Encrypted traffic is a real security issue for companies that cannot spot hidden threats under the “coverage” of SSL / TLS. When traditional firewall fails to deal with the situation, Datanet Systems specialists recommend integrating F5 SSL Orchestrator and Cisco Firepower solutions into a coherent advanced protection system.
The fact is that in 2018, the share of encrypted traffic generated reached about 80%, twice as much as in 2014. Doubling the volume in just five years should, in theory, indicate an increase in the level of Security, but hackers are also increasingly appealing for encryption in order to conceal their attacks. For example, “Cisco Annual Cybersecurity Report” shows that last year encrypted traffic used for malware had tripled compared to the previous year. In this context, security officials increasingly feel the need for solutions to ensure visibility of encrypted traffic on the one hand and effective protection against detected threats on the other.
Where problems arise
Decrypting traffic, inspecting and retrieving it with the use of a single solution generates a substantial increase in CPU load. According to the tests carried out last year by NSS Labs, the decryption / re-encryption operations lead to:
- downgrading the solution’s performance by up to 60%;
- diminishing connection rates by up to 92%;
- Up to 672% increase in response time.
But this is not the only problem raised by the examination of encrypted traffic. Moreover, not all SSL / TLS traffic needs to be analyzed because the decryption / re-encryption process exposes critical data to the risk of Man-in-the-Middle (MITM) attacks. However, in the case of organizations with advanced security architectures, effective traffic inspection is carried out by several Next Generation Firewall (NGFW) security products, Intrusion Prevention systems, Web Application Firewall, Data Loss Prevention scanners, etc. – grouped in a sequence. Manually setting up these “chain” solutions and targeting traffic flows implies an uninterrupted operational effort, due to network changes and types of traffic.
F5-Cisco, the winning tandem
Datanet Systems’ solution to these challenges is to integrate the F5 SSL Orchestrator – Cisco FirePower, a tandem already established in the industry, with validated efficiency in many implementations. The benefits are brought by the competitive advantages of each solution, their integration ensuring extensive coverage of the issues related to encrypted traffic management.
Cisco FirePower is a Frost & Sullivanan award-winning top NGFW solution (“Market Leadership Award” in the Global Network Firewall Market) and was nominated as “2018 Gartner Magic Quadrant for Enterprise Network Firewalls”. (The solution also received in 2018 the “Gartner Peer Insights Customers Choice” distinction, awarded by end users.)
According to specialists, FirePower stands out through a series of innovative features for the NGFW solution category:
- Advanced protection against exploitation of security breaches, by using the Talos threat intelligence service;
- Integrated Next-Generation Intrusion Prevention System (NGIPS);
- Contextual threat analysis functionality;
- Monitor and control the file trajectory across the entire network;
- Intelligent prioritization of security alerts
- Automatic application of security policies across the entire network.
By integrating with the F5 SSL Orchestrator, FirePower’s ability to prevent and eliminate threats is harnessed at a higher level. The main reason of this advantage is that F5 takes charge of the decryption process before distributing it, using advanced hardware acceleration technologies. Eliminating the risk of overloading allows Cisco FirePower to work more efficiently and scale up, at no additional cost, according with the evolution of traffic volume.
A second element that contributes to the efficiency of this “tandem” is the orchestration role played by the F5 product. SSL Orchestrator identifies and separates traffic categories (using an analytical engine that carries out classifications based on the nature of the traffic, its origin, domain name, IP reputation, geolocation, content category, etc.), managing it in accordance with the specific policies of each organization.
For example, encrypted traffic flows generated by Internet banking applications are excluded from decryption to eliminate the risk of interception of sensitive data. Administration rules can also be defined and applied according to the specific roles within organizations – outbound traffic on the system administrators workstations can be analyzed by directing it to a number of security applications, while the one generated by the top management can be excluded from detailed control.
What are the benefits?
The integration of F5 SSL Orchestrator and Cisco FirePower helps increase operational efficiency and reduce administrative costs by the following:
- Traffic is decrypted, respectively re-encrypted, only once;
- Facilitates the creation of “security chain” products, through which traffic is directed to be examined;
- Determines what type of traffic should be decrypted / re-encrypted and sent for examination;
- Automatically applies policies defined for each category of traffic;
- Orchestrates and directs SSL and non-SSL traffic dynamically;
- Centralizes and simplifies the management of certificates and encryption keys;
- Compatible with the latest encryption protocols (TLS 1.3, ATS, PFS);
- Supports multiple deployment templates at the same time (TAP, Web proxies, ICAP, inbound layer 2/3, outbound layer 2/3, etc.)
- Ensures compliance with the organization’s internal requirements and policies;
- Facilitates profitable investments made in existing security solutions.
The integrator, an indispensable condition
In order to turn all the benefits into material gains, it is necessary to have the support of an implementation partner who knows how to capitalize on the competitive advantages of the two solutions, by integrating them. Datanet Systems has the advantage of having expertise both in F5 and Cisco technologies, as well as in security solutions, with several implemented projects with multi-vendor architectures and critical infrastructure.
On March 20th 2019, Datanet Systems will hold the “SSL visibility with F5 SSL Orchestrator and Cisco FirePower” presentation at the F5 Solutions Day event, organized by F5 and Veracomp Europe distributor.
Location: Stejarii Country Club, 9.00 hours.
The event is addressed to professionals in cybersecurity, for registration please send an email to firstname.lastname@example.org