Offload SSL Decryption to Improve Security Tool Performance

Solution Briefs

 

Offload SSL Decryption to

Improve Security Tool Performance

 

Deployment Scenario: Inline Network Visibility

Most enterprise applications are now encrypted using either the secure sockets layer (SSL) standard or its updated version called transport layer security (TLS). While many security tools include the ability to decrypt traffic so that the incoming data can be analyzed for security purposes, this comes at the expense of CPU performance and can dramatically slow (up to 80%) a security appliance’s processing capability. One solution is to use a network packet broker (NPB) to offload the SSL functionality to a purpose built decryption device and then forward the unencrypted data to one or more security tools for analysis.

 

Benefits 

  • Increase network efficiency by decrypting data once
  • Prevent security tool performance issues due to decryption 
  • Maximize unencrypted data analysis by using an NPB 
  • Eliminate decryption appliance port contention by using an NPB