Cybersecurity’s Blindspot: The SSL Inspection Gap
Networks have changed, but network security has not.
With the exponential increase in traffic volumes and mix along with the majority of traffic being encrypted (over 72%), enterprises face an ever-expanding threat surface when it comes to cybersecurity: the SSL Inspection Gap.
Even the largest security devices suffer from an unacceptable performance degradation when trying to decrypt SSL traffic in order to inspect it – you lose 90% of SSL visibility when encryption is turned on.
The SSL inspection gap is referred to as the point where an enterprise can’t keep up with decrypting incoming traffic and maintain their network’s performance, so they opt to let traffic through unchecked in order to speed up their network.
100% Visibility, 100% of the Time
Right now, network security is hardwired into your network path. If you have 40Gbps of connectivity, you need 40Gbps worth of encryption/decryption capability (or at least a reasonable amount that is closer to your traffic profile). Every time you upgrade your connectivity, you have to bring in a bigger box. But you will never have enough capacity.
There are two methods for achieving 100% SSL/TLS visibility while guaranteeing network performance and both leverage horizontal scaling to enable traffic offload to multiple encryption/decryption functions (physical or virtual). Now you’re no longer tied to the performance of a single appliance and you can scale security inspection horizontally.
For those wanting to scale traffic inspection seamlessly:
Network Security Virtualization Platform
The Corsa Security turnkey network security virtualization platform makes it possible to fully inspect 100% of traffic, without degrading performance on high-capacity networks. Leveraging a private cloud approach, you can order the Corsa Security platform with one click, deploy in minutes and pay-as-you-grow, which significantly improves ROI.
For those needing 100% SSL/TLS visibility at scale:
Security Services Load Balancer Appliance
The Corsa NSE7000 appliance is an in-line security services load balancer that provides a simple way to scale SSL/TLS encryption and decryption capabilities horizontally. It splits the work by redirecting traffic into multiple hardware-based security appliances, so you can get 100% visibility into your SSL/TLS traffic.
SSL Inspection with Corsa and Symantec
The Symantec and Corsa Security partnership provides 100% SSL/TSL traffic decryption/encryption—dynamically, flexibly, and cost-effectively. The solution takes just a few minutes to install and configure, and it can scale just by adding physical or virtual SSL Visibility Appliances. This makes it easy to keep your costs in line with your capacity needs over time.
You can build out your SSL/TLS visibility infrastructure on one or two ‘north-south’ 10G links. As network traffic grows, add more 10G links between the upstream and downstream routers—without changing topology and without purchasing more bandwidth or more ports on the NSE7000. Then add more SSL Visibility Appliances as needed to scale the inspection capabilities, independently of north-south path upgrades.
How it works
- The Corsa NSE7000 appliance directs all the SSL/TLS traffic to the physical or virtual Symantec SSL Visibility Appliance(s).
- The SSL Visibility Appliance decrypts the traffic and sends it for further security functions.
- The security service chain treats the traffic and returns it to the appliance where it is re-encrypted and passed to the NSE7000 appliance.
- Corsa maintains flow conversations with symmetric and bidirectional load balancing, sending traffic to its correct destination.