TECH TALK
AS THE NUMBER OF SSL KEY AND CERTIFICATE PAIRS GROWS , CERTIFICATE MANAGEMENT BECOMES MORE CHALLENGING . ORGANISATIONS CONSTANTLY ADD , REMOVE OR REDEPLOY SERVERS TO MEET BUSINESS NEEDS . THIS FLUID AND DYNAMIC ENVIRONMENT MAKES IT DIFFICULT FOR ORGANISATIONS TO ACCOUNT FOR ALL SSL CERTIFICATES AT ANY GIVEN TIME ...
evaluating SSL inspection performance , IT security teams should :
• Test SSL inspection speeds with 2048- bit and 4096-bit SSL keys .
• Evaluate a mix of traffic with Diffie- Hellman and elliptic curve ciphers .
• Ensure that the SSL inspection platform can handle throughput requirements , with extra headroom for traffic peaks .
• Analyze appliance performance with essential security and networking features enabled . Testing SSL decryption speeds without considering
Those organisations that thoroughly evaluate performance benchmarks should be able to avoid surprises in their production environments .
Satisfy compliance requirements Privacy and regulatory concerns have emerged as one of the top hurdles preventing organisations from inspecting SSL traffic . While IT security teams have deployed a wide array of products to detect attacks , data leaks and malware – and rightfully so – they must walk a thin line between protecting employees and intellectual property , and violating employees ’ privacy rights . To address regulatory requirements like HIPAA , Payment Card Industry Data Security
Standard ( PCI DSS ) and Sarbanes- Oxley ( SOX ), an SSL inspection platform should be able to bypass sensitive traffic , like traffic to banking and healthcare sites . By bypassing sensitive traffic , IT security teams can rest easy knowing that confidential banking or healthcare records will not be sent to security devices or stored in log management systems .
Support heterogeneous networks with diverse deployment and security requirements Organisations must contend with a wide array of security threats from external actors and from disgruntled employees . To safeguard their digital assets , organisations have deployed an ever increasing number of security products to stop intrusions , attacks , data loss , malware and more .
Some of these security products are deployed inline , while others are deployed non-inline as passive network monitors . Some analyse all network traffic , whereas others focus on specific applications , like web or email protocols . However , virtually all of these products need to examine traffic in clear text in order to pinpoint illicit activity .
As a result , SSL inspection platforms should interoperate with a diverse set of security products from multiple vendors . They should support transparent deployment and be able to route traffic from one security device to another with traffic steering .
Maximise the uptime and the overall capacity of security infrastructure Organisations depend on their security infrastructure to block cyber attacks and prevent data exfiltration . If their security infrastructure fails , threats may go undetected and users may be unable to perform business-critical tasks , resulting in loss of revenue and brand damage . Most firewalls today can granularly control access to applications and detect intrusions and malware . Unfortunately , analysing network traffic for network-borne threats is a resource-intensive task . While firewalls have increased their capacity over time , they often cannot keep up with network demand , especially when multiple security features like IPS , URL filtering and virus inspection are enabled . Therefore , SSL inspection platforms should not just offload SSL processing from security devices . They should also maximise the uptime and performance of these devices .
Securely manage SSL certificates and keys Whether providing visibility to outbound or inbound SSL traffic , SSL inspection devices must securely manage SSL certificates and keys . SSL certificates and keys form the basis of trust for encrypted communications . If they are compromised , attackers can use them to impersonate legitimate sites and steal data .
When SSL inspection devices are deployed in front of corporate applications to inspect inbound traffic , they may need to manage tens , hundreds or even thousands of certificates . As the number of SSL key and certificate pairs grows , certificate management becomes more challenging . Organisations constantly add , remove or redeploy servers to meet business needs . This fluid and dynamic environment makes it difficult for organisations to account for all SSL certificates at any given time and ensure that certificates have not expired .
In conclusion , privacy concerns are propelling SSL usage higher . Businesses face increased pressure to encrypt application traffic and keep data safe from hackers and foreign governments . In addition , because search engines such as Google rank HTTPS websites better than standard websites , application owners are clamouring to encrypt traffic . But IT security teams face their own set of challenges as they tackle threats like cyber attacks and malware – threats that can use encryption to bypass corporate defences . If they wish to prevent devastating data breaches , they must gain insight into SSL traffic . And to accomplish this goal , they need a dedicated SSL inspection platform .
80 INTELLIGENTCIO www . intelligentcio . com