SSL-encrypted Traffic—An Easy Vehicle for Cybersecurity Attacks
SSL-encrypted traffic is exploding due to the enterprise-wide usage of cloud computing, secure e-commerce, Web 2.0 applications, email, and VPNs. Surveys show 25-35% of enterprise traffic is SSL-encrypted, and this number is up to 70% for select verticals. If not managed properly, SSL can leave a hole in any enterprise security architecture. Existing approaches to SSL-encrypted traffic range from passing everything to blocking everything. In some cases, companies deploy host-based IPS systems or install proxy SSL solutions, which can effectively inspect SSL but suffer from bottleneck issues and reduced network performance.
Decrypts SSL Traffic at up to 4.5Gbps Line Rate
The Sourcefire SSL Appliances decrypt SSL traffic and send it to existing security and network appliances via dedicated Ethernet links. This enables existing IPS appliances to identify risks normally hidden by SSL such as regulatory compliance violations, viruses, malware, data loss, and intrusion attempts. Once the SSL traffic has been inspected and approved, the SSL Appliances place the SSL-encrypted traffic back on the network for its final destination—all with minimal latency and without altering SSL packets.
Operates Transparently on Network
You can deploy the Sourcefire SSL Appliances as a transparent proxy to detect SSL sessions on all ports, not just the traditional port 443. It can run as a “bump-in-the-wire” and does not require network configuration, IP addressing or topology changes, or modification to client IP and web browser configurations. Further, transparent SSL proxies see all network traffic, not just SSL, and have the ability to cut-through non-SSL flows.
Supports Passive and Inline Configurations
Sourcefire SSL Appliances support both passive and inline configurations. When deployed passively, it sends traffic to a Sourcefire IPS also running in passive mode. Passive deployment is most useful for gaining full visibility into network traffic and what vulnerabilities may be exploited. The SSL Appliances can also be deployed inline as a “bump-in-the-wire” and operate with an IPS running in either passive or inline mode. When both the SSL Appliance and the IPS are deployed inline, they can block malicious exploit traffic. Sourcefire SSL Appliances are available with a range of interface options, which all include a programmable fail-open capability.
Passive IDS Configuration
Inline IPS Configuration
The SSL Appliances are also versatile enough to inspect SSL traffic in both inbound and outbound configurations. With inbound SSL inspection, the appliance inspects traffic destined for an enterprise’s web servers hosting SSL applications. With outbound SSL inspection, the appliance inspects SSL application traffic destined outside of the enterprise, such as Google Gmail traffic.