Tools Challenged by SSL Decryption?

Decrypt and expose malware hiding in encrypted sessions while preserving your security tool performance.

What is SSL Decryption?

SSL Decryption is critical to securing today’s enterprise networks due to the significant growth in applications & services using encrypted traffic. SSL (Secure Sockets Layer) is an industry standard for transmitting secure data over the Internet. It is based on a system of trusted certificates issued by certificate authorities and recognized by servers. In recent years, SSL has evolved to the Transport Layer Security (TLS) standard.

Malware increasingly uses SSL/TLS sessions to hide, confident that security tools will neither inspect nor block its traffic. The very technology that makes the Internet secure can become a significant threat vector.

It is therefore essential to decrypt SSL/TLS traffic while respecting privacy controls. However, decrypting SSL/TLS traffic is extremely compute intensive. Therefore, a network security architecture that replicates SSL/TLS decryption creates performance bottlenecks in multiple security tools.

Decrypt Once and
Scale Your Security Stack

  • SSL/TLS detection on any port or application
  • 1Gb to 100Gb interface support
  • Decrypt once, share with any tools as many times as you need
  • Strong crypto support with Perfect Forward Secrecy (PFS), Diffie-Hellman and its variants, Elliptic Curve ciphers
  • Certificate validation and revocation lists
  • Strong privacy compliance: categorize URL before decryption
     

Overview: SSL/TLS decryption capabilities of the GigaSECURE architecture.

Decrypt and Inspect

Identify hidden threats in both inbound and outbound encrypted traffic while providing greater resiliency of the security infrastructure with integrated Inline Bypass.

Reduce Security Cost

Increase the ROI of existing security tools by eliminating the overhead of decryption on each security tool, allowing each tool to operate at peak performance.

Simplify Operations

Get the operational simplicity of a single point of decryption policy control and key management vs. replicating them across multiple security tools.

Benefits of SSL Decryption on Different Architectures

Traditional inline decryption technologies have limitations over inline decryption on a Security Delivery Platform. Firewalls and web security gateways decrypt SSL/TLS traffic but often cannot deliver that decrypted traffic to other monitoring and security tools. Likewise, load balancers are good at terminating SSL/TLS traffic and load balancing to servers but lack the ability to distribute this traffic to multiple inline security tools prior to re-encryption. Lastly, these solutions lack the traffic selection controls to forward non-encrypted traffic at line rate and often send all traffic to the decryption engine, creating performance challenges.

capacity GigaSMART SSL Decryption Firewall Load Balancer Standalone Decryptors
Enhances existing security tools by centralizing and offloading SSL decryption and re-encryption. Y/N Y/N Y/N Y/N
Exposes hidden threats, data exfiltration and malware. Y/N Y/N Y/N Y/N
Supports flexible arrangements of inline security tools with automated resiliency against failures. Y/N Y/N Y/N Y/N
Respect data privacy compliance with policy-based selective decryption. Y/N Y/N Y/N Y/N
Service chain multiple traffic intelligence applications (e.g. packet slicing, masking, de-duplication, Adaptive Session Filtering). Y/N Y/N Y/N Y/N

Feature Brief

SSL/TLS Decryption

White Paper

Use SSL Decryption to thwart hidden threats.

ESG Research

Improve resiliency with Inline Protection.

On-Demand Webinar

New Approach to SSL Decryption: Learn the most effective way to expose hidden threats.

Have Questions?

We're here to help you find the right security solution for your business.

Learn How to Use SSL Decryption

SSL Decryption Solutions (26:41)

WATCH NOW



SSL Decryption Demo (08:33)

WATCH NOW

URL Categorization Demo (18:47)

WATCH NOW

Inline Data Arrangements (25:18)

WATCH NOW

Training: SSL Decryption

Learn about Gigamon Inline SSL Decryption from the leader in visibility.

Take the Next Step

contact us

Speak to an Expert

Our experts are here to answer all your questions. We can help you make the best out of SSL decryption, and secure your network with pervasive visibility into physical, virtual and cloud environments.