Gigamon has announced an expansion to its GigaSECURE SSL/TLS Decryption solution. It has delivered new inline capabilities to enhance the ability to decrypt SSL/TLS traffic. This enables Security Operations (SecOps) teams to see what is moving in and out of the organisation. The ability to decrypt encrypted data has become a key part of the security landscape. Attackers are just as good at using encryption as companies, in some cases they are better.
Ananda Rajagopal, Vice President of Products, Gigamon said: “Inline SSL decryption represents a strategic technology evolution that further expands the benefits of the Gigamon Security Delivery Platform. By offering SSL decryption as a service in the Security Delivery Platform complemented by strong policy enforcement, organizations can create a centralized ‘decryption zone’, enabling them to more easily see and manage their growing SSL/TLS traffic volumes, while enabling their security tools with newfound visibility into formerly encrypted traffic and threats.”
The need to decrypt incoming and outgoing traffic
Organisations are now encrypting much if not all the traffic moving in and out of their networks. This is to protect data from cybercriminals. Yet those same cybercriminals are just as good at using encryption as the enterprise. Using the same encryption channels, they infiltrate malware and exfiltrate data. Data is not the only thing that is encrypted. Most of the communication between infected machines and command and control (C&C) servers is done across encrypted channels.
The problem for SecOps is that the tools they have are not designed for real-time examination of traffic. They require significant compute power and cause traffic delays in the decrypt, examine, encrypt cycle. Users become unhappy with network performance and SLAs are breached. To resolve this, some companies have invested in SSL appliances. Gigamon says this is ineffective as it just adds to the complexity of the network.
How is Gigamon solving this?
Gigamon has added a “decrypt once and feed to multiple tools” approach. It begins with detecting all SSL/TLS traffic on the network. It then applies a series of rules to that traffic to decide if it warrants further investigation. The Gigamon Visibility Platform decides which traffic to inspect and which tool to use for decryption.
The solution also uses advanced policies based on a number of different sources. It uses the Webroot BrightCloud Web Classification Service to determine the trust rating of URLs. Whitelists and blacklists allow for the blocking of sites based on threat intelligence data. For example, decrypted traffic between on-premises servers and backup systems could be marked as safe. It can also say to inpect all traffic going to cloud-based services not on a company whitelist.
There has been a rush to encrypt all traffic to meet good data protection standards. This is a good thing but it has also created a blind spot where encryption is seen as good enough. SecOps teams now realise that they are not the only ones encrypting data. To regain control of network traffic they have to be able to decrypt and validate traffic.
This is not news to many SecOps teams. They have been doing SSL/TLS decryption and checking data for over a year. Their problem is the amount of traffic that they have to inspect and the indiscriminate approach of many tools. Gigamon is offering them a more focused solution that will not cause network delays or user conflicts.