Eliminate the SSL Blind Spot in Your IDS
Nearly 50 percent of all network traffic is now encrypted through SSL. As that percentage continues to grow, the expanded use of SSL presents a real challenge. That’s because network IDS sensors examine clear-text HTTP traffic, but simply cannot decrypt SSL. They cannot search the most critical incoming traffic for attack signatures.
Hackers realize that encrypted traffic cannot be inspected by many of the security devices already deployed in the network. Suspect traffic traverses the network unimpeded. Once the traffic is decrypted, it is deep in the network and is ready to cause the damage that the hacker was seeking
There already are more than 180,000 public sites protected by SSL, including sites devoted to online banking, investments, e-commerce and online bill-payment services. In addition, numerous organizations are employing SSL-based virtual private networks to allow users to connect to their networks. And by 2008, leading analysts forecast that nearly all trading communities will use SSL to meet diverse trading-partner requirements.
SSL, after all, is a double-edged sword. It protects important information in transit, but is just as effective at protecting hack attempts from inspection.
Until now, security professionals had a choice of only two responses. They ignored the web transaction traffic that included encrypted confidential information. Or, they simply blocked the transaction, terminating the SSL traffic before it reached the IDS.
BreachView SSL offers a third, and much better choice!
As a unique software add-on or standalone appliance to existing IDS or IPS systems, BreachView SSL performs SSL traffic decryption delivering clear text to the IDS sensor, which can be treated like any other traffic. With this non-intrusive software plug-in or alternatively, using the hardware appliance version, the IDS is able to inspect every packet in an unencrypted form, and identify previously undetected attacks. And, the SSL session is not terminated.
In effect, BreachView SSL ensures clean, decrypted traffic without obstructing the original transaction.
In addition to reducing the risk of breaches and hacks in valuable SSL traffic, BreachView SSL represents a cost-effective way to expand the effectiveness and ROI of existing intrusion detection and prevention investments.
BreachView SSL Benefits
Network Intrusion Detection Systems can only analyze traffic they can see. That means SSL traffic passes through the network IDS without examination – rendering searches of critical incoming traffic ineffective against attacks and misuse.
BreachView SSL Provides Visibility into SSL Traffic
As a passive SSL-decryption engine, BreachView SSL:
Provides a duplicate decrypted stream of traffic to the network IDS without affecting the original SSL traffic.
Enhances existing IDSes by enabling them to perform complete attack analysis on previously unseen encrypted traffic.
Leverages the ability to encrypt sensitive information without opening a blind spot in the organization’s overall network security.
With BreachView SSL
- There’s no sensitive information transmitted in the clear
- There’s no lengthy installation or training required
- And, if preferred, there’s no risk through the FREE 30-day trial program
Key Benefits
- Easy-to-install and configure
- Works with existing systems as an add-on option
- Performs SSL traffic decryption – without termination
- Enables security officers to identify previously undetected attacks
SSL Decryption
How BreachView SSL™ Works
BreachView SSL appliance has two network adapters, the first for capture of SSL traffic from the same stream as the IDS sensor and the second to make available the decrypted traffic to the IDS sensor. New clear text traffic is made available on this second adapter so the IDS sensor can analyze it against the attacks and vulnerabilities database based on existing policies for clear HTTP traffic. BreachView SSL appliance securely maintains the SSL key and certificate information of the web sites whose traffic is to be inspected.
With BreachView SSL installed on an existing IDS or IPS, or as an appliance integrated with the IDS/IPS system, network traffic is monitored before it reaches the system’s detection engine. An adapter extracts the SSL stream and delivers it to the BreachView SSL engine.
After decryption, the decrypted SSL is injected back to the IDS, where the network packets are analyzed.
BreachView SSL requires no network modifications, simply providing the original traffic to the IDS sensor software and, additionally, a decrypted version of any SSL encrypted traffic.
The BreachView SSL decryption engine securely maintains the SSL key and certificate information of the Web sites whose traffic is to be inspected. In addition, the system’s architecture assures total independence between BreachView SSL and the IDS or IPS system.