Gigamon has introduced a significant expansion to its GigaSECURE? SSL/TLS Decryption solution, with new inline capabilities, bringing enhanced visibility into encrypted data-in-motion.
As the volume of encrypted traffic continues to rise, organisations are more vulnerable to encrypted attacks, hidden command and control (C&C) threats and data exfiltration exploits that go undetected. With its expanded SSL decryption solution, Gigamon helps remove network blind spots to expose malicious threats and feeds decrypted traffic-of-interest to the appropriate security tools for immediate analysis and mitigation.
This solution addresses the growing challenges Security Operations teams face in managing encrypted traffic. Most security tools are not designed to identify and decrypt large volumes of encrypted traffic. Those tools that do decrypt SSL traffic typically become overstressed and suffer significant performance degradation once SSL decryption is enabled. The net result is repeated decryption and re-encryption of SSL sessions as application flows traverse infrastructure, leading to unnecessary appliance sprawl, increased cost and complexity and ultimately, higher application latency.
The Gigamon SSL Decryption solution addresses these challenges with a new GigaSMART? traffic intelligence application that supports both inline and out-of-band decryption. The new set of supported ciphers include Diffie-Hellman (DH), Diffie-Hellman Ephemeral (DHE), Perfect Forward Secrecy (PFS) and Elliptic Curve, and operates in networks that range from 1Gb to 100Gb.
The new SSL Decryption solution automatically identifies all SSL/TLS traffic across any port or application by establishing a “decrypt once and feed to multiple tools” design for improved scale and resiliency. A key enabler of this solution is an advanced set of traffic selection and distribution capabilities in the Gigamon Visibility Platform that simplifies deployment of SSL decryption at scale. Furthermore, advanced policies enable traffic filtering and selective decryption based on URL categorisation using the market-leading Webroot BrightCloud® Web Classification Service, domain names, and whitelist/blacklist policies, in order to meet data privacy and compliance requirements.
“Inline SSL decryption represents a strategic technology evolution that further expands the benefits of the Gigamon Security Delivery Platform,” said Ananda Rajagopal, vice president of products at Gigamon. “By offering SSL decryption as a service in the Security Delivery Platform complemented by strong policy enforcement, organisations can create a centralised ‘decryption zone’, enabling them to more easily see and manage their growing SSL/TLS traffic volumes, while enabling their security tools with newfound visibility into formerly encrypted traffic and threats.”
The new inline SSL Decryption application is a key component of GigaSMART traffic intelligence application suite that significantly expands the applicability of SSL decryption beyond the previously supported out-of-band SSL decryption. Inline SSL decryption addresses a vastly expanded universe of use cases such as monitoring accesses to Internet-based services for risk/compliance violations, detecting malicious activities such as command and control (C&C) communications, decrypting TLS sessions that use modern cipher suites and above all, creating an efficient framework to manage encrypted traffic at scale.
The inline SSL decryption application complements other GigaSMART applications, such as de-duplication, application session filtering, data masking and metadata generation, that optimise, automate and deliver traffic-of-interest to the appropriate monitoring and security tools across the network. SSL Decryption is a software feature that utilises a perpetual lifetime license. The license will initially be available on the GigaVUE-HC2 visibility appliance with a list price of $29,995 and will be generally available late March 2017.