Tools Challenged by SSL Decryption?
Eliminate blind spots from your network – your Zero Trust Architecture demands it.
SSL/TLS as a Potential Threat Vector
The use of SSL/TLS encryption is increasing as enterprises strive to meet increasingly stringent security mandates, while trying to ensure optimal SEO rankings, deploy more workloads to the cloud and make wider use of software-as-a-service (SaaS) applications. To put this challenge into perspective, 95 percent of internet traffic around the globe is now encrypted.[1]
Unfortunately, encryption isn’t limited to well-meaning parties. Consider that over 3.3 million cyber-attacks in 2022 were hidden in encrypted traffic and that cybercriminals are using encryption to conceal malware, hide command-and-control traffic and cloak the exfiltration of stolen data.
Given the amount of encrypted traffic, including with the latest TLS 1.3 cryptographic protocol, the threat vector it now poses and the importance of traffic inspection for a Zero Trust posture, you need a way to efficiently decrypt SSL traffic, share it with tools and then re-encrypt it.
WEBINAR
Understanding TLS Decryption: Getting It Right
What Is SSL/TLS Decryption?
To protect vital data, enterprises and other organizations implement Transport Layer Security (TLS), commonly referred to as the superseded Secure Socket Layer (SSL), to encrypt data as it is exchanged over IP networks. But what is SSL decryption and how does it work? SSL/TLS creates a secure channel between the server and the end user's computer or other devices as they exchange information over the internet and different browsers.
TLS is an industry standard based on a system of trusted rules and certificates issued by certificate authorities and recognized by servers. SSL decryption was replaced by the TLS standard in 2015. In 2018, TLS 1.3 was standardized, which is a policy that mandates the use of perfect forward secrecy for maximum security. About 20 percent of corporate internet traffic is now on TLS 1.3.[3]
While protecting data, encryption also blinds network security and application monitoring tools. TLS/SSL decryption traffic is crucial for these tools. However, it is extremely computationally intensive and can introduce network latency.
The best architecture minimizes the decryption required to inspect all relevant and active traffic while offering legal and privacy controls. The centralized approach to SSL decrypting offered by Gigamon — decrypt once and feed all tools — provides such an architecture.
Decrypt Once and Scale Your Security Stack
SSL decryption is critical to securing modern enterprise networks due to the exponential growth in applications and services using encrypted traffic. Malware increasingly utilizes SSL/TLS sessions to hide, betting that security tools will neither inspect nor block its traffic. When that occurs, SSL/TLS sessions can become compromised and inadvertently camouflage malicious traffic. Said another way, the very technology that makes the internet secure can be effectively used as a significant threat vector.
Enabling SSL decryption uses the root certificate on client machines, acting as certificate authority for SSL requests. This process makes it possible for SSL decryption to decrypt, perform a detailed inspection, and then re-encrypt SSL traffic before sending it off to its destination. This helps ensure that only authorized SSL traffic is traversing the network, and that malware hidden in SSL/TLS sessions is detected and remediated within the SSL decryption process.
GigaSMART Decryption
GigaSMART® SSL/TLS Decryption is a licensed application that enables information security, NetOps and applications teams to obtain deep observability into SSL/TLS traffic regardless of protocol or application, so that they can monitor application performance, analyze usage patterns and secure their networks against data breaches and threats using encrypted communications. Gigamon supports both inline/man-in-the middle and passive/out-of-band decryption of SSL/TLS, meeting the diverse needs of your organization. Gigamon supports the latest TLS 1.3.
- SSL/TLS detection on any port or application
- 10 Mb to 100Gb interface support
- Decrypt once, share with as many tools as often as needed
- Strong crypto support including Diffie-Hellman Ephemeral, elliptic curves, Poly1305/ChaCha20
- Power controls over certificate validation, extending certificate revocation lists and Online Certificate Status Protocol (OCSP)
- Integration with the Venafi Trust Protection Platform™ to centralize key management and validation
- Meet privacy and compliance requirements: included support for URL categorization and FIPS 140-2 Level 2 certification
Take advantage of our new bundled GigaSMART apps and stay secure!
Benefits of SSL Decryption on Different Architectures
Firewalls and web security gateways decrypt SSL/TLS traffic but often cannot deliver that decrypted traffic to other monitoring and security tools. Likewise, load balancers are good at terminating SSL/TLS traffic and load balancing to servers but lack the ability to distribute this traffic to multiple inline security tools prior to re-encryption. Lastly, these solutions lack the traffic selection controls to forward non-encrypted traffic at line rate and often send all traffic to the decryption engine, creating performance challenges. Only with the Gigamon Hawk Deep Observability Pipeline can you get true visibility on different architectures.
| GigaSMART® SSL Decryption | Firewall | Load Balancer | Standalone Decryptors | |
|---|---|---|---|---|
| Enhances existing security tools by centralizing and offloading SSL decryption and re-encryption including TLS 1.3. |  |
 |
|
|
| Exposes hidden threats, data exfiltration and malware. | |
|
|
|
| Supports flexible arrangements of inline security tools with automated resiliency against failures. | |
|
|
|
| Respects data-privacy compliance with policy-based selective decryption. | |
|
|
|
| Supports service chaining multiple traffic intelligence applications (e.g., packet slicing, masking, de-duplication, Adaptive Session Filtering) | |
|
|
|
2022 TLS TRENDS DATA
Gigamon Analysis Exposes Risks of Encryption
We reviewed 1 trillion+ HTTP and HTTPS live network flows. Here’s what we found.
FEATURE BRIEF
SSL/TLS Decryption
Scalable, automatic visibility and management of SSL/TLS traffic.
WHITE PAPER
TLS Versions
What we found after studying 275 billion HTTP and HTTPS live network flows.
Dive Deeper
See what your peers are talking about in the Gigamon Community
SSL Decryption Training
Learn about Gigamon Inline SSL Decryption from the leader in visibility.
"So I ended up doing a proof of concept of the Gigamon solutions in our production environment and had it up and running in half a day. The Gigamon documentation on VMware and SSL decryption was easy to follow and understand."
“Gigamon is traditionally thought of as a network efficiency platform, but the underlying technology has radical implications in cybersecurity as well. Visibility of encrypted packets is more of a must-have than a like-to-have, and intelligent traffic handling is a requisite in optimizing bandwidth and reducing storage costs.”
Take a Gigamon Tour
See the tech. Touch the tech.
Related Pages
[1] Google. “HTTPS encryption on the web.” Google Transparency Report. Accessed July 30, 2022. https://transparencyreport.google.com/https/overview?hl=en.
[2] SonicWall. 2022 SonicWall Cyber Threat Report. https://www.sonicwall.com/2022-cyber-threat-report/
[3] Gigamon. " 2022 TLS Trends Report " August 2022. https://www.gigamon.com/resources/resource-library/white-paper/wp-2022-tls-trends-research.html
サポートを受ける
- ©Gigamon 2023