The Importance of Inspecting SSL Data

Secure Sockets Layer (SSL) cryptographic protocol makes it possible to transmit data in encrypted format, thereby ensuring nonpublic information cannot be read if intercepted enroute to its intended user. Introduced in the mid-1990s, SSL has become a de-facto standard for encrypting data in transit. Websites deploying SSL have URL addresses that begin with “https://”. While SSL serves an essential purpose, the protocol can also be used to hide malicious content or unauthorized data transfers from standard firewall or gateway inspections. To combat this threat, organizations need to deploy SSL inspection appliances that decrypt, inspect and then either block unauthorized traffic or re-encrypt legitimate SSL traffic before it enters or exits a network.

The Growing Need for SSL Inspection

SSL has long been used for conducting online banking transactions and other digital interactions that present obvious needs for data encryption, and its use continues to expand due to a variety of factors. Amazon, eBay, Etsy and other online marketplaces and merchants generate billions of dollars in sales revenue each year selling various consumer products. Increasing growth in B2B e-commerce accompanies growth in consumer e-commerce. Social media, including Facebook, LinkedIn, Twitter, and YouTube deploy SSL for interactions with individual account holders as personal and business use of social media continues to grow. Cloud-based services also deploy SSL encryption including well-known and long-established applications such as Salesforce.com that are used by companies across a diverse range of industries. SSL encryption also extends to various company-exclusive contractual arrangements with cloud services providers. Personal and business-related email applications such as Gmail, for example, also reside as cloud services. Virtual Private Network (VPN) capabilities deploy SSL as well, enabling individuals to exchange encrypted data with a company network from mobile devices and remote locations where the employee may not have access to their desktop or work laptop. Use of SSL in VPN interactions makes continual growth in mobile device and remote location work possible. While all of this enables interactions to occur without the threat of nonpublic information being intercepted and read, the ever-increasing volume of SSL traffic also increases the risk of SSL being used to hide malicious content and unauthorized data transfers from standard network security inspections. This makes organizations increasingly vulnerable to intrusion attacks, phishing and spear phishing schemes, viruses or worms, advanced forms of malware and data losses. In response, organizations must integrate SSL inspection appliances with other IT security measures.

How SSL Inspection Appliances Enhance Network Security

SSL protocol relies on certificates, signatures, and keys to encrypt data and then decrypt that data when it reaches its intended recipient. While standard network gateways or firewalls cannot inspect an SSL-encrypted interaction for malicious content or unauthorized transfer of nonpublic information, an SSL inspection device will. If the interaction includes malicious content or constitutes an unauthorized transfer of nonpublic information, the data will be blocked from entering or leaving the network. If the data exchange lacks malicious content and is deemed acceptable, the data will be re-encrypted and sent to the intended recipient.

Configuration Options for SSL Inspection Devices

Some SSL data interactions - such as those routinely used to transfer banking, insurance, healthcare or other forms of nonpublic information - can proceed without inspection. Such whitelisting or filtering of interactions assures that information deemed nonpublic remains nonpublic, and that an organization remains in compliance with relevant legal and regulatory statutes. SSL inspection appliances can be configured to align with such whitelisting or filtering policies. SSL inspection appliance configuration options extend to portions of web-based applications and outbound data transmissions. The Facebook Chat and Messenger services, for example, deploy SSL protocol that allows information exchanges to elude standard detection measures. Since an organization already has other trusted means for transmitting nonpublic information when necessary, the SSL inspection appliance could block such Facebook functions. Similar policies can be established – with corresponding SSL inspection appliance configurations – for inbound and outbound email or other interactions. In addition to aligning with filtering and whitelisting policies, configuring an SSL inspection appliance to selectively inspect data interactions also eases use of CPU power and overall network resources.

SSL Interception: Balancing Privacy and Protection

To meet various regulatory requirements, ensure data cannot be read if intercepted, and sustain trust among employees, customers and other stakeholders, there will always be a need for transmitting data in encrypted format. SSL serves as a universally recognized protocol for transmitting such data. However, there also needs to be awareness that SSL encrypted data is often used to hide malicious content or unauthorized transfers of data that could cause immense damage to a network or a company. The use of an inspection appliance gives an organization the ability to balance the need for secure data transmissions with the need to protect itself from the dangers that may accompany transfers of encrypted data.