Garland Technology ensures complete network visibility by delivering a full platform of network test access point (TAPs) and packet broker products
Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.
Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.
The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners
Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.
Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.
As today’s enterprises deploy more software to the cloud, while integrating software-as-a-service (SaaS) applications into their critical business infrastructure, the need for security and monitoring is obvious. With this need, SSL/TLS Decryption has become the security protocol designed to facilitate data security and privacy for internet communications. Heading into 2020, over 80 percent of internet traffic is being encrypted, including communication between web applications and servers, such as a web browser loading a website, to other communications such as email, messaging, e-commerce, banking, file storage, and voice-over IP (VOIP). Understanding how this affects your network performance and security strategy becomes imperative.
With the amount of today’s encrypted traffic, the importance of traffic inspection, balancing performance bottlenecks between tools, and protecting encrypted traffic is quickly becoming one of the top security architecture challenges.
SSL/TLS Decryption can seem complicated, so we’ll try to break this down and understand why to incorporate this into your security strategy.
The terms TLS and SSL are commonly used interchangeably as a reference to decryption. Now that we have that down, it is key to start understanding the differences of TLS and TLS 1.3. Through the evolution from SSL to TLS 1.2, there was a focus on maintaining backwards compatibility, attempting to eliminate vulnerabilities which meant bad protocol design was inherited in the newer versions. After five years of design and testing by the Internet Engineering Task Force (IETF), the Transport Layer Security (TLS) protocol Version 1.3 was published in August 2018. TLS 1.3 drew the line in the sand, abandoning backwards compatibility for proper security design significantly improving performance, privacy and security.
SSL/TLS creates a secure channel between a users’ computer and other devices as they exchange information over the internet, using three main concepts: encryption, authentication, and integrity to accomplish this. Encryption hides data being transferred from any third parties. Authentication ensures the parties exchanging information are confirmed, while verifying the integrity of the data has not been compromised or tampered with.
At a high level, this is accomplished using a handshake process. The client and server agree on an encryption key, which cypher to use during the session. After the handshake both endpoints have a symmetric key, and all subsequent transmissions are encrypted.
TLS 1.3 speeds up the handshake process, helping to prevent breaches of the server’s key from being used to decrypt historical data. It also eliminates the use of RSA and other non-PFS public key exchange algorithms, while encrypting the certificates used for handshakes. With these advances, these changes also complicate decryption performed by security and monitoring tools.
Due to the significant growth in encrypted traffic it’s easy to see why decryption is critical to securing today’s enterprise networks. With growing blind spots forming in encrypted traffic, SSL/TLS sessions are increasingly used to conceal malware, hide command-and-control traffic and cloak the exfiltration of stolen data, inadvertently camouflaging malicious traffic. Effectively exploiting the very technology used to make user data and privacy more secure.
TLS-protected HTTPS is quickly becoming a standard practice for websites in order to protect web applications from data breaches and DDoS attacks. With most traffic now being encrypted many security teams and security tools do not have visibility into this traffic, creating one of the biggest blind spots in an enterprise architecture.
While protecting data through decryption is critical for many data sensitive industries, addressing blind spots, performance and network latency from decryption now becomes an issue for your security and monitoring tools.
Security tools including next-gen firewalls (NGFW), web application firewalls (WAF), web security gateways, IPS and data-loss prevention systems, all need the proper traffic to function and protect. While most tools may offer decryption capabilities, this “built-in” functionality leads to straining performance and introducing latency. Each device running decryption and encryption is processor-intensive, taking away resources from the security tools main function, adding latency and slowing the user experience.
These issues also persist in out-of-band and cloud analytics and performance monitoring tools. Hidden packet header and payloads, obscure performance, behavior, and trend data measurement and analysis.
Internal bypass software sounds good in theory, but if the device goes down, you still have to replace it and take the link down, creating a single point of failure. Not to mention adding internal or built-in bypass options to your inline tool tends to cost more than your external option. An external bypass prevents that SPOF possibility, while also providing a host of benefits. No maintenance windows, imagine that. Operation isolation and tool sandboxing means you can easily take tools out-of-band for updates, installing patches, maintenance or troubleshooting to optimize and validate before pushing back inline.
Looking to add inline security solutions, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.
Jerry Dillard leverages two decades in design and engineering to ensure maximum performance within today’s network environments. Dillard, as the inventor of the Bypass Network Test Access Point (TAP), has secured his legacy as he continues to provide network solutions for data centers worldwide.