Inline SSL solution eliminates network blind spots
At RSA Conference 2017, Gigamon announced an expansion to its GigaSECURE SSL/TLS Decryption solution, with new inline capabilities, bringing enhanced visibility into encrypted data-in-motion.
This solution addresses the growing challenges Security Operations teams face in managing encrypted traffic. Most security tools are not designed to identify and decrypt large volumes of encrypted traffic. Those tools that do decrypt SSL traffic typically become overstressed and suffer significant performance degradation once SSL decryption is enabled. The net result is repeated decryption and re-encryption of SSL sessions as application flows traverse infrastructure, leading to unnecessary appliance sprawl, increased cost and complexity and ultimately, higher application latency.
The Gigamon SSL Decryption solution addresses these challenges with a new GigaSMART traffic intelligence application that supports both inline and out-of-band decryption. The new set of supported ciphers include Diffie-Hellman (DH), Diffie-Hellman Ephemeral (DHE), Perfect Forward Secrecy (PFS) and Elliptic Curve, and operates in networks that range from 1Gb to 100Gb.
The new SSL Decryption solution automatically identifies all SSL/TLS traffic across any port or application by establishing a “decrypt once and feed to multiple tools” design for improved scale and resiliency. A key enabler of this solution is an advanced set of traffic selection and distribution capabilities in the Gigamon Visibility Platform that simplifies deployment of SSL decryption at scale.
Advanced policies enable traffic filtering and selective decryption based on URL categorization using the market-leading Webroot BrightCloud Web Classification Service, domain names, and whitelist/blacklist policies, in order to meet data privacy and compliance requirements.
“Inline SSL decryption represents a strategic technology evolution that further expands the benefits of the Gigamon Security Delivery Platform,” said Ananda Rajagopal, vice president of products at Gigamon. “By offering SSL decryption as a service in the Security Delivery Platform complemented by strong policy enforcement, organizations can create a centralized ‘decryption zone’, enabling them to more easily see and manage their growing SSL/TLS traffic volumes, while enabling their security tools with newfound visibility into formerly encrypted traffic and threats.”
SSL Decryption is a software feature that utilizes a perpetual lifetime license. The license will initially be available on the GigaVUE-HC2 visibility appliance with a list price of $29,995 and will be generally available late March 2017.