SSL Decryption, Encryption and Inspection with SSL Insight

Threats Can Hide in Encrypted SSL Traffic

To prevent cyber-attacks, enterprises need to inspect incoming and outgoing traffic for threats. Unfortunately, attackers are increasingly turning to encryption to evade detection. With more and more applications using encrypting data- in fact, today, SSL traffic accounts for 25% to 35% of all Internet traffic¹ -organizations that do not inspect SSL communications are providing an open door for attackers to infiltrate defenses and for malicious insiders to steal sensitive data.

The Current State of Insecurity 
Worldwide spending on information security will reach a staggering $71.1 billion in 2014,² as organizations stack up firewalls around their network perimeters and inspect incoming and outgoing traffic with an array of products including secure web gateways, forensic tools, advanced threat prevention platforms, and more.

Unfortunately, as SSL traffic increases, our collective $70+ billion investment in security is falling far short of protecting digital assets. This is because, according to a survey by Gartner, "less than 20% of organizations with a firewall, an intrusion prevention system (IPS) or a unified threat management (UTM) appliance decrypt inbound or outbound SSL traffic."³ This means that for over 80% of organizations, attackers can simply tunnel attacks in SSL traffic to circumvent defenses.

Gain Visibility into Encrypted Traffic with SSL Insight 
SSL Insight, an essential feature in the A10 Thunder Application Delivery Controller (ADC), eliminates the SSL blind spot in corporate defenses and enables security devices to inspect encrypted traffic – not just clear text. Thunder ADC decrypts SSL-encrypted traffic and forwards it to third-party security devices for inspection. Once the traffic has been analyzed and scrubbed, Thunder ADC encrypts it and forwards it to the intended destination. SSL Insight, also known as SSL forward proxy, is a technology consisting of two SSL termination devices that have separate secured sessions between server and client. The adjacent diagram explains the flow.

1. Encrypted traffic from the client is decrypted by the internal, Thunder ADC appliance.
2. Thunder ADC sends the unencrypted data to a security appliance which inspects the data in clear text.
3. The external Thunder ADC encrypts the data and sends it to the server.
4. The server sends an encrypted response to the external Thunder ADC.
5. Thunder ADC decrypts the response and forwards it to the security device for inspection.
6. The internal ADC receives tra¬ffic from the security device, re-encrypts it and sends it to the client.

Because one Thunder ADC appliance can also support multiple, virtual ADCs using A10’s Application Delivery Partition (ADP) technology, customers can deploy a single Thunder ADC appliance to perform both SSL decryption and encryption functions. Therefore, customers can deploy a single appliance to gain visibility into SSL traffic.

Thunder ADC can also decrypt SSL traffic and send it unencrypted to security devices deployed off of network SPAN ports. By mirroring traffic, Thunder ADC allows non-inline security devices to inspect all communications for unauthorized activity.

Protect Critical Assets without Degrading Firewall Performance 
While dedicated security devices provide in-depth inspection and analysis of network traffic, they are rarely designed to encrypt SSL traffic at high speeds. In fact, some security products cannot decrypt SSL traffic at all. SSL Insight, included standard with A10 Thunder ADC, offloads CPU-intensive encryption and decryption tasks from dedicated security devices, boosting application performance.

High performance with SSL Acceleration Hardware 
Thunder ADC, with its powerful SSL security processors, can significantly improve the performance of your critical business applications and services by managing multiple secure connections simultaneously with exceptional SSL CPS rates. With SSL acceleration hardware, Thunder ADC has near parity performance for the upgrade to 2048-bit key sizes, and has the extreme power needed to handle 4096-bit keys at high performance production levels.

Connection Per Second (CPS) measures the number of new HTTP connections (1 HTTP request per TCP connection, without TCP connection reuse) within 1 second. For additional hardware and performance specifications, see the A10 Thunder ADC datasheet.

A Better Solution for SSL Visibility 
SSL Insight, included as a standard feature of Thunder ADC, offers organizations a powerful load-balancing, high availability and SSL decryption solution. Using SSL Insight, organizations can:

• Analyze all network data, including encrypted data, for complete threat protection
• Deploy best-of-breed content inspection solutions to fend off cyber attacks
• Maximize the performance, availability and scalability of corporate networks by leveraging A10’s 64-bit ACOS® platform, Flexible Traffic Acceleration (FTA) technology and specialized security processors

SSL Insight Performance