Cisco SSL Appliances decrypt secure socket layer (SSL) traffic and send it to existing security and network appliances to transparently enable encrypted traffic inspection. This allows existing intrusion prevention system (IPS) appliances to identify risks normally hidden by SSL, such as regulatory compliance violations, viruses, malware, data loss, and intrusion attempts.
SSL-encrypted traffic is exploding, due to the enterprise-wide usage of cloud computing, secure e-commerce, Web 2.0 applications, email, and VPN. However, SSL-encrypted communications are an easy vehicle to hide many types of cybersecurity threats, including:
If not managed properly, SSL can leave a hole in any enterprise security architecture. Existing approaches to SSL-encrypted traffic often involve passing everything through or blocking all SSL traffic. Or they may combine the SSL decryption on the same device as threat protection functions, such as an IPS.
Unlike on-box SSL decryption solutions that use shared hardware resources for SSL decryption and IPS inspection, the Cisco SSL architecture permits the SSL and IPS processes to run on separate systems. This offloads all decryption and encryption requirements from the IPS to provide greater IPS performance and scalability.
Cisco SSL Appliances are also versatile enough to inspect SSL traffic in both inbound and outbound configurations and are available with a range of interface options. All include a programmable fail-open capability, traffic bypass filters, and configurable link state monitoring and mirroring. Fine-grained policy control provides the ability to control which SSL flows are inspected, passed through, or blocked.
The following unique capabilities of Cisco SSL Appliances remove risk arising from lack of visibility into SSL traffic while also maintaining the performance of security and network appliances: