To prevent cyber-attacks, enterprises need to inspect incoming and outgoing traffic for threats. Unfortunately, attackers are increasingly turning to encryption to evade detection. With more and more applications using encrypting data- in fact, today, SSL traffic accounts for 25% to 35% of all Internet traffic1 -organizations that do not inspect SSL communications are providing an open door for attackers to infiltrate defenses and for malicious insiders to steal sensitive data.
The Current State of Insecurity
Worldwide spending on information security will reach a staggering $71.1 billion in 2014,2 as organizations stack up firewalls around their network perimeters and inspect incoming and outgoing traffic with an array of products including secure web gateways, forensic tools, advanced threat prevention platforms, and more.
Unfortunately, as SSL traffic increases, our collective $70+ billion investment in security is falling far short of protecting digital assets. This is because, according to a survey by Gartner, "less than 20% of organizations with a firewall, an intrusion prevention system (IPS) or a unified threat management (UTM) appliance decrypt inbound or outbound SSL traffic."3 This means that for over 80% of organizations, attackers can simply tunnel attacks in SSL traffic to circumvent defenses.
Gain Visibility into Encrypted Traffic with SSL Insight
Thunder SSLi eliminates the SSL blind spot in corporate defenses and enables security devices to inspect encrypted traffic – not just clear text. Thunder SSLi decrypts SSL-encrypted traffic and forwards it to third-party security devices for inspection. Once the traffic has been analyzed and scrubbed, Thunder SSLi encrypts it and forwards it to the intended destination. SSL inspection, also known as SSL forward proxy, is a technology consisting of two SSL termination devices that have separate secured sessions between server and client. The adjacent diagram explains the flow.
Because one Thunder SSLi appliance can also support multiple, virtual ADCs using A10’s Application Delivery Partition (ADP) technology, customers can deploy a single Thunder SSLi appliance to perform both SSL decryption and encryption functions. Therefore, customers can deploy a single appliance to gain visibility into SSL traffic.
Thunder SSLi can also decrypt SSL traffic and send it unencrypted to security devices deployed off of network SPAN ports. By mirroring traffic, Thunder SSLi allows non-inline security devices to inspect all communications for unauthorized activity.
Protect Critical Assets without Degrading Firewall Performance
While dedicated security devices provide in-depth inspection and analysis of network traffic, they are rarely designed to encrypt SSL traffic at high speeds. In fact, some security products cannot decrypt SSL traffic at all. SSL Insight offloads CPU-intensive encryption and decryption tasks from dedicated security devices, boosting application performance.
High performance with SSL Acceleration Hardware
Thunder SSLi, with its powerful SSL security processors, can significantly improve the performance of your critical business applications and services by managing multiple secure connections simultaneously with exceptional SSL CPS rates. With SSL acceleration hardware, Thunder SSLi has near parity performance for the upgrade to 2048-bit key sizes, and has the extreme power needed to handle 4096-bit keys at high performance production levels.
Connection Per Second (CPS) measures the number of new HTTP connections (1 HTTP request per TCP connection, without TCP connection reuse) within 1 second.
A Better Solution for SSL Visibility
SSL Insight offers organizations a powerful load-balancing, high availability and SSL decryption solution. Using SSL Insight, organizations can:
1 NSS Labs, "SSL Performance Problems," https://www.nsslabs.com/reports/ssl-performance-problems
2 Forecast: Information Security, Worldwide, 2012-2018, 2Q14 Update, Gartner
3 Security Leaders Must Address Threats From Rising SSL Traffic, Gartner