Gigamon Deep Observability Pipeline

Supercharge your observability tools with actionable network-level intelligence to realize the transformational promise of the cloud.

LEARN MORE

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

TRAFFIC INTELLIGENCE

From the Core to the Cloud, See it All

Simplify, secure and scale your hybrid cloud infrastructure to accelerate digital innovation.

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

INDUSTRY

A Thriving Partner Ecosystem

Gigamon reseller and integration partners design, implement and optimize best-of-breed and validated joint solutions.

FIND A PARTNER

NOT A PARTNER?

ALREADY A PARTNER?

Proven Support and Services

Our global support team is committed to creating experiences of unmatched quality, scalability and efficiency.

OVERVIEW

GET SUPPORT

VÜE COMMUNITY

voice of the customer

Gigamon serves the world's more demanding enterprises and public sector agencies, enabling them to harness actionable network-level intelligence to amplify the power of their cloud, security and observability tools.

CUSTOMERS

cegedim

Cegedim.cloud

Improves cloud infrastructure and visibility

 

Five9

Five9

Delivers Cloud-Powered Contact Center Excellence

DoD

Department of Defense

Confidently feeds different tool sets in the physical and virtual world.

 

Resource Library

Your one-stop hub to explore content resources and stay current on the latest in how to amplify the power of your cloud, security and observability tools.

RESOURCES

def-guide

Achieve Hybrid Cloud Observability

Strengthen visibility and security.

deep observability

Observability is Key to Transformation

Unleash cloud potential with deep observability.

ebook

Deep Observability eBook

Take your security and observability tools to a whole new level.

WHY GIGAMON

Gigamon offers an advanced deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of your cloud, security and observability tools.

LEARN MORE

IN THE NEWS

COMPANY INFORMATION

Deep Observability

Unseen Threats Can Lurk in Your Midst

Deep observability exposes previously unseen threats.

GPTW

Join the Team

Become a part of the OneGigamon team. Search for your next opportunity.

SHARE
Networking / April 24, 2019

Seven Commandments and Two Sins of SSL Decryption

Haider Jarral  

The Seven Commandments

1. Know Thy Traffic

First, before deploying any SSL decryption solution, be aware of the total volume of traffic in your network and the amount of traffic that is SSL encrypted. A good free tool is NTOPNG, which can give you insight into your network.

Figure 1. NTOPNG shows how much of your traffic is encrypted.

Second, know how and where your traffic is traversing the network. For an SSL solution to work flawlessly, it needs to see both directions of the traffic. Asymmetric traffic can cause incomplete SSL decryption if all traffic is not combined and fed to the solution.

Figure 2. Symmetric and asymmetric traffic.

2. Know Thy Direction

It’s important to know which traffic needs to be decrypted. Either you’re hosting on-premises web applications that are accessed internally or externally, or you want to decrypt all the traffic leaving your network.

Each case requires different techniques for on-premises web applications. In the first scenario, you’ll need a private key for decryption; for outbound traffic only, you’ll need to use man-in-the-middle (MITM) decryption.

Figure 3. Have the right keys.

3. Know Thy Limits

Different solutions offer different SSL decryption capacity for inbound or outbound traffic. It’s important to know how much traffic can be decrypted by a solution based on the active number of connections and volume of SSL traffic.

Figure 5. Comparing traffic capacity of two tools. (Source)

4. Know Thy Needs

Once you have traffic decrypted, where do you need to steer that traffic? Does just one tool need to see decrypted traffic, or multiple tools?  

5. Know Thy Priorities

Many security tools and firewalls offer an SSL decryption solution, but that sometimes impairs their primary function. In these cases, enabling SSL decryption can cause high CPU usage, degrading the tool’s ability to inspect or block traffic.

According to NSS Labs Test Reports,1 there was a 92 percent drop in the average connection rate of the products that perform SSL decryption, with connection degradation from 84 percent to 99 percent.

  • Latency in the average application response time of the tested products increased by 672 percent, with latency ranging from 99 percent to 2,910 percent
  • There was a 60 percent drop in the average throughput of the tested products, with throughput degradation ranging from 13 percent to 95 percent
  • Not all tested products support the top 30 cipher suites of the Alexa Top 1 Million (as of December 31, 2017)
  • Some tested products support emergent ciphers

6. Know Thy Growth

SSL decryption may be easy to configure for your current setup, but what happens if your traffic volume grows? How easy it would be to scale your SSL decryption solution over time, and what would be the cost impact?

Figure 6. Encrypted web traffic increased 25 percent between 2016 and 2019. (Source)

7. Know Thy Solutions

Do your research when deploying SSL decryption solutions. Different solutions offer varied performance with different ciphers. Some solutions are easier to deploy or scale better than others. Thoroughly research available solutions and their pros and cons.

And the Two Sins

1. Thou Shall Not See What’s Not Meant to Be Seen

While seeing all decrypted traffic may be good for security, decrypting financial and health data violates privacy laws. The solution must have the ability to distinguish data that needs to be decrypted from data that shouldn’t be decrypted.

Figure 7. Selective decryption by application category. (Source)

2. Thou Shall Not Cause Outages

No matter how much a solution is tested in a lab environment, the production environment is different. The solution should be easy to bypass in the event of a catastrophe.

Join the Gigamon Community for advice and tips on computer networks and cybersecurity.

Continue the Discussion

People are talking about this in the Gigamon Community’s
Security group. Share your thoughts today.

1. NSS Labs. “NSS Labs Expands 2018 NGFW Group Test with SSL/TLS Security and Performance Test Reports.” AP News. July 24, 2018. Accessed April 23, 2019. https://www.apnews.com/b1f6dad7186f119dae4e150ba7d419e4.

  • © Gigamon 2024
Back to top