DDoS Detection, Mitigation, Orchestration, and Threat Intelligence
Consolidated Security & CGNAT
TLS/SSL Inspection
Web Application Firewall
Application Security & Load Balancing
Analytics & Management
CGNAT & IPv6 Migration
Bad actors and malicious insiders are concealing threats in encrypted traffic, like malware, in an attempt to steal sensitive data. In fact, it is predicted that as much as 70% of cyberattacks will use encryption as part of their delivery mechanism by 2019.
Meanwhile, the use of encryption is growing rapidly. The latest data shows 85 percent of the internet in North America is encrypted today, creating a gaping blind spot that’s ripe for malware exploitation.You may expect your next generation firewall (NGFW) to protect you from these hidden malware attacks, but almost 2/3’s of organizations are not able to decrypt and inspect their SSL/TLS traffic. In a world that relies increasingly on encrypted traffic, letting traffic pass through firewalls without inspection can expose your business, customers, and partners to danger.
NGFWs can often inspect traffic by analyzing the application layer. However, NGFWs usually rely on deep-packet inspection (DPI) to perform this work, which causes devices to redline because DPI is a CPU-intensive task. A rise in the use of increased key lengths and more complex ciphers means that general purpose CPUs find it significantly harder to keep up with the amplified performance requirements. The result is a quantifiable performance degradation. The average performance loss according to NSS across NGFWs that are trying to perform decryption and re-encryption of SSL/TLS encrypted traffic is 60 percent with a maximum of 95%. This is quite a significant impact to your security infrastructure performance!In addition, NGFWs often can’t pass the results of decryption activities to other devices. That’s a problem if you are using a Defense in Depth strategy or using firewalls from multiple vendors. You could end up decrypting and re-encrypting your traffic many times as it moves through your security environment. The performance degradation resulting from these repeated activities ripples throughout your infrastructure – building up to a bad user experience. When you feel this type of impact, you may decide to turn off inspection to preserve the quality of your end user experience. However, you could end up trading a better user experience for bad user security.
What you need is an agnostic security tool that lets you inspect traffic in clear text while also enhancing the performance of your existing security infrastructure – prolonging its life span in the process.So how do you do this? Your business’s best defense against malicious encrypted traffic is to make sure you have a dedicated SSL/TLS inspection platform in place that meets the following critical criteria.
Relying on a system that doesn’t meet these six requirements can open your organization up to deployment pitfalls — and incoming threats.
A10’s Thunder® SSLi® is a purpose-built decryption solution that eliminates the SSL/TLS blind spot, providing full visibility into your encrypted traffic. This increases your security effectiveness at a fraction of the cost by offloading CPU-intensive SSL/TLS operations from your existing security solutions. With dedicated SSL hardware, Thunder SSLi boosts the performance of your existing security infrastructure, decrypting traffic and forwarding it to one or more of your security devices, allowing them to operate at their peak performance. This dramatically reduces any performance degradation or latency introduced by your security infrastructure.
With dedicated SSL acceleration hardware, SSLi delivers high performance with 2048-bit and 4096-bit key sizes while supporting multiple cipher suites including Elliptic-Curve Cryptography (ECC) for perfect forward secrecy (PFS) support.
SSLi also helps to ensure that your security deployments’ compliancy is met with the continually evolving data protection and privacy standards, rules and regulations such as the EU’s General Data Protection Regulation (GDPR) and the healthcare industry’s HIPAA Privacy Rule, avoiding hefty fines.
With SSLi’s step-by-step configuration wizards, troubleshooting wizards and customized dashboards, you can operationalize your SSLi device and gain real-time, actionable insights. For multi-site deployments, A10’s Harmony Controller SSLi app provides a centralized analytics and management console with rich insights into traffic decryption status, user behavior and traffic pattern analysis in an easy-to-consume format.A10’s Thunder SSLi provides a compelling and scalable enterprise security solution that will not only arm your existing security infrastructure for today’s cyber threat landscape, but will future-proof your enterprise security infrastructure to defend against the growing cyber threats, without compromising your network’s performance.
Seeing is believing. Schedule a live demo today.
