You wouldn’t invest in a high-tech alarm system for your home then leave your front door wide open. So, why are we doing this with our networks? As CEO of Corsa, I see a glaring risk in the security industry at the moment and it’s what I call the SSL inspection gap. In this blog post I’ll explain what that is and how we got here, but let me summarize it like this: the SSL inspection gap is the point where an enterprise can’t keep up with decrypting incoming traffic while maintaining their network’s performance, so they opt to let traffic through unchecked in order to speed up their network.
A Perfect Storm
The demand for increased bandwidth in enterprises is skyrocketing, driven by trends like cloud adoption and mobility. Along with higher amounts of data, the traffic mix is also evolving, with live streaming now representing a larger proportion of traffic. With IoT and 5G, this traffic is only going to increase. To meet the demand, many enterprises are increasing the capacity of their networks by moving from 10 Gbps link to 100 Gbps links.
At the same time, SSL/TLS adoption is growing at an exponential rate, with at least 70% of traffic on the Internet encrypted. While encryption is undoubtedly a good thing for security, network and security architects are faced with the daunting challenge of inspecting this encrypted traffic, while maintaining performance on a much higher capacity network.
The trade-off is to decrypt and lose performance, or to maintain performance but not see all your traffic. In other words, you either decrypt and inspect all the traffic, slowing down your network to unacceptable levels, or you open up your firewall to maintain performance, meaning incoming traffic remains encrypted and unchecked, which makes your enterprise vulnerable to cyberattacks. Sophisticated cybercriminals are aware of this inspection gap and they’re using encrypted traffic to obscure their presence and evade detection.
What is the SSL inspection gap?
The scope of this challenge is even greater when protecting high capacity networks. Most enterprises attempt to minimize threats by using a firewall. However, while networks and the traffic mix has developed, network security technology has simply not kept up. For example, a firewall can handle less than 10% of encrypted traffic.
Let’s break this down into real numbers. With a 100Gbps link and the typical 50% redundancy built in, an enterprise would expect to see traffic of about 45Gbps. Based on the 70% encryption rate, 32Gbps of this will be encrypted. Current security appliances aren’t designed to simultaneously decrypt and inspect traffic, with studies showing that throughput for devices drops by 92% when SSL/TLS inspection is enabled.
For enterprise networks, security is hardwired into the network path, and making changes to network security infrastructure often requires redesign of the network and installation of a new firewall. Many enterprises feel under pressure to invest in a bigger security appliance but this is expensive and inflexible. It will only address growth in the short term. What will you do when bandwidth demands jump again? Purchasing ever bigger and bigger security appliances is unsustainable. The reality is, most enterprises simply don’t encrypt, meaning a high level of traffic forwarded is unchecked. This is a significant and unacceptable risk.
A new approach
We clearly have a model that is broken. The challenge is to scale security for the rapidly changing network volumes/traffic mix and encryption, preferably in an economical way. Buying a bigger, more expensive box is a band aid.
A new problem requires a new approach. In order to reduce security breaches, we need a solution which provides complete visibility for 100% of encrypted traffic, without sacrificing network performance or blowing your budget with a bigger firewall. We also need to ensure solutions can scale for future growth, allowing for SSL/TLS visibility to 10Gbps, 100Gbps and beyond. Enterprises also need the flexibility to scale other security functions, such as layers of security for complete protection of your enterprise.
What would you say if someone told you it’s possible to achieve 100% SSL inspection on all your traffic without compromising performance, even on a high capacity network? Corsa has created an incredibly simple, flexible and high performence system that can be leveraged to provide exactly that. We call it a software-defined network security approach that will give us the protection and scalability we need, and I’ll explore what that looks like in my next post.
It’s time to address the elephant in the room and find a scalable solution to the traffic inspection gap. Corsa has the answer and that’s why I’m excited about the opportunity and the team we have assembled to change the network security industry.