Search
Close this search box.
Search
Close this search box.

Tools Challenged by
SSL Decryption?

Eliminate blind spots from your network – your Zero Trust Architecture demands it.

SSL/TLS as a Potential Threat Vector

SSL/TLS encryption is rising as enterprises face more stringent security mandates, need to ensure optimal SEO rankings, deploy more workloads to the cloud and make wider use of software-as-a-service (SaaS) applications. In fact, over 90 percent of internet traffic around the globe is now encrypted.

Unfortunately, encryption isn’t limited to well-meaning parties. Consider that over 2.8 million cyber-attacks in 2018 were hidden in encrypted traffic.[2] Cybercriminals use encryption to conceal malware, hide command-and-control traffic and cloak the exfiltration of stolen data

Given the amount of encrypted traffic, including with the latest TLS 1.3 cryptographic protocol, the threat vector it now poses and the importance of traffic inspection for a Zero Trust Posture, you need a way to efficiently decrypt SSL traffic, share it with tools and then re-encrypt it.

What Is SSL Decryption/TLS Decryption?

To protect vital data, businesses and other organizations implement Transport Layer Security (TLS), commonly referred to as the superseded Secure Socket Layer (SSL), to encrypt data as it is exchanged over IP networks. SSL/TLS creates a secure channel between the server and the end user’s computer or other devices as they exchange information over the internet.

TLS is an industry standard based on a system of trusted rules and certificates issued by certificate authorities and recognized by servers. SSL was replaced by the TLS standard in 2015. In 2018, TLS 1.3 was standardized, which mandates the use of Perfect Forward Secrecy for maximum security. Up to 40 percent of large enterprises have already instituted this latest incarnation.[3]

While protecting data, encryption also blinds network security and application monitoring tools. The decryption of SSL/TLS traffic is crucial for these tools. However, it is extremely computationally intensive and can introduce network latency.

The best architecture minimizes the decryption required to inspect all relevant traffic while offering legal and privacy controls. The centralized approach to decrypting SSL offered by Gigamon — decrypt once and feed all tools — provides such an architecture.

Decrypt Once and Scale Your Security Stack

Overview

SSL decryption is critical to securing today’s enterprise networks due to the significant growth in applications and services using encrypted traffic. Malware increasingly uses SSL/TLS sessions to hide, confident that security tools will neither inspect nor block its traffic. When that happens, SSL/TLS sessions can become a liability, inadvertently camouflaging malicious traffic. In other words, the very technology that makes the internet secure can become a significant threat vector.

Enabling SSL decryption uses the root certificate on client machines, acting as Certificate Authority for SSL requests. This process makes it possible to decrypt, perform a detailed inspection, and then re-encrypt SSL traffic before sending it off to its destination. This helps ensure that only authorized SSL traffic is entering the network, and that malware hidden in SSL/TLS sessions is exposed and dealt with.

GigaSMART Decryption

GigaSMART® SSL/TLS Decryption is a licensed application that enables information security, NetOps and applications teams to obtain complete visibility into SSL/TLS traffic regardless of protocol or application, so that they can monitor application performance, analyze usage patterns and secure their networks against data breaches and threats using encrypted communications. Gigamon supports both inline/man-in-the middle and passive/out-of-band decryption of SSL/TLS, meeting the diverse needs of your organization. Gigamon supports the latest TLS 1.3.