Tools Challenged by SSL Decryption?

Eliminate blind spots from your network – your Zero Trust Architecture demands it.

visualyze    Watch the first-ever cloud visibility conference anytime, anywhere.   Learn from the experts 

SSL/TLS as a Potential Threat Vector

SSL/TLS encryption is rising as enterprises face more stringent security mandates, need to ensure optimal SEO rankings, deploy more workloads to the cloud and make wider use of software-as-a-service (SaaS) applications. In fact, over 90 percent of internet traffic around the globe is now encrypted.[1]

Unfortunately, encryption isn’t limited to well-meaning parties. Consider that over 2.8 million cyber-attacks in 2018 were hidden in encrypted traffic.[2] Cybercriminals use encryption to conceal malware, hide command-and-control traffic and cloak the exfiltration of stolen data.

Given the amount of encrypted traffic, including with the latest TLS 1.3 cryptographic protocol, the threat vector it now poses and the importance of traffic inspection for a  Zero Trust Posture, you need a way to efficiently decrypt SSL traffic, share it with tools and then re-encrypt it.

What Is SSL Decryption/TLS Decryption?

To protect vital data, businesses and other organizations implement Transport Layer Security (TLS), commonly referred to as the superseded Secure Socket Layer (SSL), to encrypt data as it is exchanged over IP networks. But what is SSL decryption and how does it work? SSL/TLS creates a secure channel between the server and the end user's computer or other devices as they exchange information over the internet and different browsers.

TLS is an industry standard based on a system of trusted rules and certificates issued by certificate authorities and recognized by servers. SSL decryption was replaced by the TLS standard in 2015. In 2018, TLS 1.3 was standardized, which is a policy that mandates the use of Perfect Forward Secrecy for maximum security. Up to 40 percent of large enterprises have already instituted this latest incarnation.[3]

While protecting data, encryption also blinds network security and application monitoring tools. TLS/SSL decryption traffic is crucial for these tools. However, it is extremely computationally intensive and can introduce network latency.

The best architecture minimizes the decryption required to inspect all relevant and active traffic while offering legal and privacy controls. The centralized approach to SSL decrypting offered by Gigamon — decrypt once and feed all tools — provides such an architecture.

Decrypt Once and Scale Your Security Stack

SSL decryption is critical to securing today’s enterprise networks due to the significant growth in applications and services using encrypted traffic. Malware increasingly uses SSL/TLS sessions to hide, confident that security tools will neither inspect nor block its traffic. When that happens, SSL/TLS sessions can become a liability, inadvertently camouflaging malicious traffic. In other words, the very technology that makes the internet secure can become a significant threat vector.

Enabling SSL decryption uses the root certificate on client machines, acting as Certificate Authority for SSL requests. This process makes it possible for  an SSL decryption to decrypt, perform a detailed inspection, and then re-encrypt SSL traffic before sending it off to its destination. This helps ensure that only authorized SSL traffic is entering the network, and that malware hidden in SSL/TLS sessions is exposed and dealt with during SSL decryption.

GigaSMART Decryption

GigaSMART® SSL/TLS Decryption is a licensed application that enables information security, NetOps and applications teams to obtain complete visibility into SSL/TLS traffic regardless of protocol or application, so that they can monitor application performance, analyze usage patterns and secure their networks against data breaches and threats using encrypted communications.  Gigamon supports both inline/man-in-the middle and passive/out-of-band decryption of SSL/TLS, meeting the diverse needs of your organization. Gigamon supports the latest TLS 1.3.

  • SSL/TLS detection on any port or application
  • 10 Mb to 100Gb interface support
  • Decrypt once, share with any tools as many times as you need
  • Strong crypto support including Diffie-Hellman Ephemeral, elliptic curves, Poly1305/ChaCha20
  • Power controls over certificate validation, extending certificate revocation lists and Online Certificate Status Protocol (OCSP)
  • Integration with the Venafi Trust Protection Platform™ to centralize key management and validation
  • Meet privacy and compliance requirements: included support for URL categorization and FIPS 140-2 Level 2 certification

Take advantage of our new bundled GigaSMART apps and stay secure!

Benefits of SSL Decryption on Different Architectures

Firewalls and web security gateways decrypt SSL/TLS traffic but often cannot deliver that decrypted traffic to other monitoring and security tools. Likewise, load balancers are good at terminating SSL/TLS traffic and load balancing to servers but lack the ability to distribute this traffic to multiple inline security tools prior to re-encryption. Lastly, these solutions lack the traffic selection controls to forward non-encrypted traffic at line rate and often send all traffic to the decryption engine, creating performance challenges. Only with Visibility and Analytics Fabric can you get true visibility on different architectures.

capacity GigaSMART® SSL Decryption Firewall Load Balancer Standalone Decryptors
Enhances existing security tools by centralizing and offloading SSL decryption and re-encryption including TLS 1.3. Y/N Y/N Y/N Y/N
Exposes hidden threats, data exfiltration and malware. Y/N Y/N Y/N Y/N
Supports flexible arrangements of inline security tools with automated resiliency against failures. Y/N Y/N Y/N Y/N
Respects data-privacy compliance with policy-based selective decryption. Y/N Y/N Y/N Y/N
Supports service chaining multiple traffic intelligence applications (e.g., packet slicing, masking, de-duplication, Adaptive Session Filtering) Y/N Y/N Y/N Y/N

EBOOK

Encrypted Threats Are Lurking in Your Traffic

Accelerate detection and response with SSL/TLS decryption.

FEATURE BRIEF

SSL/TLS Decryption

Scalable, automatic visibility and management of SSL/TLS traffic.

WHITEPAPER

TLS Versions

What we found after studying 275 billion HTTP and HTTPS live network flows.

Customers Have Saved Millions

See how much you can save with Gigamon.

TCO
SSL Decryption

TRAINING


SSL Decryption

Learn about Gigamon Inline SSL Decryption from the leader in visibility.

See what your peers are talking about in the Gigamon Community

Learn more about SSL/TLS decryption and connect with other Gigamon users to ask questions and share use cases and deployment examples.
 

GigaSMART Features

GigaSMART® offers a number of other essential traffic intelligence services required for active visibility into infrastructure blind spots, including:

NetFlow Generation

Delivering basic Layer 2–4 network traffic data to analysis tools. 

Advanced Flow Slicing

Eliminates these issues by slicing payloads and packets from long data flow.

Source Port Labeling

Provides context to packets and allows tools to properly assess network behavior and threats based on where they are.

Adaptive Packet Filtering

Identifies patterns across any part of the network packet, including the packet payload.

SSL/TLS Decryption

Creates a secure channel between the server and the end user's computer or other devices as they exchange information.

Packet Slicing

Truncates packets while preserving the portion of the packet (the protocol headers) required for network analysis.

Advanced Load Balancing

Divides and distributes traffic among multiple tools, so network and security visibility can scale.

De-duplication

Targets, identifies and eliminates duplicate packets, blocking unnecessary duplication and sending optimized flows.

Masking

Provides customizable data protection by overwriting specific packet fields with a set pattern. 

Tunneling

Alleviates blindness of business-critical traffic at remote sites, virtualized data centers, or hosted in a public cloud.

Application Visualization

Provides a complete view of the applications running on your network automatically.

Application Filtering Intelligence

Extends Layer 7 visibility to thousands of common and proprietary applications.

Application Metadata Intelligence

Empowers your security information and event management and network performance monitoring tools.

GTP Correlation

Enables mobile service providers to monitor subscriber data in GPRS Tunneling Protocol tunnels.

5G Correlation

Intelligently forward subscriber sessions to specific tools by filtering on subscriber, user device, RAN or network slice IDs.

FlowVUE Flow Sampling

Provides subscriber IP-based flow sampling.

SIP/RTP Correlation

Enables enterprises and service providers to monitor VoIP traffic.

GARTNER REPORT

2021 Strategic Roadmap for IT Operations Monitoring

This roadmap identifies aspects of IT monitoring that must evolve to stay relevant through 2025.

Related Pages

Visibility Analytics and Fabric

NETWORK VISIBILITY

Cloud Visibility and Analytics Fabric

Close the cloud visibility gap with a complete solution.

Inline Bypass

TRAFFIC INTELLIGENCE

Inline Bypass

Reduce network downtime in the face of threats.

 

GigaSMART

TRAFFIC INTELLIGENCE

GigaSMART®

Optimize traffic sent to your tools.

Security

USE CASE

Defend the Digital Enterprise

Don't let malware hide in encrypted traffic.

[1] Google. “HTTPS encryption on the web.” Google Transparency Report. Accessed April 25, 2019. https://transparencyreport.google.com/https/overview?hl=en.

[2] SonicWall. "Unmasking the Threats That Target Global Enterprises, Governments & SMBs." SonicWall Cyber Threat Report 2019. https://www.connection.com/brand/sonicwall?cm_sp=Community-_-2019SonicWallCyberThreatReport-4-19-_-2019SonicWallCyberThreatReport2ndHyperLink#2019Report

[3] EMA. "Report Summary: TLS 1.3 Adoption In The Enterprise." January 2019. Paula Musich https://assets.extrahop.com/whitepapers/EMA-ExtraHop-TLS13-2019-RR-SUMMARY.pdf