Professional Documents
Culture Documents
Webinar 1518 Slides
Webinar 1518 Slides
Made possible by
Thanks to
1
9/6/2018
Why decrypt
How
Explicit proxy
Preview of Inline transparent
Key Points Challenges
Performance
Integration
Logistics
Security
Privacy
Encrypted
2
9/6/2018
Why Decrypt
Cloud usage
Time
If you can’t see into the payload of a packet all you know is
Source and destination IP and ports
Cadence, flow and volume
IP
TCP
Why Decrypt SSL
Application Data
3
9/6/2018
4
9/6/2018
Normal SSL
behavior
www
Enterprise
CA
5
9/6/2018
Performance
Challenges Integration
Logistics
Security
Privacy
6
9/6/2018
Scaling options
Performance Do the decryption once
Do it with dedicated hardware
Have the option to separate SSL de/encryption from security
technologies
7
9/6/2018
Explicit proxy
Integration
Integration
8
9/6/2018
once once
Enforce
Decrypt Security Re-encrypt
Integration +
Performance
+ Cost
9
9/6/2018
Nonstandard ports
Logistics Certificate pinning
Not just https
HTTPS, STARTTLS, SMTP, XMPP, POP3, SSH, SCP, sFTP
High availability
Certificate pinning
Certain desktop or mobile applications use hard certificate
pinning
Challenges Impossible for transparent or explicity proxies to decrypt
Decryption should be bypassed for applications required for
your business operation
positively confirmed that their certificates are pinned
Need a list of known websites and web applications that use
hard certificate pinning
10
9/6/2018
11
9/6/2018
See an
example in
Parth Jagirdar will demonstrate
action A10’s unique SSL decryption technology
how it provides performance and compliance
allows you to leverage any security technology you need
SSL Insight
Comprehensive SSL Visibility
Parth Jagirdar
Product Marketing Manager
12
9/6/2018
1.5 M
phishing sites
6 in 10
malware were
19X
Growth in risks due
WannaCry
150 countries -
introduced each month ransomware to Malvertising FedEx, Hitachi, UK NHS,
PetroChina
o Lawsuits
13
9/6/2018
SSL Visibility
Challenge
14
9/6/2018
AV / DLP
Internet
Secure Web APT IPS NGFW
Gateway
× Blazing Fast
Performance
Efficiency and
Scalability
Analytics,
Dashboards and
Wizards
15
9/6/2018
ICAP
AV / DLP
Internet
A10 Secure Web APT IPS NGFW A10
SSL Gateway SSL
Insight Insight
16
9/6/2018
SSL INSPECTION
Dedicated Up to 25 Gbps
Purpose built for Decrypt Across any FIPS 140-2 Level
Decryption throughput on single
complete SSL visibility port and protocol 3 compliance
Hardware rack unit with 2k
keys
EASE OF USE
17
9/6/2018
SSL/TLS SSL/TLS
SSH SSH
Internet
Thunder SSLi
Key Benefits
SaaS Use Case Reduce burden on security stack
Improve network performance
Improve user experience
Microsoft recommends this!
Secure Decrypt Zone
Internet
Thunder SSLi
SaaS Traffic
Encrypted Internet Traffic
36. CONFIDENTIAL | DO NOT DISTRIBUTE Decrypted Internet Traffic
18
9/6/2018
Quick Recap
o Summary- Thunder SSLi can provide full SSL visibility and dramatically
improve performance of your existing security stack at fraction of the cost
o Key Differentiators
• Complete SSL visibility
• Excellent performance
• Wizard based configuration and troubleshooting
• Centralized management and analytics
• Office 365/SaaS use case
• Preventive security
37. CONFIDENTIAL | DO NOT DISTRIBUTE
19
9/6/2018
Demo
20