SSL Decryption, also referred to as SSL Visibility, is the process of decrypting traffic at scale and routing it to various inspection tools which identify threats inbound to applications, as well as outbound from users to the internet.Encryption and decryption are the heart of the SSL security algorithm in which information traverse between browser and server is converted into encrypted text. … And at the receiver side, the complex text again converted into original information which is called decryption of data.In addition to finding malware in encrypted traffic and stopping hackers from sneaking past your security engines, SSL inspection is useful when an enterprise wants to know what its employees are intentionally or accidentally sending outside of the organization. SSL inspection is also needed for compliance to ensure that employees are not putting the organization’s confidential data at risk. A multilayer defense-in-depth strategy that fully supports SSL inspection is essential to ensure an enterprise is secure.
Encrypted traffic accounts for most traffic, but many organizations only inspect some of their encrypted traffic, allowing traffic from CDNs and certain “trusted” sites to go uninspected. But that can be risky because webpages are not static. They are served up dynamically with personalized content that may consist of hundreds of objects obtained from multiple sources. Each object poses a potential threat and should be considered untrusted, regardless of source.At the same time, malware authors are using encryption to hide their exploits. It’s become easy (and cheap!) to obtain a valid SSL certificate .Researchers have found that more than 50 percent of malware detected is hiding in encrypted traffic. If you allow encrypted traffic to go uninspected, you are blind to a rising number of potential threats.So why would anyone allow encrypted traffic to bypass inspection engines? The answer is simple: it takes a lot of compute cycles to decrypt, inspect, and re-encrypt SSL traffic, and its performance impact on a company’s infrastructure can be devastating. Companies can’t afford to bring business and workflows to a grinding halt, so they have no choice but to bypass inspection by appliances that can’t keep up with processing demands or the volume.
While SSL decryption can drastically help improve security hygiene, organizations must be aware of the ramifications. Organizations often choose not to decrypt certain traffic, such as traffic containing medical or financial data, so they need to set up filters and policies help to ensure that these types of connections remain private.
Regardless, decrypting SSL traffic is an important aspect of an organization’s security, and most companies should be inspecting as much of their SSL traffic as they can, in order to reduce risk and keep their users and data safe.
