Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Performance, management and privacy issues stymie SSL inspections, and the bad guys know it

Maria Korolov | Sept. 20, 2016
The technology is there for companies to inspect SSL traffic, but performance, management and privacy concerns combine to hinder its adoption.

Blue Coat also offers an SSL decryption product. Its gateways can selectively inspect traffic based on destinations, can support 80 encryption mechanisms, and can feed the results through a data loss prevention system, a malware-detection sandbox, or an intrusion prevent system.

Blue Coat's Rogers said that SSL inspection gateways did have a history of being difficult to manage, and of causing as much as an 80 percent performance hit to firewalls.

But new tools and special-purpose appliances have a minimal impact, and are easier to manage, he said.

In fact, SSL inspection gateways can actually improve network performance, said Bryan Fite, account CISO at BT Global Services.

"You can't really compress and accelerate encrypted traffic," he said. "You first have to decrypt it."

As a result, it's not just security vendors selling this capability -- wide area network vendors are also selling SSL decryption solutions for WAN optimization.

According to Gartner, WAN optimization is an $815 million market, and unit shipment growth is predicted to increase by 12.4 percent through 2019. However, total revenues will actually drop, according to Gartner analyst Bjarne Munch, because of increased integration with routers, aggressive pricing by companies like Cisco, and a general commodization of the market.

The financial services industry is ahead of everybody else on this front, said BT's Fite.

However, financial firms also have some unique challenges when it comes to SSL decryption, he added.

"The case studies aren't there yet, but you might run the risk that the forensic integrity of a transaction that goes through a termination SSL connection might be challenged," he said.

Endpoint-based approaches

Encryption and decryption doesn't have to take place on the periphery of the network.

Some companies are avoiding potential management, performance and privacy issues by inspecting SSL traffic right at the end points.

Avast, for example, offers an HTTPS scanner that looks for signs of malware and sits on the end user's computer.

"It's a man-in-the-middle approach," said Michael Salat, threat intelligence director at Avast Software. "The user lets Avast, the program, scan the data that goes through, but the data isn't transferred anywhere else."

The tools can also spot whether the files are being sent to a suspicious destination.

However, Avast doesn't inspect the files for other types of content, such as sensitive documents or personally identifiable information, so it's not a data loss prevention solution.

Avast isn't alone. Several other companies also offer tools that sit at end points and watch out for suspicious activity.

For example, enSilo sits on servers and endpoints to look for behaviors that violate normal operating principles.

"We come with a whitelist out of the box," said Roy Katmor, CEO at enSilo. "We know how Windows is built and how it's supposed to work, and if something within that flow led to a communication request that broke the operating system, we will prevent that communication from happening. That makes us agnostic to the application or to the encryption method."


Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.