Answer

Choosing an SSL decryption appliance for enterprise SSL monitoring

I read your recent response on the importance of SSL monitoring. Can most enterprise, Web-based data loss prevention (DLP) products scan SSL traffic? How do the features vary, and what should I look for in an SSL decryption appliance?

    Requires Free Membership to View

Ask the Expert

Perplexed about network security? Send your network security-related questions today! (All questions are anonymous)

I would say many if not almost all DLP products have some type of SSL decryption ability. Actually, from my experience, most organizations opt for a next-generation firewall, which, in the vast majority of cases, has DLP, SSL decryption, intrusion detection, log correlation and email filtering, all wrapped up in one device or bundle of devices. These multifunction security devices are becoming preferred to point products because they're usually cheaper to buy and easier to manage.

But to answer your initial question: Yes, many Web-based DLP products can scan SSL traffic because data loss prevention and SSL decryption are very much complementary concepts.

Most within the security industry generally agree that DLP consists of three defining features: deep content analysis, central policy management, and broad content coverage across multiple platforms and locations. What should become readily apparent when comparing these characteristics with the concept of SSL decryption is that DLP is a broad concept, whereas SSL decryption is much more focused.

However, if your budget allows for it, don't discount the value of having a separate SSL decryption appliance as part of your security strategy. As the de facto standard for SSL encryption moves from 1024-bit to 2048-bit encryption, network throughput and network resources may become significantly strained. Anything you can do now to offload the processing requirements of SSL decryption will become increasingly important as the encryption standards become more burdensome.

When evaluating potential SSL decryption appliances, the most important characteristic to look for is a device's ability to handle the line-speed traffic levels that are typical for your network. Introducing delays into network traffic is a surefire way to ensure disgruntled end users. Additionally, the device should be easy to manage with an intuitive administrator interface. Finally, make sure that you find an appliance that provides the logging and reporting necessary to meet your enterprise's security requirements.

This was first published in February 2014

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: