Three Misconceptions of Breaking and Inspecting SSL Traffic
There are a lot of misconceptions about breaking and inspecting SSL (Secure Sockets Layer) traffic. So much so that some companies elect to go without the ability altogether.
In this video, A10 Senior Federal Lead SE James Schweitzer separates fact from fiction when it comes breaking and inspecting encrypted traffic and highlights the benefits of a dedicated SSL/TLS decryption solution like A10 Thunder SSLi:
Performing break and SSL inspect will have a performance impact
A10 has a legacy of performance and scale with our ADC solutions, which we’ve applied to SSL break and inspect with A10 Thunder SSLi to ensure it has no negative impact on performance. Users won’t experience delays and they won’t be unhappy. And, A10 Thunder SSLi will increase security posture by providing traffic decryption. It’s a win-win.
To properly break and inspect encrypted traffic, an organization must rip and replace its existing security architecture
A10 offers versatile deployment options – in Layer 2 or Layer 3 – for companies that are already doing some break and inspect and companies that aren’t doing it at all. If your company has web proxies, transparent or explicit, we want to work with you and let you know you don’t have to re-architect your entire network and you don’t have to rip and replace your security infrastructure to properly break and inspect SSL traffic.
Breaking and inspecting encrypted traffic puts your keys at risk
A10 implements a hardware security module (HSM) and can support up to four HSMs on A10 Thunder SSLi. HSMs are a one-way trap door where we can take keys in and they can’t be extracted even with physical access to the device, ensuring keys are not at risk.