Problem
SSL encryption is the cornerstone technology that makes the Internet secure. Email, e-commerce, VoIP, online
banking, remote health, and countless other services are kept secure with SSL, but unfortunately the encrypted
traffic traverses the network uninspected. Many security and performance monitoring tools lack the ability to see
inside encrypted sessions. Monitoring application performance and network usage patterns becomes impossible
if you cannot determine which applications are running over the network. Even worse, malware can create SSL
sessions to hide its activity confident that security tools will neither inspect nor block the traffic. The very technology
that makes the web secure can also be a threat vector.
Of course, monitoring this traffic isn’t as simple as decrypting it and
passing it through one tool. Most modern networks have multiple inline
and out of band security and performance tools examining different
aspects of the traffic. For example, traffic may flow through a traditional
firewall, an IPS and a WAF or secure email gateway, as well as being
copied to an out of band SIEM or Network DVR. Building a solution to
decrypt traffic for each of these tools individually is inefficient
and expensive.
Another problem with “daisy-chained” tools – a series of security tools
that process the traffic in sequence and through which each packet
must pass – each tool presents another reliability, performance and
scalability risk for the enterprise due to the potential of tool failure.
And service interruptions triggered by maintenance activities may also
result in the monitored connection being interrupted. This means critical
activities are restricted to scheduled maintenance windows typically
taking place at exceptionally low-use time intervals (early mornings, late
evenings and/or weekends). There is a better way.
Partner: Gigamon
Partner Product: GigaSECURE
Blue Coat Product: SSL Visibility Appliance
Solution Overview: The Blue Coat SSL Visibility
Appliance and the Gigamon GigaSECURE Security
Delivery Platform
The Blue Coat SSL Visibility Appliance utilizes comprehensive policies
to decrypt and re-encrypt both inbound and outbound network
traffic in a single device, offering the performance and scalability to
support the most demanding enterprises. The SSL Visibility Appliance
complements and enhances your installed security devices (e.g.
DLP, IPS, NGFW, sandbox, network forensics), offloading the SSL/
TLS inspection capabilities without degrading performance. By
automatically identifying all SSL/TLS network traffic regardless of
port or application, and consolidating the processing required for
decrypting and re-encrypting this SSL traffic, organizations eliminate
the “blind spot” created by tools that cannot see or decrypt SSL traffic
themselves; avoiding the significant hardware capacity upgrade costs
typically required by those that can. Such a deployment model also
allows for the decrypted traffic to be manipulated and distributed by
Gigamon’s GigaSECURE Security Delivery Platform to multiple inline
and out-of-band tools adding additional tool visibility, fault tolerance,
efficiency and scale to the solution.
The GigaSECURE platform is the market-leading choice for building
a visibility fabric that provides pervasive access to traffic information
from across the network – wherever that traffic may be originating
and destined.
SOLUTION BRIEF
BLUE COAT TECHNOLOGY PARTNER:
GIGAMON
SOLUTION BRIEF
By deploying the GigaSECURE platform in conjunction with the SSL
Visibility Appliance, rather than risk impacting network connections
during device failure or maintenance activities for specific security
devices in line with the appliance, the GigaSECURE platform offers inline bypass functionality that provides a range of failover configuration
options including ‘fail-open’ or ‘fail-closed’ upon loss of power, logical
pass-through and distributing the network traffic across other devices
upon failure. It can direct traffic from primary routes to secondary routes
without impacting the stability of the protected connection. By using
these features, each inline security tool in the chain can have unique
policies for how downtime is handled and the failure or maintenance of
one tool doesn’t have to impact the performance of other tools.
The GigaSECURE platform also allows decrypted traffic to be filtered
as it is distributed to the devices that need to see it. By selectively
forwarding specific traffic types to specialized tools, this approach can
extend the life of existing solutions and defers (or eliminates) the need to
upgrade to higher capacity devices.
Similarly, for the out-of-band tools that may also need to see the
decrypted traffic, packet slicing and masking means that confidentiality
compliance can be maintained and efficiency is maximized as tools only
see the part of the traffic data that they require to perform.
Where scale is an issue, the GigaSECURE platform can also be used to
intelligently load-balance traffic flows across multiple tools – including
the SSL Visibility Appliance – so larger flows can be accommodated
by using multiple tools and existing investments can be maintained as
network capacity upgrades drive higher traffic levels.
traffic should be allowed to pass. If any security appliance fails,
GigaSECURE would enforce that tool’s user defined failure policy.
5.The security tools pass their results back to GigaSECURE.
6.The results flow from GigaSECURE to the SSL Visibility Appliance
which determines whether the original SSL encrypted session can
continue or be reset.
7.If it is allowed to continue, the encrypted SSL traffic is returned to
GigaSECURE.
8.The traffic is sent on to its intended destination.
SSL Visibility
Production
Network
Side A
10Gig Inline Bypass
Network stays alive
GigaSECURE
Production
Network
Side B
NGFW
Security Devices
IDS/IPS
WAF
Encrypted Traffic
Unencrypted Traffic
How it Works
1.Production network traffic flows into the GigaSECURE platform
Key Features and Benefits
2.GigaSECURE passes all traffic to the Blue Coat SSL Visibility
Appliance where all SSL/TLS traffic is identified and then select
SSL/TLS traffic is inspected and decrypted based upon established
policies.
• Enable inline tools to identify and inspect encrypted traffic based
upon comprehensive policies
3.The SSL Visibility Appliance sends a copy of the decrypted traffic
back to GigaSECURE.
4.GigaSECURE filters the decrypted traffic based on user defined
policy and forwards it to multiple in-line tools either sequentially
or in parallel. These tools determine whether the decrypted SSL
• Robust architecture ensures minimized disruption of traffic for device
failure and maintenance
• Intelligent traffic filtering maximizes efficiency of specialized tools that
only require to see some of the traffic
• Load balance traffic flows across multiple SSL Visibility Appliances to
scale up for large traffic flows
SOLUTION BRIEF
About Gigamon
For More Information
Gigamon provides active visibility. Having the industry’s first Security
Delivery Platform, GigaSECURE®, and the Visibility Fabric™, an
intelligent architecture for enterprises, data centers and service
providers around the globe, Gigamon’s technology empowers security
and infrastructure architects, managers and operators with pervasive
and dynamic intelligent visibility of traffic across both physical and
virtual environments without affecting the performance of the production
network. Through patented technologies and centralized management,
the Gigamon GigaVUE® portfolio of high availability and high-density
products intelligently delivers the appropriate network traffic to
management, analysis, compliance and security tools. Gigamon has
been designing and building traffic visibility products since 2004 and its
solutions are deployed globally across vertical markets including over
half of the Fortune 100 and many government and federal agencies.
Learn more at www.gigamon.com, the Gigamon Blog, or follow Gigamon
on Twitter, LinkedIn or Facebook.
Learn more about Blue Coat technology partners on our website.
Blue Coat Systems Inc.
www.bluecoat.com
Corporate Headquarters
Sunnyvale, CA
+1.408.220.2200
EMEA Headquarters
Hampshire, UK
+44.1252.554600
APAC Headquarters
Singapore
+65.6826.7000
© 2015 Blue Coat Systems, Inc. All rights reserved. Blue Coat, the Blue Coat logos, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter, CacheOS, CachePulse, Crossbeam, K9, the K9 logo, DRTR, MACH5, PacketWise, Policycenter, ProxyAV, ProxyClient,
SGOS, WebPulse, Solera Networks, the Solera Networks logos, DeepSee, “See Everything. Know Everything.”, “Security Empowers Business”, and BlueTouch are registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain
other countries. This list may not be complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the trademark. All other trademarks mentioned in this document owned by third parties
are the property of their respective owners. This document is for informational purposes only. Blue Coat makes no warranties, express, implied, or statutory, as to the information in this document. Blue Coat products, technical services, and any other technical data
referenced in this document are subject to U.S. export control and sanctions laws, regulations and requirements, and may be subject to export or import regulations in other countries. You agree to comply strictly with these laws, regulations and requirements, and
acknowledge that you have the responsibility to obtain any licenses, permits or other approvals that may be required in order to export, re-export, transfer in country or import after delivery to you. v.SB-TECHPARTNER-SSL-GIGAMON-EN-v1c-1215