Presentation is loading. Please wait.

Presentation is loading. Please wait.

Uncover Threats in SSL Traffic with SSL Insight

Published byShanon Lester Modified over 6 years ago

Similar presentations

Presentation on theme: "Uncover Threats in SSL Traffic with SSL Insight"— Presentation transcript:

1 Uncover Threats in SSL Traffic with SSL Insight
November, 2015 Stephen Shapiro Regional Sales Director NY Metro

2 World’s Largest Data Breaches
Impact of a Breach: Investigation and notification costs Brand damage Lost revenue Regulatory fines Lawsuits Source: Source: Information Is Beautiful

3 Cyber Threats Hidden in SSL Traffic
67% 50% 80% of Internet traffic will be encrypted by 2016 of attacks will use encryption to bypass controls by 2017 of organizations with firewalls, IPS, or UTM do not decrypt SSL traffic Sources: Sandvine Internet Phenomena Report “Security Leaders Must Address Threats From Rising SSL Traffic,” 2013

4 100%? 67% 25-35% SSL Traffic Is Increasing… In 2016 In 2013 4
Source: Sandvine 4

5 Reasons Why More Organizations Are Encrypting Traffic
Snowden revelations of NSA snooping Disclosures in 2014 that governments were injecting surveillance software in web traffic YouTube and Microsoft Live used as conduits to inject malware Both now encrypt traffic Google ranks SSL sites higher for SEO Source: Washington Post As a result “Google and Microsoft executives said they are accelerating previous plans to encrypt” traffic Source for picture: Application owners are adding SSL support to improve Google search engine ranking.

6 Solutions are Failing Despite $71.1B investment in security
Next Gen Firewall Network Forensics Secure Web Gateway Data Loss Prevention Intrusion Detection & Prevention Network Access Control Advanced Threat Prevention Unified Threat Management SIEM SOURCE: Information Security, Worldwide, , 2Q14 Update, Gartner 

7 Attacks that Can Hide in SSL Traffic

8 Infiltration and Attacks
Malvertising delivered over SSL-encrypted Adtech networks Malware distributed via social media Malware sent as attachments in and instant messaging apps DDoS and Web app attacks Yahoo malvertising attack Facebook, Twitter, LinkedIn use SSL Koobface was a multimillion malware campaign that used Facebook Skype, Whatsapp, Snapchat encrypt IM Attackers can use SSL to bypass controls or overwhelm servers

9 Data Exfiltration Hidden in SSL
Insider Abuse Insiders can send sensitive data through web-based Gmail, Yahoo Mail, MS Live encrypt Insiders can upload sensitive files to file sharing services Box, Dropbox, iCloud, OneDrive encrypt data C&C Communications Malware-infected machines communicate to command & control servers via SSL China’s APT1, Zeus, Shylock, KINS and CryptoWall malware use SSL

10 How Malware Developers Exploit Encrypted Traffic
Bot Infection Hidden in SSL Traffic Data Exfiltration over SSL Malicious attachment sent over SMTPS Malicious file in instant messaging Drive-by download from an HTTPS site C&C = Command and Control Command and control server communication Stolen data sent via or to cloud storage sites Malware receiving C&C updates from social media sites

11 Security Infrastructure Inspects Traffic to Stop Attacks
ATP IPS Firewall DLP Network Forensics Accounting Engineering Sales & Marketing Alert Alert Block Block z Sales & Marketing Accounting Engineering

12 Encryption Makes Security Devices Blind to Attacks
Anomalous Activity Data Exfiltration Network Forensics DLP Successful Attack Undetected Malware Accounting Engineering Sales & Marketing IPS ATP Firewall z Sales & Marketing Accounting Engineering

13 SSL Insight Uncover Threats In SSL Traffic

14 SSL Insight Difference
Flexible transparent and explicit proxy deployment modes 10x more performance SSL Insight Difference Scale security performance with load balancing

15 Eliminate the SSL Blind Spot with Compromising Performance
SSL Insight Benefit: Detect encrypted malware, insider abuse, and attacks in SSL/TLS traffic Client A10 Thunder ADC Internet Server Security Device Encrypted Decrypted SSL Insight Features: Full SSL visibility including ECDHE ciphers 10x more performance 40 Gbps max compared to 4 Gbps Load balancing to scale security infrastructure Transparent proxy or explicit proxy deployment ICAP support to decrypt traffic for DLP or AV scanners Dynamic port intercept of SSL traffic

16 URL Classification Service Powered by Webroot
Meet compliance by keeping sensitive data encrypted Block malicious sites with URL filtering* 460+ million domains 83+ website categories Web Classification Cloud Security Device Inspection and Protection URL Category Validation Thunder ADC Internet Server User * URL filtering supported in ACOS 4.1.0

17 CASE STUDY: Fortune 500 Healthcare Company
Customer Challenge Needed a high-performance solution that would enable FireEye IronPort, Palo Alto and other vendors to inspect SSL traffic Competitors: F5 and Blue Coat SOLUTION A10 Thunder appliances with SSL Insight URL Classification subscription WHY A10 Scalability and reliability: A10 was the only vendor that could meet the customer’s performance requirements Product expertise: A10 was the only company that answered company’s technical questions completely; customer required advanced SSL inspection features like URL classification and explicit forward proxy deployment

18 Government Case Study: Impact of Not Inspecting SSL
Background Organization had deployed security devices from many leading security vendors SSL traffic not inspected due to performance, scale, & complexity Result of Attack Attackers infiltrated network, installed malware, and stole data across multiple end-points Organization dropped internet connectivity for days, performed lengthy forensics and remediation FINDINGS: Network security tools could have prevented this attack if the tools had had visibility into SSL traffic ESTIMATED FINANCIAL COSTS Lost productivity and forensic investigation= Medium Cost Loss of intellectual property = High Cost

19 Ironclad Protection from the A10 Security Alliance
SSL Inspection and Scaling Advanced Detection & Analysis Programmatic Security Control Certificate Management Intelligence Authentication

20 SSL Inspection and Scaling Partners
A10 has validated and documented SSL Insight integration with leading security vendors FireEye NX IBM QRadar Incident Forensics RSA Security Analytics Trend Micro Deep Discovery Check Point Next Generation Firewall Cisco ASA and FirePOWER Cyphort Threat Defense Vectra S-series & X-series

21 Why Customer Choose A10 Best-in Class Performance
Advanced Security & Networking Features All-Inclusive Licensing and Support Flexible Cloud Deployment & APIs Data Center Efficient Design Gold Standard for Reliability and Support

22 SSL Insight Provides the Visibility You Need
Escalating Risks from SSL Traffic SSL Insight Value $ Data breaches are costly SSL traffic renders security devices ineffective; decrypting SSL traffic slows down firewalls To ensure you’re not the next victim, deploy an SSL inspection platforms Full SSL visibility to uncover attacks and prevent breaches C&C = Command and Control 10x More Performance Decrypt once and inspect many times with load balancing and flexible explicit and transparent proxy deployment

23 Thank you

24 Reference Architectures

25 SSL Insight – Inline Single Appliance Deployment
Firewall or Inline Security Device HTTP ADP 1 ADP 2 SSL SSL Secure Traffic Clear Traffic This deployment mode provides SSL visibility to an inline security device One partition decrypts SSL traffic and forwards it to security devices A second partition encrypts traffic L2 deployment

26 SSL Insight – Inline and Passive Mode Security Devices
SWG Secure Web Gateway SSL HTTP IPS/Firewall ATP / SIEM Client Secure Traffic Clear Traffic Open once and inspect multiple times Multiple security devices Inline (Layer 2) and passive (TAP) mode devices supported on SPAN/Mirror Port

27 SSL Insight – Network and Passive Mode Security Devices
ATP / SIEM SSL SSL HTTP HTTP Client SWG Secure Web Gateway IPS/Firewall Secure Traffic Clear Traffic Open once and inspect multiple times Multiple security devices Network (Layer 3) and passive (TAP) mode devices supported on SPAN/Mirror Port High availability (HA) Support

28 SSL Insight Inline Mode with Explicit Proxy
Firewall or Inline Security Device HTTP SSL (Explicit Proxy) ADP 2 ADP 1 ADP 3 SSL Client First A10 Partition Forwards the explicit proxy traffic to SSL; Connect Header is removed and destination IP is changed Second A10 Partition Forwards SSL traffic to HTTP and sends traffic to firewall for inspection Third A10 Partition Convert HTTP back to SSL HTTPS traffic is forwarded to destination

29 SSL Insight – ICAP topology
Data Loss Prevention(DLP) Reqmod/ Respmod Firewall or Inline Security Device SSL ADP 1 SSL ADP 2 This deployment mode provides an SSL visibility to an ICAP enabled DLP Requires an ICAP template bound to a vPort ICAP solution is based on RFC standard 3507 Configurable to work with internal and external Thunder devices

30 SSL Insight in Passive Inline with Explicit Proxy
ATP / SIEM Firewall/IPS HTTP SSL (Explicit Proxy) SSL ADP 2 ADP 1 ADP 3 Client This deployment mode offers explicit proxy configuration and supports multiple inline and passive (TAP) security devices Customers deploy in explicit proxy mode when they are replacing an existing explicit proxy or prefer it over our standard SSL proxy

31 Inline mode with Bypass Switch/AFO
Firewall or Inline Security Device HTTP ADP 1 ADP 2 SSL SSL Bypass Traffic Bypass Switch This deployment is standard inline mode with the option to deploy a bypass switch AFO-Active Failover Open- utilizes network traffic as a heartbeat. If the network heartbeat fails, the traffic will switch to bypass mode with network interruptions

32 Inline mode with Bypass Switch/AFO
Firewall or Inline Security Device HTTP SSL SSL Bypass Traffic Bypass Switch This deployment is standard inline (L2) mode in a multi-device deployment with a bypass switch option. AFO-Active Failover Open- utilizes network traffic as a heartbeat. If the network heartbeat fails, the traffic will switch to bypass mode with network interruptions

33 Additional Slides

34 Top Causes of Large-Scale Breaches
Advanced Persistent Threats Insider Abuse Malware 225,000 new malware strains detected per day 55% of abuse caused by users with legitimate access 66% believe their organization will be the target of APT Sources: PandaLabs Report Q | Verizon Data Breach Investigation Report | Mandiant, a FireEye company

35 SSL Insight Benefits 1 3 Security Uncover threats concealed in inbound and outbound SSL traffic Availability Faster server response time and automatic redundancy 2 4 Performance Relieves the security gateway and server of SSL tasks Scalability Scale server and security gateway capacity with integrated load balancing

36 Advanced SSL Insight Features
URL Classification for Bypass and Filtering Selective bypass of sensitive sites URL filtering to block malicious or undesirable sites in 4.1.0 Explicit Proxy and ICAP Explicit proxy is commonly used by Secure Web Gateways ICAP connectivity offers inline inspection for DLP & AV scanners SSL Insight for vThunder Lab Edition available in 4.0.3 General availability in 4.1.0 Bypass Traffic that Can’t Be Decrypted Dynamic SSL Insight bypass for client certificate traffic Auto-bypass and white lists

Download ppt "Uncover Threats in SSL Traffic with SSL Insight"

Similar presentations

Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Lisa Farmer, Cedo Vicente, Eric Ahlm

Lisa Farmer, Cedo Vicente, Eric Ahlm
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Palo Alto Networks Modern Malware Cory Grant Regional Sales Manager Palo Alto Networks.

Palo Alto Networks Modern Malware Cory Grant Regional Sales Manager Palo Alto Networks.
Maintaining a Secure Messaging Environment Across Email, IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.

Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.
Pre-Release Information Aug 17, 2009 Trend Micro Web Gateway Security InterScan Web Security Virtual Appliance v5 Advanced Reporting and Management v1.

Pre-Release Information Aug 17, 2009 Trend Micro Web Gateway Security InterScan Web Security Virtual Appliance v5 Advanced Reporting and Management v1.
Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.

Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Security fundamentals Topic 10 Securing the network perimeter.

Security fundamentals Topic 10 Securing the network perimeter.
Synchronized Security Revolutionizing Advanced Threat Protection

Synchronized Security Revolutionizing Advanced Threat Protection
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Similar presentations

Ads by Google