SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES



Similar documents
Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Zscaler Internet Security Frequently Asked Questions

The Benefits of SSL Content Inspection ABSTRACT

How To Secure Your Employees Online With Zscaler.Com And Your Website From Being Infected With Spyware Or Malware

Top 10 Reasons Enterprises are Moving Security to the Cloud

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

Protecting Your Network Against Risky SSL Traffic ABSTRACT

Enterprise Buyer Guide

Networking for Caribbean Development

Leveraging Symantec CIC and A10 Thunder ADC to Simplify Certificate Management

Meeting the Challenges of Virtualization Security

Secure Web Gateways Buyer s Guide >

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

Stop Spam. Save Time.


Symantec Protection Suite Add-On for Hosted and Web Security

Array Networks & Microsoft Exchange Server 2010

Fail-Safe IPS Integration with Bypass Technology

1110 Cool Things Your Firewall Should Do. Extending beyond blocking network threats to protect, manage and control application traffic

Secure SSL, Fast SSL

Database Security in Virtualization and Cloud Computing Environments

Stopping secure Web traffic from bypassing your content filter. BLACK BOX

INFORMATION PROTECTED

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Best Practices for Secure Remote Access. Aventail Technical White Paper

How To Control Your Network With A Firewall On A Network With An Internet Security Policy On A Pc Or Ipad (For A Web Browser)

SafeNet DataSecure vs. Native Oracle Encryption

Inspection of Encrypted HTTPS Traffic

CMPT 471 Networking II

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version and earlier

Basics of Internet Security

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

How To Get The Most Out Of Your From Your Mail Server (For A Small Business)

ZSCALER SECURITY CLOUD FOR LARGE AND MEDIUM ENTERPRISE

Top tips for improved network security

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

The enemy within: Stop students from bypassing your defenses

Database Security, Virtualization and Cloud Computing

Barracuda Web Site Firewall Ensures PCI DSS Compliance

On and off premises technologies Which is best for you?

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Trend Micro Hosted Security Stop Spam. Save Time.

Integrated SSL Scanning

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

PULSE SECURE FOR GOOGLE ANDROID

Load Balancing Security Gateways WHITE PAPER

Securing Your Business with DNS Servers That Protect Themselves

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Healthcare Security and HIPAA Compliance with A10

Achieve Deeper Network Security and Application Control

Endpoint Protection Small Business Edition 2013?

Protect Your Business and Customers from Online Fraud

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Table of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index

Internet threats: steps to security for your small business

Defending Against Cyber Attacks with SessionLevel Network Security

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

The Hillstone and Trend Micro Joint Solution

Masters Project Proxy SG

Unified Security, ATP and more

E-Guide. Sponsored By:

Endpoint protection for physical and virtual desktops

Next-Generation Firewalls: Critical to SMB Network Security

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

HTTPS Inspection with Cisco CWS

Putting Web Threat Protection and Content Filtering in the Cloud

Introducing IBM s Advanced Threat Protection Platform

Introduction: 1. Daily 360 Website Scanning for Malware

A Survey on Cloud Security Issues and Techniques

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White paper. How to choose a Certificate Authority for safer web security

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

Intro to Firewalls. Summary

Guest Speaker. Michael Sutton Chief Information Security Officer Zscaler, Inc.

Zone Labs Integrity Smarter Enterprise Security

OVERVIEW. Enterprise Security Solutions

How To Protect Your Mobile Device From Attack

Trust Digital Best Practices

Transcription:

SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES

Contents Introduction 3 SSL Encryption Basics 3 The Need for SSL Traffic Inspection 4 How SSL Inspection Works 4 The Upgrade from 1024 to 2048-bit SSL Certificates 4 Is It Time to Move to the Cloud for SSL Inspection? 5 How Zscaler Secures Enterprises 6 How It Works 7 For More Information 8 About Zscaler 8 Zscaler SSL Encryption and Traffic Inspection 2

Introduction 2048-bit SSL encryption certificates have finally arrived. The good news is that the Internet will be much more secure. The bad news is that it will require substantially more processing power from your enterprise to manage the larger encryption keys. Hopefully, your organization is already prepared for this advanced level of security. But if you are still relying on an appliance-based proxy solution, you may have found the upgrade experience to be time-consuming, complex, and expensive. Now there s a better way to provide SSL encryption and traffic inspection without the frustrations and expense of doing it on your own. SSL Encryption Basics SSL (Secure Sockets Layer) is the encryption standard used to protect Internet communications in transit. In order to keep sensitive information secure, SSL establishes an encrypted link between a Web server and a browser. When an SSL certificate is used, the information becomes unreadable to everyone except for the server the information was sent to. This protects the information from hackers and other malicious individuals. The use of SSL encryption is rapidly expanding. According to industry analysts, the volume of SSL traffic will grow from approximately 5 exabytes (or 5 billion gigabytes) of data per year today, to nearly 15 exabytes in 2016. Ten years ago, SSL certificates were used primarily for banking and other secure transactions. SSL certificates are now being used to provide full coverage across enterprise apps, Webmail, social networking sites, and all of the leading search engines. 45,000 SSL Traffic Growth Data courtesy of Sandvine* Global Internet Phenomena Report - 2H 2012 40,000 Exabytes per Year 35,000 30,000 25,000 20,000 15,000 10,000 5,000 0 2012 2013 2014 2015 2016 2017 2018 Sandvine GIPR Project Coyote Point Project Zscaler SSL Encryption and Traffic Inspection 3

The Need for SSL Traffic Inspection In the early days of the Internet, servers were the primary target of hackers. The attacker s goal was to bypass the company firewall and then compromise key enterprise systems in the datacenter. Attacks on servers are now rare, since datacenters and consolidated servers utilize much more sophisticated security systems. The preferred attack vectors for hackers has now shifted to individuals. Mobile users access their company s resources from the Internet, from a variety of different locations, across a range of different devices. These users and their mobile devices are now the easiest way for hackers to get into the enterprise. Although SSL is a very effective protocol for securing the communication of legitimate traffic, it is important to note that malware can also be delivered over SSL. Since malicious code can hide inside SSL tunnels, enterprises need the ability to inspect all incoming SSL traffic in order to identify botnets, viruses, phishing attacks, and other potentially harmful attacks. In addition to stopping hackers, SSL inspection is also useful when an enterprise wants to know what its employees are intentionally or accidently sending out of the organization. For example, individuals who are using SSL-encrypted Yahoo mail may be exposing company passwords, personal information, or financial data. SSL inspection is also needed for compliance, to ensure that employees are not putting the organization s confidential data at risk. REMOTE HACKER PROTECTED NETWORK REMOTE USER How SSL Inspection Works In order to perform SSL inspection, users connect to the enterprise inspection appliance, where the information is de-encrypted. After the inspection is complete, the data is re-encrypted and sent on to its intended destination. The challenge for enterprises is that SSL traffic inspection requires a significant amount of computational power. Many enterprises have chosen to use Web proxy appliances for SSL inspection. But since the processes are so CPU intensive, they can significantly slow Web traffic for organizations that are unable to scale their infrastructure to meet demand. The Upgrade from 1024 to 2048-bit SSL Certificates In order to strengthen encryption standards, the Certification Authority/Browser (CA/B) Forum and the National Institute of Standards and Technology recently mandated the switch from 1024-bit RSA keys to 2048-bit RSA keys for all SSL traffic. Going from 1024-bit to 2048-bit encryption was great for security, since the longer keys are harder to compromise. But the added security boost came with a significant performance penalty. The 2048-bit security mandate resulted in an 80% drop in performance for Web servers and proxies using SSL. Zscaler SSL Encryption and Traffic Inspection 4

Organizations relying on appliance-based proxy solutions were faced with time-consuming and complex hardware and infrastructure upgrades in order to scale capacity for the 2048-bit keys. In addition, upgrading all of the hardware cards and accelerators required many enterprises to cycle down their hardware, taking key systems offline during critical business windows, including holiday seasons for many retailers. So what happens if an enterprise didn t upgrade to 2048-bit encryption? The browser community and OS vendors will no longer support 1024-bit certificates after the switch to 2048-bit certificates after January 1, 2014. If an enterprise still uses 1024-bit certificates, its clients and prospects will see a flood of pop ups and warnings that the site s security certificates are no longer valid. It will appear to users that the site may have been compromised, leading to decreased consumer confidence and an increase in customer support issues. 1024 BIT 80 % PERFORMANCE DROP 2048 BIT ALL EXISTING 1024-BIT CERTIFICATES MUST BE REPLACED WITH 2048-BIT SSL CERTIFICATES BY DECEMBER 31, 2013 Is It Time to Move to the Cloud for SSL Inspection? If the move to 2048-bit encryption was a challenging and expensive process for your organization, take a moment to answer these questions: Can your existing proxy solution effectively secure all of your mobile users sessions, from multiple devices, and from distributed office locations? Are your cloud applications, including Office365, Box, Google Apps, etc., becoming bottlenecked by your appliance-based solution? Are you able to easily scan and inspect all of your incoming and outgoing SSL traffic? Do your appliances have enough processing power to handle the increased SSL interception demands that came with the 2048-bit certificates? Can you upgrade your appliances easily, cost effectively, without incurring any downtime for your business-critical applications? If the answer to any of these questions is no, it s time to check out the Zscaler Direct-to-Cloud Network. Zscaler SSL Encryption and Traffic Inspection 5

How Zscaler Secures Enterprises Zscaler s Direct-to-Cloud Network enables enterprises to route all Internet and cloud-bound traffic through a globally deployed cloud infrastructure without having to manage all of the costly hardware and software required by appliance-based proxy solutions. The Zscaler cloud service offers compelling flexibility, economics, and simplicity, without compromising the enterprise s existing security capabilities and requirements. Zscaler designed its global security cloud with ultra-fast proxies, which it makes available to its customers on-demand. In addition, Zscaler has already completed its transparent migration of its worldwide cloud infrastructure to enable 2048-bit SSL traffic inspection, upgrading its SSL processing capacity by over 2,500 percent. Zscaler provides secure access to leading cloud, mobile, and social applications from the cloud. Zscaler SSL Encryption and Traffic Inspection 6

How It Works Getting started with the Zscaler Direct-to-Cloud Network is fast and simple. The enterprise s network administrator sets up policy and launches it on the Zscaler cloud through a simple yet comprehensive web interface. The policies are made available instantly across Zscaler s global network. All cloud and Internet-bound traffic is then forwarded to Zscaler s cloud network where the policies are applied. Once the cloud and Internet is accessed, the Zscaler network scans all traffic for threats and protects business networks from malicious intent. All traffic that is determined to be safe goes through quickly to its destination. Any traffic that is denied will return a notice of denial to the user. And finally, the Zscaler Direct-to-Cloud Network provides instant access to executive summaries and drill-down information for detailed investigations and reviews. REGIONAL OFFICE REMOTE OFFICE HOME OFFICE INTERNET ENFORCE POLICE BI-DIRECTIONALLY SAME POLICY FOR MOBILE USERS FORWARD TRAFFIC ADMINISTRATOR REAL-TIME VISIBILITY DEFINE POLICY AT A CENTRAL PORTAL HEADQUARTERS ON-THE-GO USERS Zscaler SSL Encryption and Traffic Inspection 7

For More Information Zscaler Direct-to-Cloud Network is the ideal solution for organizations that find themselves challenged by the inadequacy of their appliance-based security solutions and the transition to SSL 2048-bit encryption. For more information on the Zscaler Direct-to-Cloud Network, contact your Zscaler representative for a demonstration, or visit us at www.zscaler.com About Zscaler Zscaler is transforming enterprise networking and security with the world s largest Direct-to-Cloud Network, which securely enables the productivity benefits of cloud, mobile and social technologies without the cost and complexity of traditional on-premise appliances and software. The Zscaler Direct-to-Cloud Network processes daily more than 12 billion transactions from more than 12 million users in 180 countries across 100 global data centers with near-zero latency. Learn why more than 4,500 global enterprises choose Zscaler CONTACT US Zscaler, Inc. 110 Baytech Drive, Suite 100 San Jose, CA 95134, USA +1 408.533.0288 +1 866.902.7811 www.zscaler.com FOLLOW US facebook.com/zscaler linkedin.com/groups/zscaler twitter.com/zscaler youtube.com/zscaler blog.zscaler.com Zscaler, and the Zscaler Logo are trademarks of Zscaler, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information