In a tech world of abbreviations, what’s a couple more? PCI DSS, HIPPA, TLS, IPS, SSL/TLS. Speaking about SSL – what’s that all about? Secure Sockets Layer (SSL) deals with the protection of data through a variety of sources. It’s one of the aspects required to encrypt, decrypt and encrypt, again, information to ensure your data – is private, confidential and secure. This is great right? Mostly. As cyber-attacks become more prominent, so do the types of threats. Attackers are weaving stealthy viruses and data exfiltrationattack methods hidden in encrypted traffic, making this security protocol an area that requires a lot more attention and visibility. So, how do you get visibility into encrypted user traffic? And what are your protection strategies?
CHOOSING A PROTECTION STRATEGY
Many organizations allow their malware-scanning and prevention devices to inspect whatever cleartext traffic they can while praying to avoid any malware hidden in encrypted traffic. However, as attackers are increasingly concealing their malicious code in traffic that security devices can’t see, the do-nothing option is a recipe for disaster.
DEPLOY A DECRYPTION AIR GAP
Some security teams use a decryption “air gap,” where they decrypt inbound and outbound traffic before passing it through a daisy chain of security inspection devices and then re-encrypting it.
This solution at least uncovers the hidden malware, which means that security controls can find it. However, it typically creates a red zone where user passwords are transmitted in the clear. A typical air gap also suffers from total outages when in-line security devices fail.
In addition, having the ability to see inside the packets coming into your applications or going out from your network is a great step, but it’s only the first step. Resorting to manual daisy-chaining or configuration to manage decryption/encryption across the entire security stack is tedious.
By applying policy-based decryption and traffic steering to both your inbound and outbound traffic, you can conduct your orchestra of security devices like Herbert von Karajan. A high-performing SSL/TLS orchestration solution improves visibility and protects your apps while increasing the security, efficiency, and resilience of your security stack.
Here’s how it works: outbound traffic flows into your SSL/ TLS orchestration device, which decrypts it. Then, based on a set of customizable rules (such as user or device profile), the unencrypted traffic passes directly to the associated chain of security devices. Traffic is scanned and cleared by the security devices and it goes back to the SSL/TLS orchestration device, which re-encrypts it and sends it on its way. This device can make intelligent decisions to steer inbound and outbound traffic to service chains within the security stack.
THE BENEFITS OF ORCHESTRATION
It’s clear that visibility into encrypted traffic is key to protecting your applications and securing your data. An SSL/TLS orchestration solution can provide high-performance decryption and encryption of outbound TLS traffic—without slowing your traffic down. Orchestration provides policy-based traffic steering to a service chain based on risk and dynamic network conditions.
VISIBILITY INTO ENCRYPTED TRAFFIC
With a robust SSL/TLS solution, you get decryption and re-encryption, as well strong cipher support, all of which allows you to see what’s going on in your encrypted outbound traffic. While visibility is key, it’s also important to have dynamic service chaining and policy-based traffic steering while applying context-based intelligence to encrypted traffic handling.
A solution with a full-proxy architecture gives you more control over, and more flexibility with, different ciphers on either side of the application stack. It also allows, you to monitor and load balance your security devices to ensure that they’re functioning at peak efficiency. You can even skip a device entirely in case of failure, which adds resiliency to your network. The ability to easily integrate with existing and changing architectures, and to centrally manage the SSL/TLS decrypt/encrypt function is also important.
EFFICIENT DYNAMIC SERVICE CHAINING
Perhaps the most significant benefit of orchestrating your SSL/ TLS traffic is the idea of dynamic service chaining, which makes it easy to categorize traffic to intelligently route it to or around inspection devices based on many different factors, including the role of specific users. You can dynamically assign, chain together, and reuse security services on the fly. Adding or removing security services within the chain is a breeze.
This means that you can drive different types of traffic through different security devices and reuse those devices in different chains—or not use them at all. Dynamic service chaining allows you to scale your SSL/ TLS solution, and maximize the usage of your current security devices, by letting them concentrate on the areas in which they can best protect your organization.
Dynamically chaining security devices allows organizations to independently monitor and scale those devices, and intelligently manages decryption across the entire security chain via a contextual classification engine. This reduces administrative costs while using security resources more efficiently.
There’s only one decrypt/re-encrypt process rather than several, and it’s carried out by a high-performance orchestration device that is built for just that purpose. A single platform for unified inspection of next-generation encryption protocols, providing unparalleled flexibility, minimizing architectural changes, and preventing new security blind spots.
By choosing an SSL/TLS solution that provides for centralized management, you can simplify the process of selecting and updating the cipher suites that help secure network connections using SSL/TLS. This drives better performance of your traffic inspection security tools while allowing greater flexibility in managing the ciphers you use in end-to-end encryption. This flexibly integrates into even the most complex architectures, centralizing SSL decrypt/ encrypt functions and delivering the latest encryption technologies across the entire security infrastructure.
If you want to keep your apps, your data, and your organization protected against malware, you can’t afford not to decrypt outbound traffic. The question remains: what’s the best way to gain visibility into that encrypted traffic, without adversely affecting the performance of your apps? F5 SSL Orchestrator. For more information on F5 SSL Orchestrator contact Ingram’s Security Leads – Sherman.Wong@ingrammicro.com and Faysal.Al-Ghoul@ingrammicro.com or visit http://www.ingramcreativeservices.com/cybersecurity/f5/
The question remains, ‘Are You Equipped to Decrypt?’