Confidential | © A10 Networks, Inc. When Your Security Measures Become the Threat: The Hidden Dangers of SSL Traffic February

Confidential | © A10 Networks, Inc. The Cyber Threat Landscape The Need for Encryption SSL Usage Trends Threats Introduced by SSL Traffic How to Protect Against SSL Threats Agenda

Confidential | © A10 Networks, Inc. Impact of a Breach: Source: Information Is Beautiful Investigation and notification costs Brand damage Lost revenue Regulatory fines Lawsuits World’s Largest Data Breaches

Confidential | © A10 Networks, Inc. Data Breaches by the Numbers $3.79 million Average total cost of a data breach Total Cost Individual Cost Escalating Risk $154 Cost per lost or stolen record 23% increase in total cost of a data breach since 2013 Sources: Ponemon Institute, 2015 Cost of Data Breach Study: Global Analysis

Confidential | © A10 Networks, Inc. Top Causes of Large-Scale Breaches 225,000 new malware strains detected per day Malware Insider Abuse Advanced Persistent Threats 55% of abuse caused by users with legitimate access 66% believe their organization will be the target of APT Sources: PandaLabs Report Q | 2015 Verizon Data Breach Investigation Report | Mandiant, a FireEye company

Confidential | © A10 Networks, Inc.  Next Gen Firewall  Secure Web Gateway  Intrusion Detection & Prevention  Advanced Threat Protection  SIEM  Network Forensics  Data Loss Prevention  Unified Threat Management Solutions are Failing Despite $71.1B investment in security SOURCE: Information Security, Worldwide, , 2Q14 Update, Gartner

Confidential | © A10 Networks, Inc. In % SSL Traffic Is Increasing… 7 In % Sources: NSS Labs, Sandvine 100%?

Confidential | © A10 Networks, Inc. Reasons Why More Organizations Are Encrypting Traffic  Snowden revelations of NSA snooping  Disclosures in 2014 that governments were injecting surveillance software in web traffic  YouTube and Microsoft Live used as conduits to inject malware  Both now encrypt traffic  Google ranks SSL sites higher for SEO Source: Washington Post

Confidential | © A10 Networks, Inc. Security Experts Agree: SSL Can Create New Risks SOURCE SANS –Speaker OK. Gartner ask permission for BDM LOGOS “Bad actors are after our data... and encrypting data is the best way to hide their transfers and malware communications from security devices.” ―J. Michael Butler, SANS Institute SOURCE: Finding Threats by Decrypting SSL.

Confidential | © A10 Networks, Inc. Cyber Threats Hidden in SSL Traffic Sources: Sandvine Internet Phenomena Report “Security Leaders Must Address Threats From Rising SSL Traffic,” %50%80% of Internet traffic will be encrypted by 2016 of attacks will use encryption to bypass controls by 2017 of organizations with firewalls, IPS, or UTM do not decrypt SSL traffic

Confidential | © A10 Networks, Inc. Security Infrastructure Inspects Traffic to Stop Attacks AccountingEngineeringSales & Marketing ATP IPS Firewall SIEM Network Forensics AccountingEngineeringSales & Marketing z Alert Block

Confidential | © A10 Networks, Inc. AccountingEngineeringSales & Marketing ATP IPS Firewall SIEM Network Forensics AccountingEngineeringSales & Marketing z Data Exfiltration Anomalous Activity Successful Attack Undetected Malware Encryption Makes Security Devices Blind to Attacks

Confidential | © A10 Networks, Inc. Attacks that Can Hide in SSL Traffic

Confidential | © A10 Networks, Inc. Infiltration and Attacks Malvertising delivered over SSL-encrypted Adtech networks Malware distributed via social media Malware sent as attachments in and instant messaging apps DDoS and Web app attacks Yahoo malvertising attack Facebook, Twitter, LinkedIn use SSL Koobface was a multimillion malware campaign that used Facebook Whatsapp, Snapchat encrypt IM Attackers can use SSL to bypass controls or overwhelm servers

Confidential | © A10 Networks, Inc. Insider Abuse Insiders can send sensitive data through web-based Gmail, Yahoo Mail, MS Live encrypt Insiders can upload sensitive files to file sharing services Box, Dropbox, iCloud, OneDrive encrypt data C&C Communications Malware-infected machines communicate to command & control servers via SSL China’s APT1, Zeus, Shylock, KINS and CryptoWall malware use SSL Data Exfiltration Hidden in SSL

Confidential | © A10 Networks, Inc. How Malware Developers Exploit Encrypted Traffic Bot Infection Hidden in SSL TrafficData Exfiltration over SSL Drive-by download from an HTTPS site Malicious file in instant messaging Malicious attachment sent over SMTPS Command and control server communication Stolen data sent via or to cloud storage sites Malware receiving C&C updates from social media sites

Confidential | © A10 Networks, Inc. Security Experts Agree: Businesses Must Inspect SSL SOURCE SANS –Speaker OK. Gartner ask permission for BDM LOGOS “ Organizations without traffic decryption plans are blind not only to these new sophisticated attacks but also to any attacks that take place over encrypted connections.” ― Gartner SOURCE: Security Leaders Must Address Threats From Rising SSL Traffic, Jeremy D’Hoinne, Adam Hills, December 2013, refreshed Jan 2015  “Many current security tools also cannot inspect encrypted traffic, allowing hackers to hide behind the encryption that protects sensitive data.. ” Robert L. Scheier Six Steps to Stronger Retail Security, Robert L. Scheier

Confidential | © A10 Networks, Inc. Eliminate Blind Spots Detect Advanced Threats Empower Your Security Infrastructure Prevent Data Breaches SSL Decryption is Critical

Confidential | © A10 Networks, Inc. SSL Insight Overview  Client Initiates outbound communication  Traffic is decrypted  Decrypted traffic is inspected by security solutions  Data is encrypted  Secure tunnel is established  Any data returned is decrypted, inspected and encrypted before reaching the client Other DLP UTM IDS Internet SSL decryption Encrypted Decrypted Encrypted Inspection/ Protection Client

Confidential | © A10 Networks, Inc. SSL Insight – Inline Single Appliance Deployment Firewall or Inline Security Device HTTP SSL ADP 1 ADP 2 SSL This deployment mode provides SSL visibility to an inline security device One partition decrypts SSL traffic and forwards it to security devices A second partition encrypts traffic L2 deployment Secure Traffic Clear Traffic

Confidential | © A10 Networks, Inc. SSL Insight – Inline and Passive Mode Security Devices Client Open once and inspect multiple times Multiple security devices Inline (Layer 2) and passive (TAP) mode devices supported on SPAN/Mirror Port SWG Secure Web Gateway SSLHTTP SSL IPS/Firewall ATP / SIEM Secure Traffic Clear Traffic

Confidential | © A10 Networks, Inc. Why Customers Choose A10 All-Inclusive Licensing and Support Advanced Security & Networking Features Best-in Class Performance Gold Standard for Reliability and Support Data Center Efficient Design Flexible Cloud Deployment & APIs

Confidential | © A10 Networks, Inc. Security Uncover threats concealed in inbound and outbound SSL traffic Performance Relieves the security gateway and server of SSL tasks Availability Faster server response time and automatic redundancy Scalability Scale server and security gateway capacity with integrated load balancing SSL Insight Benefits

Confidential | © A10 Networks, Inc. SSL Insight Provides the Visibility You Need Escalating Risks from SSL TrafficSSL Insight Value Full SSL visibility to uncover attacks and prevent breaches 10x More Performance Decrypt once and inspect many times with load balancing and flexible explicit and transparent proxy deployment Data breaches are costly SSL traffic renders security devices ineffective; decrypting SSL traffic slows down firewalls To ensure you’re not the next victim, deploy an SSL inspection platforms $

Thank you