SSL/TLS Inspection or HTTPS Interception is the process of intercepting SSL/TLS encrypted internet communication between the client and server. Interception can be executed between the sender and the receiver and vice versa (receiver to sender).
Decrypting SSL traffic is an important aspect of an organization’s security, and most companies should be inspecting as much of their SSL traffic as they can, in order to reduce risk and keep their users and data safe.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are both cryptographic protocols that govern the encryption and transmission of data between devices (clients) and destination sites (servers).
SSL was first developed in 1995 by Netscape and released to the public as version 2.0. In 1999, TLS 1.0 was released and was based upon version 3.0 of SSL. Currently, TLS 1.2 is most commonly used across the industry, and TLS 1.3 is on the horizon.
While SSL and TLS are different versions of the protocol, the industry has generally adopted the term “SSL” to talk about encryption and we will do the same in this description.
In addition to finding malware in encrypted traffic and stopping hackers from sneaking past your security engines, SSL inspection is useful when an enterprise wants to know what its employees are intentionally or accidentally sending outside of the organization.
SSL inspection is also needed for compliance to ensure that employees are not putting the organization’s confidential data at risk.
A multilayer defence-in-depth strategy that fully supports SSL inspection is essential to ensure an enterprise is secure.
First, the middlebox intercepts the traffic coming and decrypts HTTPS sessions between clients and servers.
Once the traffic has been decrypted, the middlebox inspects the content through antivirus scanning, web filtering, etc.
Then the interceptor encrypts the traffic and forwards it to the destination, in this case the web server.
Removing an encryption blind spot can improve existing security tools by up to 50%
SSL Visibility cost effectively enhances your existing security infrastructure. Recognizing that multiple devices need access to SSL/TLS traffic in your infrastructure, this solution feeds active and passive devices simultaneously, perfectly complementing your existing security solutions (such as DLP, IPS, NGFW, and sandbox) without breaking your budget or hindering their performance.
Avoid the exponential hardware capacity upgrade costs often required by security solutions needing SSL inspection.
Equip network forensics and incident response technologies to gain appropriate visibility into encrypted traffic – critical in breach-related events.
Extend the reach of your tools by feeding them all types of traffic.