SSL Encryption: No Longer A Double-Edged Sword
Encryption has been a bit of a double-edged sword. While the SSL/TLS protocol is perfect for protecting privacy, it’s also perfect for hiding threats (e.g., command-and-control attacks, data exfiltration exploits, etc.). A conundrum for sure, but one that’s about to see a significant change—for the better.
For various reasons, the topic of SSL decryption has become a hot issue in many organizations as security teams grapple with some very difficult operational challenges today. Some examples:
- How does one detect encrypted command-and-control (C&C) communications with an internally infected host?
- How do organizations understand the risk posed by inappropriate use of Software-as-a-Service (SaaS) offerings (e.g., risk of proprietary/confidential information being uploaded to a file-sharing website)?
- How do SSL inspection mechanisms adapt to newer ciphers that require inline SSL decryption support?
- How does one implement a scalable approach to manage encrypted traffic in a world when a significant percentage of traffic is encrypted?
- How do out-of-band operational tools (that significantly outnumber inline tools) decrypt traffic or get a feed of decrypted traffic in the context of all of the above?
These are the questions Gigamon sought to answer when we introduced our new SSL/TLS decryption solution. With new inline capabilities, the solution is set to bring enhanced visibility into encrypted data-in-motion across enterprise networks. How? By feeding decrypted traffic-of-interest to the appropriate security tools for immediate analysis and remediation.
For SecOps teams who are challenged to manage increasing volumes of encrypted traffic, this is BIG news! They can now avoid repetitive decryption/re-encryption of SSL sessions by tools not purpose-built for decryption and circumvent unnecessary appliance sprawl and its related costs, complexity, and potential to introduce latency. SSL decryption is an inherently compute-intensive function; so by centralizing this function in the Gigamon Visibility Platform, the processing capacity of security tools can be freed to focus on their primary functions.
Specifically, the solution offers a new GigaSMART traffic intelligence application that supports both inline and out-of-band decryption using ciphers such as Diffie-Hellman (DH), Diffie-Hellman Ephemeral (DHE), Perfect Forward Secrecy (PFS), and Elliptic Curve (to name a few). Again, for SecOps, this could prove revelatory in supporting large encrypted traffic volumes with a “decrypt once and feed to multiple tools” design for improved scale and resiliency.
Inline SSL decryption represents a strategic technology evolution that expands the benefits of the Gigamon Visibility Platform. Organizations can now create a centralized “decryption zone” that facilitates management of growing SSL/TLS traffic volumes by giving security tools newfound visibility into formerly encrypted traffic and threats.
Check out our solution page and new series of videos to learn more about our SSL decryption technology and how it further helps organizations see, manage, secure, and understand what matters across their network environments.