Solutions for inspecting and securing SSL traffic
Fidelis Security Systems announced the SSL Decoder within Fidelis XPS, which provides the ability to assess the authenticity of an SSL certificate. They also introduced the Fidelis SSL Inspector 10G, which enables the Fidelis XPS Deep Session Inspection architecture to detect threats in SSL-encrypted content on 10G Ethernet networks.
Both solutions are in response to the fact that, for the same reasons SSL is optimal for insuring privacy and confidentiality, it has become an avenue for hackers to exploit in order to penetrate networks.
“With the recent widely-publicized breaches of Certificate Authorities, enterprises are in desperate need of a way to verify the authenticity of SSL certificates,” said Gene Savchuk, CTO at Fidelis. “While SSL pinning – white-listing a certificate authority public key in a browser for a specific domain or set of domains – is emerging as a potential solution, it will quickly prove inadequate for enterprises due to the dynamic nature of certificates and a need for a solution that scales. The Fidelis XPS SSL Decoder mimics this concept, but at the network edge rather than at client end-points, and offers more centralized management which is conducive to certificate changes and scale.”
Until now, the ability to alert IT security to fake certificates has been limited. By leveraging the sophisticated rules engine that is at the core of Fidelis XPS, Fidelis is adding the ability to put rules in place to evaluate certificates and to take action, such as preventing a session, if the certificates characteristics are suspect.
The combination of these rules and implementing this action at the network edge provides a measure of ease of use that is a necessity for large enterprises that would otherwise have to rely on application vendors retroactively providing patches following publicized breaches at SSL Certificate Authorities and users applying these patches correctly and in a timely manner.
“SSL-encrypted traffic makes up an ever increasing share of the traffic seen on an enterprise network with the proliferation and cloud computing and social networking,” said Andrew Hay, Senior Security Analyst at 451 Research. “Though the security and confidentiality capabilities provided by SSL are widely known, SSL can also be used to conceal malicious activity such as botnet command-and-control or data exfiltration. If companies are not leveraging network monitoring tools capable of inspecting encrypted traffic, they’re likely missing an important threat vector.”