There are a lot of misconceptions about breaking and inspecting SSL traffic. So much so that some companies elect to go without the ability altogether.
In this video, A10 Senior Federal Lead SE James Schweitzer separates fact from fiction when it comes breaking and inspecting encrypted traffic and highlights the benefits of a dedicated decryption solution like A10 Thunder SSLi:
Misconception No. 1: Performing break and inspect will have a performance impact and users will be unhappy.
A10 has a legacy of performance and scale with our ADC solutions, which we’ve applied to SSL break and inspect with A10 Thunder SSLi to ensure it has no negative impact on performance. Users won’t experience delays and they won’t be unhappy. And, A10 Thunder SSLi will increase security posture by providing traffic decryption. It’s a win-win.
Misconception No. 2: To properly break and inspect encrypted traffic, an organization must rip and replace its existing security architecture.
A10 offers versatile deployment options – in Layer 2 or Layer 3 – for companies that are already doing some break and inspect and companies that aren’t doing it at all. If your company has web proxies, transparent or explicit, we want to work with you and let you know you don’t have to re-architect your entire network and you don’t have to rip and replace your security infrastructure to properly break and inspect SSL traffic.
Misconception No. 3: Breaking and inspecting encrypted traffic puts your keys at risk.
A10 implements a hardware security module (HSM) and can support up to four HSMs on A10 Thunder SSLi. HSMs are a one-way trap door where we can take keys in and they can’t be extracted even with physical access to the device, ensuring keys are not at risk.