Gigamon says it can analyze attacker SSL traffic without hitting performance

Encrypting data traffic is mandatory for safeguarding information. But when attackers use encryption to mask their activity, it can be hard for enterprises to figure out what they're stealing.

Gigamon, based in Santa Clara, California, says it has developed a capability to deeply analyze all SSL/TLS (Secure Sockets Layer/Transport Layer Security) traffic.

SSL/TLS is the cornerstone of Web security, encrypting data between a client and a server. If the traffic is intercepted, it appears as gibberish unless the person has the corresponding private encryption key required to decrypt it.

Analyst Gartner predicts that attackers will increasingly use encryption in order to try to evade security products, from around 5 percent of network attacks using encryption today to 50 percent by 2017.

Many organizations now want to have visibility on the encrypted traffic, so are deploying SSL proxies, which are incorporated into a firewall or a load balancer, said Ananda Rajagopal, Gigamon's vice president for product management.

The proxy terminates the SSL session with a remote server and initiates a new one, which gives it an accessible private key, Rajagopal said. It means that all SSL traffic can now be analyzed for traits that might indicate an attack is underway.

Other security related vendors are using this method to look at the traffic and run checks, but it is done in-line or in-band, as the traffic is moving back and forth. Since that traffic is live, there is a limit on the amount of scans that can be done without impacting performance.

What Rajagopal said Gigamon has cracked is the ability to run many more security checks on the decrypted SSL traffic. Gigamon peels off SSL traffic and analyzes it without disrupting the flow of data by creating a copy of it and subjecting it to many more analyses.

"There is a limit in terms of how many tools can be deployed in band," Rajagopal said. "Your performance is as strong as the weakest link."

In-line products tend to only have a firewall, an anti-malware scan and intrusion protection system to maintain performance, Rajagopal said.

Read more from the original source:
Gigamon says it can analyze attacker SSL traffic without hitting performance