SSL Visibility Solution

A Dedicated, Universal Device for Encrypted Traffic

Recently, web browsers have started marking sites that don’t encrypt traffic using SSL/TLS as insecure, leading to an increasing need for websites to use encryption. Indeed, studies show an uptick in the rate of adoption of SSL/TLS. Encryption has always been essential for banking websites, but now, most popular news and social sites including Google, Facebook, CNN, and the BBC all use encryption.
SSL/TLS encryption is not only used for websites, but for a great deal of network traffic across a variety of applications. While encryption provides a greater deal of information reliability and security to users, it is not visible to many standard security appliances (IPS, IDS, DLP, ATP etc.) causing networks to be vulnerable to DoS, malware and data exfiltration – serious security concerns. In order to allow existing network security devices to inspect all traffic, a dedicated appliance is a must have.

Reference Architectures

Key Benefits

  • null
    Complete SSL Traffic Visibility for Advanced Threats
    – Complete SSL Traffic Visibility for Advance Threat Response
    – DPI (Deep packet Inspection) engine for decryption of all SSL/TLS traffic on all ports
    – 5-Tuple maintained for Full Transparency
    – TST-based session Transparency & dedicated SSL hardware for high-performance (10G, 20,000 CPS)
    – HTTPS, SMTPS, XMPP, POP3S, IMAPS, FTPS, STARTTLS etc. SSL/TLS based protocol visibility
  • null
    Supports DTZ (Decrypted Traffic Zone)
    – Supports DTZ(Decrypted Traffic Zone) Configuration
    – Existing security devices can be chained and configured as a defined decryption section
    – A central, dedicated device provides decrypted traffic to several devices at once
    – Reduce cost with “One Source – Multi Use”
    – DTZ detects and can bypass faults in connected, internal appliances
  • null
    Analysis and Blocking of Anonymizing Tools
    – Anonymizing programs can be blocked
    – Including Openvpn, Tor, UltraSurf, Zenmate, QUIC etc.
  • null
    No Need to Change or Reconfigure Existing Security Devices
    – Can connect with IPSs, IDSs, SWGs, ATPs etc. without modification to the devices
    – Active and Passive ports supported at the same time (Active-inline, Passive-inline)
    ] Using the Block Message Pass Through feature, security devices can send blocking messages directly to clients
  • null
    Several Deployment Modes
    – Supports Several Deployment Options
    – Active-Active, Active-Standby modes supported (<0.1 second to switch)
    – LLCF(Link Loss Carry Forward) Supported
    – Total management through cluster GUI (1 Management Console – Multi engine)
  • null
    Easy Use and Installation
    – Features an automatic certificate distribution/installation page
    – Intuitive, simple configuration through menus in the user oriented GUI (English/Korean)
    – Help menu provided in Web
    – Whitelisting/Selective non-decryption for protection of PII (Personally Identifiable Information)
  • null
    Detailed Traffic Analysis and Log Search with Reporting
    – Detailed analysis of all traffic – including encrypted traffic – with real-time search
    – SSL Traffic and All Traffic Reports available in PDF and Excel formats