Ixia, a leading provider of network test, visibility, and security solutions, announced the addition of its Active SSL™ technology to its SecureStack™ feature set, a key component of the company’s Security and Visibility Intelligence Framework. Active SSL allows organizations to inspect or observe traffic encrypted with ephemeral key to ensure the security of their networks.
According to Gartner, “in 2016, industry reports estimate that encrypted traffic — HTTPS — represents 30% to 40% of enterprise web traffic, growing steadily compared to 2015. Already, Gartner clients frequently face web traffic of which more than 50% is encrypted, with peaks at more than 70% in financial and legal sector. Through 2019, more than 80% of enterprises' web traffic will be encrypted.” Securing a network requires comprehensive visibility into all traffic, which necessitates the ability to decrypt traffic that uses ephemeral key encryption mandated by the new TLS1.3 standard.
Ixia has expanded the company’s SecureStack feature with its Active SSL technology, which interoperates with all other stack features including identification and filtering, deduplication, and timestamping to address this growing challenge. The solution, which can be used for inline or out of band deployments, has a dedicated cryptographic processor, as well as built-in reporting and policies that provide leading cipher support, real-time insights, and SSL inspection.
Active SSL also provides forward secrecy to protect past and future data exchanges with ephemeral keys. By using this, ephemeral key traffic is unencrypted, inspected, and then re-encrypted through an intuitive, easy-to-use platform, before being returned to the network.
“With the TLS 1.3 standard implementing ephemeral keys, organizations will find decrypting and inspecting encrypted traffic to be more complex and resource intensive,” said Dan Conde, analyst, at ESG. “Solutions like Ixia’s Active SSL will enable organizations to gain visibility into their current network traffic efficiently, with less disruption to their networks, as well as their monitoring tools and security devices.”
Key customer benefits of Ixia’s new Active SSL capability include:
Purpose-built to offload the encryption overhead from security tools, improving overall performance
Offers 1, 2, 4, and 10G capacity options
Includes a dedicated cryptographic processor
Provides inline and out-of-band capabilities
Compatible with all Ixia visibility intelligence filtering capabilities
Reporting and built-in policies deliver actionable information to rapidly detect and resolve problems
Supports all leading ciphers
Offers policy-based SSL inspection
Includes URL categorization
Provides SSL parameters
“Encryption is a double-edged sword for networks. While it allows for the protection of data from nefarious actors, it also enables the same nefarious actors to hide their activity from monitoring tools and the IT professionals deploying them,” said Scott Register, Vice President of Product Management at Ixia. “Ixia’s Active SSL can be used to decrypt data once, and then allow processing by as many tools as needed, improving speed and latency of security solutions.”
Ixia’s Active SSL will be available via a high-performance application module that is compatible with the company’s Vision ONE™ network packet broker, a turnkey device that provides high-performance, lossless visibility.