Seeing Inside Encrypted Traffic

Most of the traffic flowing through your firewall today is encrypted. In some ways that’s a good thing because encryption enables businesses to communicate securely with customers/partners and protects the privacy and integrity of data. But it creates new problems for information security folks because the only data you can actually see in the packet header is nothing but IP addresses and port numbers. There’s some monitoring and analytics you can do with that information such as with threat intelligence feeds and session profiling, but your hands are really tied if you can’t decrypt the traffic. The bad guys know that and actively use encryption to evade network-based security technologies. They are increasingly enhancing their APT payloads to hide their communications with command and control servers as well as the actual exfiltration of stolen information inside encrypted connections disguised to look like legitimate web traffic. Attackers passively benefit from the prevalence of encryption. For instance, when an attacker compromises a legitimate website and uses it to deliver or stage malicious content, the fact that that legit website uses https means your network-based probes and monitoring agents are blind to the content. This leaves organizations wide open to malware attacks amongst others. So, we obviously need visibility into encrypted data flowing between our network and the Internet and ideally even between portions of our internal network. But how do you get that visibility in the first place? Without breaking network performance? And what about compliance requirements specific to certain types of data or privacy regulations? In this webinar we will show you how: * SSL decryption works * Common sources of performance degradation * ICAP support is critical to successful SSL decryption * Decryption needs to be policy based to avoid compliance problems