E - PAPER FEBRUARY 2014

Next-Gen
Security
SSL decryption and inspection keeps attackers
away from your data and out of your network.
14010 6 9

Network Security
U B M T EC H •• N E X T- G EN S ECU R I T Y

SSL is sandwiched between the underlying message, agreeing to use a specific key
transport protocol (TCP) and an applica- exchange algorithm. To authenticate itself,
tion or website, protecting data while it’s in the recipient’s server presents a certificate
motion by creating an encrypted channel that contains its identity information, the
over the public Internet or a private network. validity period and additional public key
At the same time, SSL provides a way for details. The certificate is signed by a well-
users to make sure the data’s final destina- known trusted issuer, such as VeriSign, that
tion is what it purports to be and the client can independently verify
not that of a hacker spoofing against third-party digital cer-
a well-known or trusted tificates it has preinstalled to
destination. This encrypted
25% to 35% make sure that the incom-

T
oday between 25 and 35 percent channel is a communica- ing traffic is trustworthy.
of enterprise traffic is secured tion avenue that keeps The amount The public key that the
using the secure sockets layer (SSL) data from being captured of network traffic recipient’s server provides
protocol, according to NSS Labs. In some or compromised. SSL can using SSL is used by the client to
vertical industries SSL traffic comprises be found within most Web — NSS Labs encrypt secret information
as much as 70 percent of network traffic. browsers and servers, and that’s sent to the server as
This is expected, since SSL is commonly it’s there that the SSL process part of a handshake message;
used for everything from e-commerce to originates. the recipient’s server keeps a cor-
online banking. More recently, however, The data sender initiates the SSL pro- responding private key to itself. Only the
cybercriminals have started using SSL cess with a “handshake.” The client sends recipient’s server can decrypt the message
to hide their attacks. That turn of events a hello message containing three elements the client sends, using its corresponding
has CIOs and other security professionals — the key exchange method, cipher and private key, to obtain the secret information.
looking to SSL decryption and inspection hash — that essentially help the sender and This secret information is then used by both
technologies to improve enterprise security recipient agree on an encryption method. client and server to independently derive
and reduce risk. The recipient’s server responds with its own the keys used to subsequently encrypt

Get more information about the Dell SuperMassive Series here

1 2 3 4 5 6
U B M T EC H •• N E X T- G EN S ECU R I T Y

Next-Gen Security in Action

Next-generation firewalls intercept the keys exchanged during the SSL process, and then open and decrypt SSL traffic to
look for threats. Network traffic is inspected for nefarious activity, before being re-encrypted and sent to the recipient.

and decrypt traffic between them. Once it difficult for anyone but the intended recipi- applications. Browser add-ons that can force
the handshake is complete, data can be ent to access that data. While websites and the use of SSL via HTTPS are also available.
encrypted and sent. FTP and telnet servers were the original users
This process is the reason that SSL can of SSL, today a wide variety of applications use Hidden Threats
enable e-commerce and online banking. the protocol, including Java-based applica- The ubiquitous use of SSL to improve secu-
Crucial and sensitive data such as credit card tions, application management services and rity in one respect may be detrimental to
information, user names and passwords are cloud-based services. Facebook and Twitter overall enterprise security. SSL can “create
encrypted and transported in a way that makes are two of the most popular SSL-enabled ‘blind spots’ that can actually reduce security

Click here to learn more about Dell’s Connected Security solutions

1 2 3 4 5 6
U B M T EC H •• N E X T- G EN S ECU R I T Y

on corporate networks because network frequently to hide malware as it is being identify and eliminate SSL-encrypted attacks.
security products and other defenses may downloaded or to communicate with com- According to the Gartner IT Glossary (see
not be able to monitor SSL traffic effectively mand-and-control servers. These situations www.gartner.com/it-glossary/next-generation-
or efficiently,” according to NSS Labs. create a huge threat to the enterprise, since firewalls-ngfws), “Next-generation firewalls are
Criminals are capitalizing on these blind SSL-encrypted attacks are likely to have a very deep-packet inspection firewalls that move
spots, creating malware that leverages SSL high success rate. If the compromised host is beyond port/protocol inspection and blocking
and opens doors directly into the corpo- using encrypted communications via to add application-level inspection,
rate network. By using SSL to hide attacks, its own SSL certificate to send intrusion prevention, and bringing

75%
criminals can bypass firewalls or other net- and receive information from intelligence from outside the
work security solutions, such as malware the client, many traditional firewall. An NGFW should
prevention and intrusion prevention sys- firewall security solutions not be confused with a
tems. In addition, botnets and Trojans are will let that traffic travel stand-alone network intru-
increasingly using SSL to hide command- unexamined. Percentage sion prevention system
and-control traffic that lets hackers connect of cyberattacks (IPS), which includes a com-
to and control compromised systems from Next-Gen Security that are opportunistic modity or nonenterprise
virtually anywhere. One of the most frighten- The number of SSL- — Verizon firewall, or a firewall and IPS
ing aspects of cyberattacks is that 75 percent encrypted attacks is likely to in the same appliance that are
of them are opportunistic, according to increase, since many organizations not closely integrated.”
Verizon’s “2013 Data Breach Investigations are not inspecting SSL traffic for mali- NGFWs intercept keys during
Report,” and most are financially motivated. cious code. Security professionals struggle with the exchange and use them to open and
This means that organizations of all sizes, a Catch-22: How can they leave the integrity decrypt SSL sessions in real time. Network
not just large enterprises, are at risk of and privacy of SSL communication intact while traffic is then inspected for exploits, mal-
becoming compromised. ensuring security of the network and the data ware and other nefarious activity before
Until recently SSL-encrypted attacks were that’s being exchanged? being re-encrypted and sent along to the
rare; today, however, many experts agree There are tools, such as next-generation user. If the NGFW finds a problem, the
that criminals are starting to use SSL more firewalls (NGFWs), that can help security pros threat is isolated and never enters the

Get more information about the Dell SuperMassive Series here

1 2 3 4 5 6
U B M T EC H •• N E X T- G EN S ECU R I T Y

network. Essentially, NGFWs act as a man-in-the-middle, intercepting client

T H E D E L L A D VA N TA G E
requests and replacing the server’s certificate with its own. The Dell SuperMassive Series Next-Generation
NGFW appliances can help boost overall network security due to their multi- Firewall delivers up to 40 Gbps of firewall
faceted benefits. Companies and other organizations should seek to offset the throughput, 30 Gbps of intrusion preven-
SSL risk by deploying technology that is able to detect command-and-control tion with application control and 12 Gbps of
traffic or malware callbacks via SSL. malware prevention. In addition to providing
However, as the amount of SSL traffic increases, the NGFW’s ability to intrusion prevention, malware prevention
handle that traffic decreases significantly. NGFW SSL decryption leads and application control, Dell NGFWs
to significant performance degradation, since most firewalls, includ- Real-world also decrypt and inspect SSL com-
ing many NGFWs, don’t have the power to do widespread analysis SSL decyption munications at a very high rate.
of SSL traffic. and inspection Dell’s NGFWs transparently
In fact, once the level of SSL traffic surpasses 50 percent of a net- testing by several decrypt, inspect and re-encrypt SSL
work’s traffic, the performance of the majority of NGFWs on the organizations has found traffic to allow security services to
market tanks, according to NSS Labs. Latency issues are no small be applied to all network traffic. In
some solid NGFW
problem, especially when you take into account that end-user experi- fact, the Dell SuperMassive E10800
performers.
ence can suffer if packet transport is slowed due to SSL decryption and NGFW had the highest rated trans-
inspection. actions-per-second (TSP) performance
These concerns lead some companies to skip SSL decryption and inspec- for onboard SSL decryption in a recent test,
tion completely, leaving their networks and users vulnerable. according to NSS Labs.
NetworkWorld also gave SuperMassive E10800
The Right Firewall high marks. It was able to decrypt and inspect SSL
”Less than 20 percent of Internet connections today are secured using NGFWs. By traffic at rates of up to 4.8 Gbps. In addition, it
year-end 2017, this will rise to 50 percent of the installed base,” according to Gart- successfully fielded 9.9 million connections at once
ner’s “Magic Quadrant Intrusion Prevention Systems” report. Given that, it’s clear
1
and handled as many as 5,800 simulated users
that many organizations are now starting to evaluate and assess NGFW offerings. without errors. The device was easy to use. And
Choosing a firewall that protects against SSL-obscured malware, however, most important, the SSL decryption and inspec-
tion lets it perform intrusion prevention, malware
prevention, application control, bandwidth man-
agement and content/URL filtering on SSL traffic.
Click here to learn more about Dell’s Connected Security solutions

1 2 3 4 5 6
U B M T EC H •• N E X T- G EN S ECU R I T Y

exceeds basic NGFW considerations while to SSL attacks and choose security offerings
also offering advanced security features and that can mitigate the most risks. After all,
superior scalability. you can stop only the attacks that you can
While nearly all of Dell’s network security see, and a good NGFW lets you block SSL-
appliances include SSL decryption technology, encrypted attacks as they happen.
the SuperMassive Series Next-Generation To learn more about the Dell SuperMassive
Firewalls are specifically designed for organi- NGFW series, visit www.dell.com/us/business/p/
zations with heavy traffic needs. They have a sonicwall-supermassive-series/pd. •
multicore high-performance archi- 1. Gartner: “Magic Quadrant for Intrusion
Prevention Systems;” Adam Hils, Greg Young,
tecture with specialized security Jeremy D’Hoinne; Dec. 16, 2013.

processors optimized for SSL threats

real-time SSL decryption are likely to
and inspection regard- Dell Network Security
increase, so it’s more
less of the port used. (For products are part of Dell’s
important than ever
more detail about Dell’s Connected Security solu-
to consider purchasing
SuperMassive Series, see tions for ensuring that
next-generation
can be a difficult task. Even vendors that story on p. 5.) customers won’t have to
claim to offer SSL decryption and inspec- Given that SSL threats
firewalls. sacrifice performance for
tion may not have the processing power to are likely to increase, it’s security. Dell Connected Secu-
handle the level of SSL traffic moving across more important than ever for rity gives organizations the power
a network today. businesses to consider purchasing to solve their biggest security and compliance
However, real-world testing by several orga- next-generation firewalls, such as Dell’s challenges today, while helping them better pre-
nizations has found some solid performers in SuperMassive Series with its outstanding pare for tomorrow. From the device to the data
the NGFW market. Dell’s offerings stand out protection and high-performance results. center to the cloud, Dell helps mitigate risks to
when it comes to SSL decryption and inspec- Organizations must carefully assess the level enable the business. For more information, visit
tion. Dell’s patented inspection technology of risk they’re willing to take when it comes www.software.dell.com/solutions/security/.

Get more information about the Dell SuperMassive Series here

© 2 014 UBM LLC. All right s reser ved.
1 2 3 4 5 6