Encryption: What You Can’t See Can Hurt You

SSL encryption is a double-edged sword for organizations. It bolsters security by providing confidentiality and message integrity. It enables users to verify the identity of application owners and it allows applications to authenticate users with client certificates. As threats like snooping, phishing, and data theft continue to grow, encryption has become an essential way to protect users and data.

But encryption also puts organizations at risk. Hackers leverage encryption to conceal their exploits from security devices like firewalls, intrusion prevention systems, forensics solutions and more that can’t keep up with increasing SSL decryption demands or that cannot decrypt SSL traffic at all because of their location in the network.

How serious is the threat? According to a recent Gartner survey, “less than 20% of organizations with a firewall, an intrusion prevention system (IPS) or a unified threat management (UTM) appliance decrypt inbound or outbound SSL traffic.”[1] This means that hackers can evade over 80% of companies’ network defenses simply by tunneling attacks in encrypted traffic.

SSL Usage on the Rise

To reduce the risk of snooping and theft, an increasing number of applications encrypt data using SSL or SSL’s successor, Transport Layer Security (TLS). SSL usage has become ubiquitous and many leading websites now encrypt every web request and response. In fact, 48% more of the million most popular websites use SSL in 2014 than a year earlier.[2]

However, the transition from 1024- to 2048-bit SSL key lengths, combined with growing SSL bandwidth demands, has burdened security devices that decrypt SSL traffic. The impact of decryption on security devices is startling. Analysis by NSS Labs reveals that 2048-bit SSL ciphers “caused a mean average of 81% in performance loss”[3] for seven leading next-generation firewalls.

High-Speed SSL Decryption with SSL Insight

To help organizations decrypt and inspect SSL traffic without degrading network performance, A10 has introduced SSL Insight. Included as a feature of the A10 Thunder Application Deliver Controller (ADC), SSL Insight enables third-party security devices to inspect encrypted traffic. With SSL Insight, organizations can eliminate the blind spot imposed by SSL encryption.

URL Classification for SSL Insight to Keep Trusted Data Encrypted

On August 5th, A10 announced several enhancements for SSL Insight. These enhancements, which will be available in ACOS version 4.0 P1, include:

SSL Insight is included with Thunder ADC at no additional charge. A10’s all-inclusive feature licensing ensures that any Thunder ADC appliance can support any feature, at any given time, for peace of mind and maximum uptime.

To learn more about these new features, see the A10 press release or our joint press release with Webroot.

You can also view our SSL Insight Solution Brief for more information about A10’s SSL Insight technology. And stay tuned for more SSL Insight announcements in the upcoming weeks.

[1] Gartner, Security Leaders Must Address Threats From Rising SSL Traffic, December 2013
[2] Netcraft, January 2014 Web Server Survey
[3] NSS Labs, SSL Performance Problems, June 2013


August 5, 2014

About Andrew Hickey

Andrew Hickey serves as A10's editorial director. Andrew has two decades of journalism and content strategy experience, covering everything from crime to cloud computing and all things in between. READ MORE