Tools Challenged by SSL Decryption?
Gigamon Menu
Gigamon
SSL/TLS as a Potential Threat Vector
SSL/TLS encryption is rising as enterprises deploy more software to private and public clouds and making wider use of software-as-a-service (SaaS) applications. In fact, 80 percent of internet traffic will be decrypted by the end of 2019.
Unfortunately, encryption isn’t limited to well-meaning parties. Consider that 60 percent of malware is cloaked in encrypted traffic. Cybercriminals use encryption to conceal malware, hide command-and-control traffic and cloak the exfiltration of stolen data.
Given the amount of encrypted traffic and the threat vector it now poses, you need a way to efficiently decrypt traffic, share it with tools and then re-encrypt it.
What is SSL/TLS Decryption?
To protect vital data, businesses and other organizations implement Transport Layer Security (TLS), commonly referred to as the superseded Secure Socket Layer (SSL), to encrypt data as it is exchanged over IP networks. SSL/TLS creates a secure channel between users’ computers or other devices as they exchange information over the internet.
TLS is an industry standard based on a system of trusted certificates issued by certificate authorities and recognized by servers. SSL was replaced by the TLS standard in 2015.
While protecting data, encryption also blinds security and application monitoring tools. The decryption of SSL/TLS traffic is crucial for these tools. However, it is extremely computationally intensive and can introduce network latency.
The best architecture minimizes the decryption required to inspect all relevant traffic while offering legal and privacy controls. The centralized approach offered by Gigamon, decrypt once and feed all tools, provides such an architecture.
Decrypt Once and Scale Your Security Stack
SSL Decryption is critical to securing today’s enterprise networks due to the significant growth in applications and services using encrypted traffic. Malware increasingly uses SSL/TLS sessions to hide, confident that security tools will neither inspect nor block its traffic. When that happens, SSL/TLS sessions can become a liability, inadvertently camouflaging malicious traffic. In other words, the very technology that makes the Internet secure can become a significant threat vector.
Enabling SSL decryption uses the root certificate on client machines, acting as Certificate Authority for SSL requests. This makes it possible to decrypt, inspect and then re-encrypt SSL traffic before sending it off to its destination. This helps ensure that only authorized traffic is entering the network, and that malware hidden in SSL/TLS sessions is exposed and dealt with.
GigaSMART Decryption
GigaSMART® SSL/TLS Decryption is a licensed application that enables SecOps, NetOps and applications teams to obtain complete visibility into SSL/TLS traffic regardless protocol or application, so that they can monitor application performance, analyze usage patterns and secure their networks against data breaches and threats using encrypted communications. Gigamon supports both inline/Man in the middle and passive/out-of-band decryption of SSL/TLS, meeting the diverse needs of your organization.
- SSL/TLS detection on any port or application
- 10 Mb to 100Gb interface support
- Decrypt once, share with any tools as many times as you need
- Strong crypto support including Diffie-Hellman Ephemeral, Elliptic Curves, Poly1305/ChaCha20
- Power controls over certificate validation, extending Certificate Revocation Lists and Online Certificate Status Protocol (OCSP)
- Integration with the Venafi Trust Protection Platform™ to centralize key management and validation
- Meet privacy and compliance requirements: included support for URL categorization
Benefits of SSL Decryption on Different Architectures
Traditional inline decryption technologies have limitations over inline decryption on a Security Delivery Platform. Firewalls and web security gateways decrypt SSL/TLS traffic but often cannot deliver that decrypted traffic to other monitoring and security tools. Likewise, load balancers are good at terminating SSL/TLS traffic and load balancing to servers but lack the ability to distribute this traffic to multiple inline security tools prior to re-encryption. Lastly, these solutions lack the traffic selection controls to forward non-encrypted traffic at line rate and often send all traffic to the decryption engine, creating performance challenges.
| GigaSMART SSL Decryption | Firewall | Load Balancer | Standalone Decryptors | |
| Enhances existing security tools be centralizing and offloading SSL decryption and re-encryption. |  |
|
||
| Exposes hidden threats, data exfiltration and malware. | |
|
|
|
| Supports flexible arrangements of inline security tools with automated resiliency against failures. | |
|||
| Respect data privacy compliance with policy-based selective decryption. | |
|
|
|
| Service chain multiple traffic intelligence applications (eg. Packet slicing, masking, de-duplication, Adaptive Session Filtering). | |
|
EBOOK
Encrypted Threats are Lurking in Your Traffic
|
SOLUTION BRIEF
SSL/TLS Decryption
|
DEPLOYMENT GUIDE
Visibility for Small Enterprises and Remote Sites. |
| Accelerate detection and response with SSL/TLS decryption. | Scalable, automatic visibility and management of SSL/TLS traffic. | Instructions for deploying Inline SSL on GigaVUE-OS within an enterprise network. |
| READ NOW | READ NOW | READ NOW |
Training: SSL Decryption
Learn about Gigamon Inline SSL Decryption from the leader in visibility.
Related Pages
