SSL Decryption for Inline Tools
SSL decryption for inline tools provides visibility into encrypted traffic. Inline SSL decryption delivers decrypted packets to tools that can be placed inline or out-of-band. The tools look into decrypted packets for threats, such as viruses or other malware.
The amount of Internet traffic that is encrypted is increasing, and much of it is encrypted with Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.
Note: Throughout this document, the terms Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are used interchangeably.
Malware increasingly uses encrypted SSL traffic, thus a significant percentage of attacks hide in SSL. Inline SSL decryption offers visibility into encrypted applications and hidden threats in your organization.
Many applications, such as email, also use SSL. Encryption protects data from being viewed in transit over the Internet such as in an exchange of emails. Encryption also keeps the data private. But when data is encrypted, packets are not inspected, which can create blind spots in your network.
Providing visibility into encrypted traffic eliminates this blind spot. SSL/TLS blind spots in your network can be eliminated across any port or application, for example, port 443, or email, Web, or VoIP applications.
Inline SSL decryption differs from the existing GigaSMART SSL decryption application, which is passive. Passive SSL decryption delivers decrypted traffic to out-of-band tools that can then detect threats entering the network. When a threat is detected, the tools can send a notification to the user.
Inline SSL decryption offloads the decryption task so that tools can inspect traffic easily and effectively. The advantage of operating inline is that tools can act when a threat is detected.
Inline SSL decryption supports SSL version 3.0 and TLS versions 1.0, 1.1, 1.2, and 1.3.
Also, the inline SSL decryption solution is able to decrypt Perfect Forward Secrecy (PFS) ciphers, for example, ECDHE-RSA-AES256-SHA384 and DHE-RSA-AES128-SHA256.