|
|
06-24-2010
Registered User
26,240,
27
New SSL Inspection Solutions: Are they helping us or not?
I saw some presentations and papers about a new technology that is able to decrypts SSL traffic and sends it to existing security and network appliances on high speed networks. This technology enables existing IPS solutions to identify risks normally hidden by SSL such as regulatory compliance violations, viruses, malware, data loss, intrusion attempts, etc.
This is a very good approach to detect/block those attacks (there are reports showing a increase on attacks using SSL traffic) but I see some risks related.
There are obvious advantages to adopt such technology but a careful analysis must be in place earlier the adoption to address these risks. This will be a case-by-case study and (at least I believe) that not all companies will be able to deploy such technology due to regulations or compliance.
Best Regards
More...
This is a very good approach to detect/block those attacks (there are reports showing a increase on attacks using SSL traffic) but I see some risks related.
- If someone uses this technology to decrypt the traffic and get the info? What are the mitigation actions in place to avoid this?
- How this technology will handle DDOS attacks? It'll be overloaded?
- What is the latency that this technology will add on the network?
- How browsers handle this "man-in-the middle" like security solution?
Best Regards
More...