A majority of traffic traversing the internet is encrypted. Some put the estimate at nearly 70 percent.
And while encryption is intended to keep traffic secure, it can have the unintended consequence of creating a blind spot in your network, which bad actors and malicious insiders can exploit to introduce malware and steal data. Most network devices are therefore blind to this bad traffic because it uses encryption as a sort of cloak of invisibility.
In this video, watch A10 Director of Product Management Yasir Laiqahtullah discuss the importance of SSL (Secure Sockets Layer) decryption.
Allowing encrypted traffic to flow freely without decrypting means you’re not analyzing files that pass through your network, and these files can contain malware, ransomware and more that can infect your network and your applications. Thus, the investment you’ve made in these network devices goes to waste.
For example, a large percentage of a typical enterprise’s network security budget is spent on next-generation firewalls, intrusion prevention systems, intrusion detection systems, secure web gateways and similar devices. These devices are designed specifically to inspect and block malicious traffic, but if you’re not inspecting 70 percent of the traffic–traffic that is encrypted–these devices aren’t fully doing their job and therefore the investment you made in them is going to waste.
On top of that, not all devices can decrypt traffic effectively. While they were originally designed to act on decrypted or plain text traffic, the rise of encryption has made these devices inadequate to decrypt without severely taxing CPU performance, which can create additional security costs to compensate for lost performance.
Devices that can perform decryption suffer a massive performance hit–as much as 60 percent–when decryption is turned on. This decryption tax often prompts organizations to not decrypt out of fear of degrading performance. And with that you’re back to the unknown of encrypted traffic entering and leaving your network with unwanted content, bypassing your security devices.
This is a major cause concern.
A10 Networks five years ago introduced a technology called SSLi (SSL Insight). A10 Thunder SSLi can create a decryption zone. It decrypts encrypted traffic and feeds it to multiple network security devices in the decrypt zone for inspection. From there, SSLi takes the traffic back, re-encrypts it and sends it along. This minimizes the performance hit and maximizes your budget network security spend.
You gain visibility into encrypted traffic while getting the most out of your network security investment. It’s a win-win.