Column Control DTX

Bank Reduces Security Threats by Using SSL Decryption

Case Studies

Financial institutions like banks are high profile targets for security attacks. Network security is mission-critical as any breach can be a public relations nightmare. To reduce the risk of security threats entering the customer’s network, this customer chose to deploy inline Secure Sockets Layer (SSL) and Transport Layer Security (TLS) decryption so they could inspect incoming traffic for various types of malware. This customer turned to Ixia for the solution because they needed help to deploy the SSL decryption cost-effectively with minimal complexity. They also needed to operate at line speed to reduce any time delays.

 

Why Use Inline Security Appliances

 

Inline security appliances, such as intrusion prevention systems (IPS), data loss prevention (DLP) tools, and web application firewalls (WAF) all have one very attractive quality — they enable proactive security threat analysis. This is because the security appliances are directly in the path of active incoming Internet protocol (IP) traffic entering the business network. A network packet broker (NPB) should sit between a bypass switch and the inline security tools to facilitate data capture. The NPB solution provides the perfect opportunity to inspect all traffic and either remove or quarantine anything that looks suspicious without the complexity of serially connected appliances.

 

If inline security appliances are not deployed, the data traffic must be inspected at a later point. Because the data has already entered the network, this is an “after the fact” check for malware and means that the malware has already had the opportunity to launch the intended attack. Therefore, the location of security appliances is a very important decision.

 

The Need for Decryption

 

SSL and TLS encryption are standards-based technology for transmitting private information by protecting data packets from scrutiny or corruption by non-authorized users. They use a combination of public key and symmetric key encryption to create an encrypted link between a server (typically a website or mail server) and a client (typically a browser or a mail client).  For most organizations, SSL traffic is already a significant proportion of their total web traffic.

 

Bad actors have also taken notice of this technology. SSL encrypted traffic can contain direct, tangible threats including malicious code disguised by the encryption process. This malware is particularly sophisticated and likely to be part of an advanced, sustained attack on an organization. For example, Dyre malware can capture and transmit data before encryption occurs. Another example is the Zeus botnet, which uses SSL communications to  upgrade itself.

 

An easy and effective solution is to use an NPB to pass encrypted traffic to an inline SSL decryption appliance. This solution offers complete visibility and control of encrypted traffic without requiring the re-architecture of your network infrastructure. You can add policy-based SSL inspection and management capabilities to your network security architecture to remove encrypted traffic blind spots.

 

×

Please have a salesperson contact me.

*Indicates required field

Preferred method of communication? *Required Field
Preferred method of communication? Change email?
Preferred method of communication?

By clicking the button, you are providing Keysight with your personal data. See the Keysight Privacy Statement for information on how we use this data.

Thank you.

A sales representative will contact you soon.

Column Control DTX