Saudi Ministry of Education to showcase innovations at 2025 Geneva International Exhibition    7,523 violators of residency, labor, and border security laws deported in a week    Video contradicts Israeli army account of deadly March 23 strike on Gaza paramedics    Saudi Arabia spends over $241 million to implement de-mining projects in 3 countries    Italy's Meloni government approves controversial security decree expanding police protections and penalties    Egypt submits new Gaza ceasefire and prisoner exchange proposal: Report    'Everything is possible' — Ronaldo focused on titles, not 1,000-goal milestone after Riyadh Derby win    Saudi, US military leaders discuss enhanced defense cooperation in Riyadh    King Salman Global Academy for Arabic Language launches program with Indiana University    Ronaldo brace powers Al Nassr past Al Hilal in Riyadh derby thriller    Ed Sheeran weaves Persian music into new song, Azizam    Al-Jadaan: Crown Prince's directives confirm government's ability to bring back balance to real estate market    Veteran Bollywood actor Manoj Kumar dies at 87    Foreign investors are allowed to engage in real estate business outside Makkah and Madinah Commercial speculation should not be the purpose of real estate transaction    Aubameyang fires Al Qadsiah into King's Cup final with stoppage-time winner over Al Raed    Musk's X is suing India, as Tesla and Starlink plan entry    Tesla sales plunge after backlash against Elon Musk    Danilo Pereira fires Al Ittihad into King's Cup final with dramatic stoppage-time double    Screen time in bed linked to insomnia, study finds    Mexico bans junk food in schools to fight childhood obesity epidemic    Sweet sales surge ahead of Eid as Saudi chocolate imports top 123 million kg in 2024    Bollywood actress vindicated over boyfriend's death after media hounding    Grand Mufti rules against posting prayers and preaching in mosques on social media    King Salman prays for peace and stability for Palestinians in Ramadan message King reaffirms Saudi Arabia's commitment to serving the Two Holy Mosques and pilgrims    Exotic Taif Roses Simulation Performed at Taif Rose Festival    Asian shares mixed Tuesday    Weather Forecast for Tuesday    Saudi Tourism Authority Participates in Arabian Travel Market Exhibition in Dubai    Minister of Industry Announces 50 Investment Opportunities Worth over SAR 96 Billion in Machinery, Equipment Sector    HRH Crown Prince Offers Condolences to Crown Prince of Kuwait on Death of Sheikh Fawaz Salman Abdullah Al-Ali Al-Malek Al-Sabah    HRH Crown Prince Congratulates Santiago Peña on Winning Presidential Election in Paraguay    SDAIA Launches 1st Phase of 'Elevate Program' to Train 1,000 Women on Data, AI    41 Saudi Citizens and 171 Others from Brotherly and Friendly Countries Arrive in Saudi Arabia from Sudan    Saudi Arabia Hosts 1st Meeting of Arab Authorities Controlling Medicines    General Directorate of Narcotics Control Foils Attempt to Smuggle over 5 Million Amphetamine Pills    NAVI Javelins Crowned as Champions of Women's Counter-Strike: Global Offensive (CS:GO) Competitions    Saudi Karate Team Wins Four Medals in World Youth League Championship    Third Edition of FIFA Forward Program Kicks off in Riyadh    Evacuated from Sudan, 187 Nationals from Several Countries Arrive in Jeddah    SPA Documents Thajjud Prayer at Prophet's Mosque in Madinah    SFDA Recommends to Test Blood Sugar at Home Two or Three Hours after Meals    SFDA Offers Various Recommendations for Safe Food Frying    SFDA Provides Five Tips for Using Home Blood Pressure Monitor    SFDA: Instant Soup Contains Large Amounts of Salt    Mawani: New shipping service to connect Jubail Commercial Port to 11 global ports    Custodian of the Two Holy Mosques Delivers Speech to Pilgrims, Citizens, Residents and Muslims around the World    Sheikh Al-Issa in Arafah's Sermon: Allaah Blessed You by Making It Easy for You to Carry out This Obligation. Thus, Ensure Following the Guidance of Your Prophet    Custodian of the Two Holy Mosques addresses citizens and all Muslims on the occasion of the Holy month of Ramadan    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Saudi companies urged to select the right SSL traffic inspection tools
Published in The Saudi Gazette on 09 - 10 - 2016

ENCRYPTED traffic accounts for a large and growing percentage of all network traffic. While the adoption of SSL, and its successor, Transport Layer Security (TLS), should be cause for celebration – as encryption improves confidentiality and message integrity – it also puts organizations at risk. This is because hackers can leverage encryption to conceal their exploits from security devices that do not inspect Secure Sockets Layer (SSL) traffic.
According to a Gartner survey, "less than 20% of organizations with a firewall, an intrusion prevention system (IPS) or a unified threat management (UTM) appliance decrypt inbound or outbound SSL traffic." This means that hackers can evade over 80% of companies' network defenses simply by tunneling attacks in encrypted traffic.
To prevent cyber-attacks, enterprises in Saudi need to inspect all traffic, and in particular encrypted traffic, for advanced threats. To do this, they need a dedicated security platform that can decrypt inbound and outbound SSL traffic. This can be complex though as SSL inspection potentially touches so many different security products – from firewalls and intrusion prevent systems (IPS) to data loss prevention (DLP), forensics, advanced threat prevention and more. To help with the process, here are the main features that all SSL inspection platforms should provide.
Performance is perhaps the most important evaluation criteria for SSL inspection platforms. Organizations must assess their current Internet bandwidth requirements and ensure that their SSL inspection platform can handle future SSL throughput requirements.
While doing so, IT teams must analyze appliance performance with essential security and networking features enabled. This is important as testing SSL decryption speeds without considering the impact of deep packet inspection (DPI), URL classification or other features will not provide a clear picture of real-world performance.
Privacy and regulatory concerns have emerged as one of the top hurdles preventing organizations from inspecting SSL traffic. IT security teams must walk a thin line between protecting employees and intellectual property, and violating employees' privacy rights.
To address regulatory requirements like HIPAA, Federal Information Security Management Act (FISMA), Payment Card Industry Data Security Standard (PCI DSS) and Sarbanes-Oxley (SOX), an SSL inspection platform should be able to bypass sensitive traffic, like traffic to banking and healthcare sites. By bypassing sensitive traffic, IT security teams can rest easy knowing that confidential banking or healthcare records will not be sent to security devices or stored in log management systems.
The SSL inspection solution must be able to categorize web traffic using an automated URL classification service and also support manually-defined URL bypass lists. To drive transparency and employee confidence, IT teams should also be able to display customizable messages to users informing them that encrypted traffic may be monitored for cyber threats and unauthorized activity.
Most firewalls today can granularly control access to applications and detect intrusions and malware. Unfortunately, analyzing network traffic for network-borne threats is a resource-intensive task. While firewalls have increased their capacity over time, they often cannot keep up with network demand, especially when multiple security features like IPS, URL filtering and virus inspection are enabled.
Therefore, SSL inspection platforms should not just offload SSL processing from security devices. They should also maximize the uptime and performance of these devices. When evaluating SSL inspection platforms, organizations should look for platforms that can scale security deployments with load balancing; detect and route around failed security devices; provide better value by supporting N+1 redundancy rather than just 1+1 redundancy; and support advanced health monitoring to rapidly identify network or application errors.
Whether providing visibility to outbound or inbound SSL traffic, SSL inspection devices must securely manage SSL certificates and keys. SSL certificates and keys form the basis of trust for encrypted communications. If they are compromised, attackers can use them to impersonate legitimate sites and steal data.
To ensure that certificates are stored and administered securely, organizations should look for SSL inspection platforms that provide device-level controls to protect SSL keys and certificates. The solution should integrate with third-party SSL certificate management solutions to discover, catalog, track and centrally control certificates. It is also necessary for it to support FIPS 140-2 Level 2 and Level 3 certified equipment and Hardware Security Modules (HSMs) that can detect physical tampering and can safeguard cryptographic key.
With SSL accounting for nearly a third of enterprise traffic and with more applications supporting 2048-bit and 4096-bit SSL keys, organizations can no longer avoid the cryptographic elephant in the room. If they wish to prevent devastating data breaches, they must gain insight into SSL traffic. By following the abovementioned guidelines, organizations can make well-informed decisions and avoid the deployment pitfalls that SSL inspection can potentially expose.
* The writer is EMEA Partner Director at A10 Networks


Clic here to read the story from its source.