Protect Against the Threat of Encrypted Attacks
Estimates indicate that over 89% of Web traffic in the United States is now encrypted. Because encryption tunnels are established between remote servers and end user workstations, firewalls by default are unable to examine the encrypted communications. Consequently, malware, malicious traffic, and restricted content are often able to pass through firewall inspection routines without being examined, creating significant exposure for organizations without SSL inspection.
Because implementing SSL inspection bears the potential to occasionally disrupt legitimate communications like online banking and brokerage account transactions, it is important to plan the implementation of SSL inspection carefully so disruptions can be avoided.
SSL Inspection Explained
Secure Sockets Layer (SSL) is an encryption technology used to automatically create secure, encrypted connections between Web servers and remote computers as users engage in activity on the Internet. In recent years, there has been a push for websites to employ the use of SSL encryption to prevent activity from being intercepted and observed by malicious actors.
Although beneficial, an unfortunate side-effect is that just like would-be hackers, many corporate firewalls are also unable to examine the encrypted communication streams. This presents a problem, in that it exposes organizations to viruses, malware, and other threats being unwittingly introduced through legitimate connections.
SSL inspection was created to address this problem. SSL inspection works by intercepting encrypted traffic and replacing the user’s encryption key with its own key, allowing the firewall to inspect the encrypted traffic and undertake protective measures when a threat is detected.
Despite its benefits, many IT administrators are reluctant to implement SSL inspection because it requires a degree of patience to adopt and manage. There are two primary reasons for this.
Financial and High Security Websites
Security-centric websites utilize advanced methods to protect encrypted communications and often detect SSL inspection and mistake it as malicious. Such websites must sometimes be exempted from SSL inspection in order to function properly. Even with exemptions in place, these institutions may occasionally make changes to their infrastructure that interrupt service and require new or additional exemptions to be made.
Without ample firewall processing power, the added step of decrypting and examining encrypted communications can impact Internet speed and performance. This can usually be mitigated by selecting a firewall that is rated for fast throughput, and employs the use of a dedicated chip for sole purpose of performing SSL inspection.
Notwithstanding the various challenges that may arise when adopting SSL inspection, the threat of falling victim to encrypted malware is very real and increasing at a rapid pace. As such, it is recommended that businesses not be dissuaded by these challenges, and instead seriously consider adopting SSL inspection.
For more information, download “SSL INSPECTION” below, or contact a Sandbox Technologies Engineer, Account Manager, or Consulting CIO.