TLS/SSL Decryption for Inline Tools
TLS/SSL decryption for inline tools provides visibility into encrypted traffic. Inline TLS/SSL decryption delivers decrypted packets to tools that can be placed inline or out-of-band. The tools look into decrypted packets for threats, such as viruses or other malware.
The amount of Internet traffic that is encrypted is increasing, and much of it is encrypted with Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.
Note: Throughout this document, the terms Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are used interchangeably.
Malware increasingly uses encrypted TLS/SSL traffic, thus a significant percentage of attacks hide in TLS/SSL. Inline TLS/SSL decryption offers visibility into encrypted applications and hidden threats in your organization.
Many applications, such as email, also use TLS/SSL. Encryption protects data from being viewed in transit over the Internet such as in an exchange of emails. Encryption also keeps the data private. But when data is encrypted, packets are not inspected, which can create blind spots in your network.
Providing visibility into encrypted traffic eliminates this blind spot. TLS/SSL blind spots in your network can be eliminated across any port or application, for example, port 443, or email, Web, or VoIP applications.
Inline TLS/SSL decryption differs from the existing GigaSMART TLS/SSL decryption application, which is passive. Passive TLS/SSL decryption delivers decrypted traffic to out-of-band tools that can then detect threats entering the network. When a threat is detected, the tools can send a notification to the user.
Inline TLS/SSL decryption offloads the decryption task so that tools can inspect traffic easily and effectively. The advantage of operating inline is that tools can act when a threat is detected.
Inline TLS/SSL decryption supports TLS/SSL version 3.0 and TLS versions 1.0, 1.1, 1.2, and 1.3.
Also, the inline TLS/SSL decryption solution is able to decrypt Perfect Forward Secrecy (PFS) ciphers, for example, ECDHE-RSA-AES256-SHA384 and DHE-RSA-AES128-SHA256.