SSL is a key component of Internet security and brings significant privacy and security to end users, but at the same time is creating a significant challenge for IT security departments and making enterprises more vulnerable to threats and data loss.
Solera Networks, a network forensics solutions provider, today announced that it has teamed up with Netronome, a provider of high performance SSL decryption solutions, to offer a combined solution that decrypts SSL traffic and sends all network traffic to Solera DS Appliances for complete capture, allowing administrators to instantly reconstruct any network security event.
Encrypted SSL sessions typically bypass most security protections offered by many firewalls, intrusion detection systems, and DLP systems, creating a blind spot in enterprise networks. According to a report released in May 2011 by Palo Alto Networks, more than 40% of the 1,042 applications that were identified on enterprise networks in the study, could use SSL or hop ports to increase their availability within corporate networks.
A representative of Solera Networks presented SecurityWeek with an interesting real-world scenario to compare how SSL network traffic can pose a significant risk to an organization: “It’s as if a guy speaking Albanian walks up to you and says he’s going to kill you, but you don’t understand Albanian, so you ignore him and his weapon; he still shoots you.” Essentially, if you don’t know what’s passing through your network due to traffic being encrypted via SSL, how do you know if malicious events are occurring?
“We’re seeing increased use of encryption to mask the true nature of malicious traffic,” said Steve Shillingford, President and CEO of Solera Networks. “To effectively respond to these scenarios, you must know how the attacker got in, what they saw, what they took, and what they left behind. Our partnership with Netronome now insures that even encrypted traffic is available for inspection during this effort.”
Solera DS Appliances classify, index, and store all data that passes through networks, currently at speeds up to 10Gbps. Once network traffic is captured, Solera’s Appliances can:
• Provide full visibility into any network activity or security event
• Help security professionals quickly discover attacks
• Deliver evidence of the depth and scope of an attack
• Speed up incident investigations and root cause analysis
• Deter acceptable use violations with full view and replay of user’s network activity
“One of the top questions we get from customers is how they can gain visibility into what is happening within their encrypted traffic,” said Mike Simon, President SNR Systems, a major supplier of secure telecommunications systems to the US Federal Government. “By combining the Netronome SSL Solution with Solera Networks DS Appliances, we give the customer confidence that they are truly seeing everything happening on the network and have the historical record that is critical to taking appropriate action.”
The Netronome SSL Inspector appliance can be deployed alongside existing security appliances in networks ranging from 100Mbps to 10Gbps. The SSL Inspector provides policy-driven access to the contents of encrypted communications, helping to increase the protection provided other security appliances.