Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Solera Networks and Netronome Team Up to Decrypt and Record SSL Traffic

SSL is a key component of Internet security and brings significant privacy and security to end users, but at the same time is creating a significant challenge for IT security departments and making enterprises more vulnerable to threats and data loss.

Solera Networks

SSL is a key component of Internet security and brings significant privacy and security to end users, but at the same time is creating a significant challenge for IT security departments and making enterprises more vulnerable to threats and data loss.

Solera Networks

Solera Networks, a network forensics solutions provider, today announced that it has teamed up with Netronome, a provider of high performance SSL decryption solutions, to offer a combined solution that decrypts SSL traffic and sends all network traffic to Solera DS Appliances for complete capture, allowing administrators to instantly reconstruct any network security event.

Encrypted SSL sessions typically bypass most security protections offered by many firewalls, intrusion detection systems, and DLP systems, creating a blind spot in enterprise networks. According to a report released in May 2011 by Palo Alto Networks, more than 40% of the 1,042 applications that were identified on enterprise networks in the study, could use SSL or hop ports to increase their availability within corporate networks.

A representative of Solera Networks presented SecurityWeek with an interesting real-world scenario to compare how SSL network traffic can pose a significant risk to an organization: “It’s as if a guy speaking Albanian walks up to you and says he’s going to kill you, but you don’t understand Albanian, so you ignore him and his weapon; he still shoots you.” Essentially, if you don’t know what’s passing through your network due to traffic being encrypted via SSL, how do you know if malicious events are occurring?

“We’re seeing increased use of encryption to mask the true nature of malicious traffic,” said Steve Shillingford, President and CEO of Solera Networks. “To effectively respond to these scenarios, you must know how the attacker got in, what they saw, what they took, and what they left behind. Our partnership with Netronome now insures that even encrypted traffic is available for inspection during this effort.”

Solera DS Appliances classify, index, and store all data that passes through networks, currently at speeds up to 10Gbps. Once network traffic is captured, Solera’s Appliances can:

• Provide full visibility into any network activity or security event

Advertisement. Scroll to continue reading.

• Help security professionals quickly discover attacks

• Deliver evidence of the depth and scope of an attack

• Speed up incident investigations and root cause analysis

• Deter acceptable use violations with full view and replay of user’s network activity

“One of the top questions we get from customers is how they can gain visibility into what is happening within their encrypted traffic,” said Mike Simon, President SNR Systems, a major supplier of secure telecommunications systems to the US Federal Government. “By combining the Netronome SSL Solution with Solera Networks DS Appliances, we give the customer confidence that they are truly seeing everything happening on the network and have the historical record that is critical to taking appropriate action.”

The Netronome SSL Inspector appliance can be deployed alongside existing security appliances in networks ranging from 100Mbps to 10Gbps. The SSL Inspector provides policy-driven access to the contents of encrypted communications, helping to increase the protection provided other security appliances.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...