Thunder® SSL Insight (SSLi®)

SSL/TLS Visibility

A comprehensive SSL/TLS decryption solution that enables your security devices to efficiently analyze all enterprise traffic while ensuring compliance, privacy, and boosting ROI

Schedule Demo Start Your 30-Day Free Trial

Key Benefits of Thunder SSLi

Legacy Security is Inadequate

Eliminate the Blind Spot

Legacy Security is Inadequate

Ensure Compliance and Privacy
  • Ensure compliance with security and privacy standards like HIPAA, PCI and GDPR
  • Maintain granular, policy-based control over your network traffic
  • Ensure user privacy with traffic categorization and bypassing

Legacy Security is Inadequate

Increase ROI
  • Secure your investments by eliminating the blind spot that affects your existing security devices
  • Boost the performance of your security infrastructure by off-loading decryption
  • Avoid unnecessarily replacing or upgrading your existing devices

Exposing Hidden Threats in SSL Encrypted Traffic

In response to the rising cost of cybercrime over the past several years, as well as concerns about protecting data privacy, organizations have increasingly adopted SSL encryption to safeguard their valuable information assets. As of 2018, Google has stated 94% of all their network traffic in North America uses SSL encryption, but this has created new risks. Hackers take advantage of SSL encryption to hide malware, ransomware and bypass defenses.

Download Ebook

Key Features of Thunder SSLi

Full Visibility of Network Traffic

Full Network Traffic Visibility

  • Decrypt traffic across all TCP ports and advanced protocols like SSH, STARTTLS, XMPP, SMTP and POP3
  • Deliver high- performance decryption with multiple cipher suites including elliptical curve cryptography (ECC) for perfect forward secrecy (PFS) support
  • Provide network traffic visibility to all security devices, including inline, out-of-band and ICAP- enabled devices
Data Loss Prevention

Data Loss Prevention

  • Stop encrypted data exfiltration by providing visibility to your existing Data Loss Prevention (DLP) systems
  • Connect to any DLP system using the in built-in ICAP support
Full-Proxy Control

Full-Proxy Control

  • Control which ciphers are used for encryption between the client and SSLi, and between the SSLi and server
  • Renegotiate to ciphers of similar strength to prepare for future ciphers or TLS versions
  • Be ready for TLS 1.3, avoiding deployment complications
Compliance and Security

Compliance and Security

  • Selectively bypass traffic decryption to enforce privacy policies using a list of over 460 million domains
  • Ensure compliance with GDPR via selective SSL decryption traffic, stopping SSL encrypted data exfiltration
  • Use URL filtering to block access to specific web categories, including known malicious destinations, to maximize employee productivity and security
  • Leverage multiple onboard HSMs to enable secure and tamper-proof storage of encryption keys
Traffic Steering

Traffic Steering

  • Selectively steer traffic based on fine-grained policies including application type and/or user ID
  • Increase security capacity by load-balancing multiple security devices
  • Augment SaaS growth with traffic categorization and local breakout
Analytics & Management

Analytics & Management

  • Gain real-time, actionable insights into traffic statistics, categorization, suspicious activities, and more
  • Manage multi-site deployments from a central location
  • Simplify management and configuration with on-box AppCentric Templates (ACTs)

Centralized Decryption & Control

Decrypt traffic for your entire security infrastructure, gain actionable insights and supplement your enterprise growth by managing multi-site SSLi deployments from a central location.

Centrally Manage Your Apps

Network Integrations

Built to seamlessly integrate with your existing security infrastructure

Legacy Security is Inadequate

Next- Generation Firewalls
  • Cisco FirePOWER and WSA
  • Palo Alto Networks NGFW
  • Check Point NGFW
  • SonicWALL SuperMassive NGFW

Legacy Security is Inadequate

Other Integrations
  • Digital Guardian DLP
  • RSA NetWitness
  • Symantec ProxySG and DLP
  • Forcepoint Trusted Gateway System
  • IBM QRadar Incident Forensics
  • Trend Micro Deep Security
  • Bivio Networks Cybersecurity

Legacy Security is Inadequate

Intrusion Prevention Systems
  • McAfee Network Security Platform
  • Secureworks iSensor
  • Fidelis Cybersecurity Network

Legacy Security is Inadequate

Advanced Threat Protection
  • FireEye Network Security
  • OPSWAT ICAP Server

Additional Options

Additional services, products, solutions in which you may be interested.

Legacy Security is Inadequate

Harmony Controller

Gain comprehensive, real-time and actionable insights with application-level visibility.

Simplify operations and increase agility. Centrally- manage deployment and security policy implementation.

Legacy Security is Inadequate

Thunder CFW

Upgrade to a Thunder CFW and gain access to additional security capabilities, including stateful and application-level firewall capabilities

Legacy Security is Inadequate

SSL Visibility Scale-Out with Thunder ADC

For solutions where hyperscale performance is required, Thunder ADC can be used to distribute traffic across multiple Thunder SSLi devices.

Let Us Help

Learn why thousands of businesses trust A10 Networks to protect and deliver their mission-critical applications

Contact Sales