SSL Intercept: Securing Encrypted Traffic
Securing Encrypted Traffic
The security industry has shifted its focus to the client side. Malware and other malicious programs are increasingly being installed unknowingly on client computers where they can replicate to other clients, and relay information to malicious entities. Security vendors provide tools to detect and mitigate these problems by inspecting the traffic between client and the untrusted side of the network (the Internet). At the same time, most online web services or cloud applications now use TLS/SSL to secure the session with the client. While this is a good strategy for many reasons, it introduces a problem for active traffic inspection tools—the information is encrypted and thus, unreadable.
A10’s SSL Intercept feature addresses this problem by decrypting traffic and forwarding it through a 3rd party security device (for example, a firewall) for deep packet inspection and then securely forwarding on to its destination.
Gain higher visibility of SSL encrypted traffic in your network using our SSL Intercept technology encrypted traffic from the client or server is decrypted by the A10 ADCs, sends the data to the security appliance of choice for deep packet inspection. After inspection, the A10 ADC device encrypts the data and securely forwards it to the destination
Enhanced Security: Many security devices such as firewalls, intrusion protection systems and anti-virus protection devices are built to perform in-depth traffic analysis of unencrypted flows, and make policy decisions.
These devices usually are not designed to inspect SSL traffic because the content is encrypted. Some devices offer internal SSL decryption/encryption support but usually the performance requirements are not satisfied. A10 Networks "SSL Intercept" solution allows security devices to inspect SSL content by offloading CPU-intensive encryption and decryption tasks from the security devices to A10 ADCs
High performance with SSL acceleration hardware: A10 ADCs with powerful SSL security processors can significantly improve the performance of your critical business applications and services by managing multiple secure connections simultaneously with exceptional SSL CPS rates. With SSL acceleration hardware, the Thunder device has near parity performance for the upgrade to 2048-bit key sizes, and has the extreme power needed to handle 4096-bit keys at high performance production levels.
SSL Intercept, also known as SSL forward proxy, is a technology consisting of two SSL termination devices that have separate secured sessions between server and client. The adjacent diagram explains the flow. The encrypted traffic from the client (1) is decrypted by the AX on the client side and sends the unencrypted data (2) to the security appliance of choice. After inspection, the AX device on the server side receives the data from the security device, encrypts the data again and sends it to the server (3). The same process takes place for the encrypted traffic from the server (4); it is decrypted (5), inspected and forwarded to the client, but now encrypted (6).