organizations to see inside traffic encrypted with an ephemeral key
Ixia, a leading provider of network test, visibility, and security solutions, announced the addition of its Active SSL™ technology to its SecureStack™ feature set, a key component of the company’s Security and Visibility Intelligence Framework. Active SSL enables organizations to see inside traffic encrypted with ephemeral key to ensure the security of their networks.
According to Gartner, “in 2016, industry reports estimate that encrypted traffic — HTTPS — represents 30% to 40% of enterprise web traffic, growing steadily compared to 2015. Already, Gartner clients frequently face web traffic of which more than 50% is encrypted, with peaks at more than 70% in financial and legal sectors… Through 2019, more than 80% of enterprises’ web traffic will be encrypted.” Securing a network requires comprehensive visibility into all traffic, which necessitates the ability to decrypt traffic that uses ephemeral key encryption mandated by the new TLS1.3 standard.
To address this growing challenge, Ixia has expanded the company’s SecureStack feature with its Active SSL technology, which interoperates with all other stack features including identification and filtering, deduplication, and timestamping. The solution, which can be used for inline or out of band deployments, has a dedicated cryptographic processor, as well as built-in reporting and policies that provide leading cipher support, real-time insights, and SSL inspection.
Active SSL also provides forward secrecy to protect past and future data exchanges with ephemeral keys. With Ixia’s Active SSL, ephemeral key traffic is unencrypted, inspected, and then re-encrypted through an intuitive, easy-to-use platform, before being returned to the network.
“With the TLS 1.3 standard implementing ephemeral keys, organizations will find decrypting and inspecting encrypted traffic to be more complex and resource intensive,” said Dan Conde, analyst, at ESG. “Solutions like Ixia’s Active SSL will enable organizations to gain visibility into their current network traffic efficiently, with less disruption to their networks, as well as their monitoring tools and security devices.”
Key customer benefits of Ixia’s new Active SSL capability include:
Purpose-built to offload the encryption overhead from security tools, improving overall performance
- Offers 1, 2, 4, and 10G capacity options
- Includes a dedicated cryptographic processor
- Provides inline and out-of-band capabilities
- Compatible with all Ixia visibility intelligence filtering capabilities
Reporting and built-in policies deliver actionable information to rapidly detect and resolve problems
- Supports all leading ciphers
- Offers policy-based SSL inspection
- Includes URL categorization
- Provides SSL parameters
“Encryption is a double-edged sword for networks. While it allows for the protection of data from nefarious actors, it also enables the same nefarious actors to hide their activity from monitoring tools and the IT professionals deploying them,” said Scott Register, Vice President of Product Management at Ixia. “Ixia’s Active SSL can be used to decrypt data once, and then allow processing by as many tools as needed, improving speed and latency of security solutions.”
Ixia’s Active SSL will be available via a high-performance application module that is compatible with the company’s Vision ONE™ network packet broker, a turnkey device that provides high-performance, lossless visibility.
Ixia’s Vision ONE network packet broker enables organizations to maintain security as well as identify and resolve performance problems across physical and virtual infrastructures from a single platform. Whether fighting against threats hidden in encrypted traffic, or feeding the right data to the right forensic solution, Vision ONE boosts network protection without negatively impacting performance.