Gigamon says it can analyze attacker SSL traffic without hitting performance

Attackers are increasingly using SSL to encrypt data they steal, which poses challenges for security

Encrypting data traffic is mandatory for safeguarding information. But when attackers use encryption to mask their activity, it can be hard for enterprises to figure out what they're stealing.

Gigamon, based in Santa Clara, California, says it has developed a capability to deeply analyze all SSL/TLS (Secure Sockets Layer/Transport Layer Security) traffic.

SSL/TLS is the cornerstone of Web security, encrypting data between a client and a server. If the traffic is intercepted, it appears as gibberish unless the person has the corresponding private encryption key required to decrypt it.

Analyst Gartner predicts that attackers will increasingly use encryption in order to try to evade security products, from around 5 percent of network attacks using encryption today to 50 percent by 2017.

Many organizations now want to have visibility on the encrypted traffic, so are deploying SSL proxies, which are incorporated into a firewall or a load balancer, said Ananda Rajagopal, Gigamon's vice president for product management.

The proxy terminates the SSL session with a remote server and initiates a new one, which gives it an accessible private key, Rajagopal said. It means that all SSL traffic can now be analyzed for traits that might indicate an attack is underway.

Other security related vendors are using this method to look at the traffic and run checks, but it is done in-line or in-band, as the traffic is moving back and forth. Since that traffic is live, there is a limit on the amount of scans that can be done without impacting performance.

What Rajagopal said Gigamon has cracked is the ability to run many more security checks on the decrypted SSL traffic. Gigamon peels off SSL traffic and analyzes it without disrupting the flow of data by creating a copy of it and subjecting it to many more analyses.

"There is a limit in terms of how many tools can be deployed in band," Rajagopal said. "Your performance is as strong as the weakest link."

In-line products tend to only have a firewall, an anti-malware scan and intrusion protection system to maintain performance, Rajagopal said.

Gigamon runs the copied SSL traffic through what it calls its "Visibility Fabric," which runs a range of checks, including intrusion detection, anti-malware, file activity monitoring, customer experience management, security information and event management, data loss prevention as well as network and application performance management checks.

Visibility Fabric is network-agnostic and can take data feeds for analysis from a variety of products from other vendors, including Gigamon partners such as FireEye, Cisco's SourceFire, Imperva and Palo Alto Networks, among others, Rajagopal said.

The SSL application, which will be sold as a license for Gigamon's Visibility Fabric, will be available in the second half of November, he said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags data protectionGigamon

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Brand Post

Bitdefender 2019

Taking cybersecurity to the highest level and order now for a special discount on the world’s most awarded and trusted cybersecurity. Be aware without a care!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?