Column Control DTX

Bank Reduces Security Threats by Using SSL Decryption

Case Studies

Financial institutions like banks are high profile targets for security attacks. Network security is mission-critical as any breach can be a public relations nightmare. To reduce the risk of security threats entering the customer’s network, this customer chose to deploy inline Secure Sockets Layer (SSL) and Transport Layer Security (TLS) decryption so they could inspect incoming traffic for various types of malware. This customer turned to Ixia for the solution because they needed help to deploy the SSL decryption cost-effectively with minimal complexity. They also needed to operate at line speed to reduce any time delays.

 

Why Use Inline Security Appliances

 

Inline security appliances, such as intrusion prevention systems (IPS), data loss prevention (DLP) tools, and web application firewalls (WAF) all have one very attractive quality — they enable proactive security threat analysis. This is because the security appliances are directly in the path of active incoming Internet protocol (IP) traffic entering the business network. A network packet broker (NPB) should sit between a bypass switch and the inline security tools to facilitate data capture. The NPB solution provides the perfect opportunity to inspect all traffic and either remove or quarantine anything that looks suspicious without the complexity of serially connected appliances.

 

If inline security appliances are not deployed, the data traffic must be inspected at a later point. Because the data has already entered the network, this is an “after the fact” check for malware and means that the malware has already had the opportunity to launch the intended attack. Therefore, the location of security appliances is a very important decision.

 

The Need for Decryption

 

SSL and TLS encryption are standards-based technology for transmitting private information by protecting data packets from scrutiny or corruption by non-authorized users. They use a combination of public key and symmetric key encryption to create an encrypted link between a server (typically a website or mail server) and a client (typically a browser or a mail client).  For most organizations, SSL traffic is already a significant proportion of their total web traffic.

 

Bad actors have also taken notice of this technology. SSL encrypted traffic can contain direct, tangible threats including malicious code disguised by the encryption process. This malware is particularly sophisticated and likely to be part of an advanced, sustained attack on an organization. For example, Dyre malware can capture and transmit data before encryption occurs. Another example is the Zeus botnet, which uses SSL communications to  upgrade itself.

 

An easy and effective solution is to use an NPB to pass encrypted traffic to an inline SSL decryption appliance. This solution offers complete visibility and control of encrypted traffic without requiring the re-architecture of your network infrastructure. You can add policy-based SSL inspection and management capabilities to your network security architecture to remove encrypted traffic blind spots.

 

×

판매 문의 부탁드립니다.

*Indicates required field

선호하는 연락방법을 선택해 주십시오. *필수입력항목
Preferred method of communication? 이메일 변경하기
Preferred method of communication?

[키사이트 개인정보 수집 및 이용]
 1. 개인정보 수집 및 이용 동의
 2. 키사이트 파트너 업무 위탁 동의
 3. 키사이트 해외 본사 및 지사 제공 동의

"제출"을 클릭하시면 개인정보 수집 및 이용에 동의한 것으로 간주합니다. 보다 자세한 내용은 홈페이지 하단의 개인정보보호정책 을 참조하시기 바랍니다.

감사합니다!

A sales representative will contact you soon.

Column Control DTX