costs. SSL Orchestrator supports multiple deployment modes, easily integrating into complex architectures to centralize decryption for both inbound and outbound traffic.

SSL Orchestrator has a full-proxy architecture, which gives you more control and more flexibility over different protocols and ciphers. And it can load balance, monitor, and potentially skip failed devices. The architecture allows you to not only scale, but also intelligently maximize the correct usage of your existing security investment.
 

 

SEE HOW SSL ORCHESTRATOR WORKS WITH YOUR CURRENT INFRASTRUCTURE 

Designed to easily integrate with existing and changing architectures, and to centrally manage the SSL/TLS decrypt/encrypt function, F5 SSL Orchestrator delivers the latest SSL/TLS protocol versions and encryption ciphers across your entire security infrastructure.

SSL visibility is only the start. Organizations need better control over their security investments, and that’s where the benefits of SSL Orchestrator really shine.

VISIBILITY IS ESSENTIAL—BUT SSL ORCHESTRATOR OFFERS MORE

Adding F5 SSL Orchestrator to your environment ensures encrypted traffic can be decrypted, inspected by security controls, then re-encrypted. As a result, you can maximize your investments in security inspection technologies—preventing inbound and outbound threats including exploitation, callback, and data exfiltration—which also enhances your cyber-resilience strategy. Read the article to learn more about the benefits managing the flow of all encrypted traffic across your entire security chain.

CUSTOMER STORY: MEDICAL DATA VISION COMPANY

“We handle clinical data, so security is a backbone of our business systems and we have to focus intensely on maintaining it. The threat of targeted cyberattacks is an ever-growing one that forces us to always stay a step ahead.”

Yukihiro Watanabe
Senior Manager, Sakura DB Division Chief, Medical Data Vision Co., Ltd.

The increase in SSL/TLS traffic shows that organizations are more focused on safeguarding customer data and meeting compliance mandates related to encryption, like GDPR.  

It’s essential to move beyond visibility and orchestrate the inspection of encrypted traffic, to allow your security inspection devices to protect your apps, users, and networks. With a robust SSL/TLS orchestration solution, you’ll enjoy better visibility, increased performance, and more flexibility—so you can stop worrying about hidden malware and application exploits and focus on developing and supporting new apps to drive your business.

 

LEARN MORE ABOUT PROTECTING AGAINST ENCRYPTED THREATS

Encrypted Malware: The Hidden Threat

In Section 1, learn how attackers can use encryption to deliver malware inside the network and steal your data.

SECTION 1 >

Is TLS 1.3 the Solution?

Section 2 explains the features of TLS 1.3, and considers strategies for adopting the latest encryption protocol. 

SECTION 2 >

Inspecting Encrypted Packets

In Section 3, discover why visibility into encrypted traffic is vital to protecting your network and applications.

SECTION 3 >

The Benefits of Orchestration

Section 4 explores how SSL/TLS orchestration can help maximize the effectiveness and ROI of your security solutions.

Return to top of page

SPEAK WITH F5'S SECURITY EXPERTS

Got a security question, issue, or something else you'd like to discuss? We'd love to hear from you!
We'll make sure to contact you by email within one business day.

Thank you for your inquiry. We will be in contact with you shortly.