Problem SSL encryption is the cornerstone technology that makes the Internet secure. Email, e-commerce, VoIP, online banking, remote health, and countless other services are kept secure with SSL, but unfortunately the encrypted traffic traverses the network uninspected. Many security and performance monitoring tools lack the ability to see inside encrypted sessions. Monitoring application performance and network usage patterns becomes impossible if you cannot determine which applications are running over the network. Even worse, malware can create SSL sessions to hide its activity confident that security tools will neither inspect nor block the traffic. The very technology that makes the web secure can also be a threat vector. Of course, monitoring this traffic isn’t as simple as decrypting it and passing it through one tool. Most modern networks have multiple inline and out of band security and performance tools examining different aspects of the traffic. For example, traffic may flow through a traditional firewall, an IPS and a WAF or secure email gateway, as well as being copied to an out of band SIEM or Network DVR. Building a solution to decrypt traffic for each of these tools individually is inefficient and expensive. Another problem with “daisy-chained” tools – a series of security tools that process the traffic in sequence and through which each packet must pass – each tool presents another reliability, performance and scalability risk for the enterprise due to the potential of tool failure. And service interruptions triggered by maintenance activities may also result in the monitored connection being interrupted. This means critical activities are restricted to scheduled maintenance windows typically taking place at exceptionally low-use time intervals (early mornings, late evenings and/or weekends). There is a better way. Partner: Gigamon Partner Product: GigaSECURE Blue Coat Product: SSL Visibility Appliance Solution Overview: The Blue Coat SSL Visibility Appliance and the Gigamon GigaSECURE Security Delivery Platform The Blue Coat SSL Visibility Appliance utilizes comprehensive policies to decrypt and re-encrypt both inbound and outbound network traffic in a single device, offering the performance and scalability to support the most demanding enterprises. The SSL Visibility Appliance complements and enhances your installed security devices (e.g. DLP, IPS, NGFW, sandbox, network forensics), offloading the SSL/ TLS inspection capabilities without degrading performance. By automatically identifying all SSL/TLS network traffic regardless of port or application, and consolidating the processing required for decrypting and re-encrypting this SSL traffic, organizations eliminate the “blind spot” created by tools that cannot see or decrypt SSL traffic themselves; avoiding the significant hardware capacity upgrade costs typically required by those that can. Such a deployment model also allows for the decrypted traffic to be manipulated and distributed by Gigamon’s GigaSECURE Security Delivery Platform to multiple inline and out-of-band tools adding additional tool visibility, fault tolerance, efficiency and scale to the solution. The GigaSECURE platform is the market-leading choice for building a visibility fabric that provides pervasive access to traffic information from across the network – wherever that traffic may be originating and destined. SOLUTION BRIEF BLUE COAT TECHNOLOGY PARTNER: GIGAMON SOLUTION BRIEF By deploying the GigaSECURE platform in conjunction with the SSL Visibility Appliance, rather than risk impacting network connections during device failure or maintenance activities for specific security devices in line with the appliance, the GigaSECURE platform offers inline bypass functionality that provides a range of failover configuration options including ‘fail-open’ or ‘fail-closed’ upon loss of power, logical pass-through and distributing the network traffic across other devices upon failure. It can direct traffic from primary routes to secondary routes without impacting the stability of the protected connection. By using these features, each inline security tool in the chain can have unique policies for how downtime is handled and the failure or maintenance of one tool doesn’t have to impact the performance of other tools. The GigaSECURE platform also allows decrypted traffic to be filtered as it is distributed to the devices that need to see it. By selectively forwarding specific traffic types to specialized tools, this approach can extend the life of existing solutions and defers (or eliminates) the need to upgrade to higher capacity devices. Similarly, for the out-of-band tools that may also need to see the decrypted traffic, packet slicing and masking means that confidentiality compliance can be maintained and efficiency is maximized as tools only see the part of the traffic data that they require to perform. Where scale is an issue, the GigaSECURE platform can also be used to intelligently load-balance traffic flows across multiple tools – including the SSL Visibility Appliance – so larger flows can be accommodated by using multiple tools and existing investments can be maintained as network capacity upgrades drive higher traffic levels. traffic should be allowed to pass. If any security appliance fails, GigaSECURE would enforce that tool’s user defined failure policy. 5.The security tools pass their results back to GigaSECURE. 6.The results flow from GigaSECURE to the SSL Visibility Appliance which determines whether the original SSL encrypted session can continue or be reset. 7.If it is allowed to continue, the encrypted SSL traffic is returned to GigaSECURE. 8.The traffic is sent on to its intended destination. SSL Visibility Production Network Side A 10Gig Inline Bypass Network stays alive GigaSECURE Production Network Side B NGFW Security Devices IDS/IPS WAF Encrypted Traffic Unencrypted Traffic How it Works 1.Production network traffic flows into the GigaSECURE platform Key Features and Benefits 2.GigaSECURE passes all traffic to the Blue Coat SSL Visibility Appliance where all SSL/TLS traffic is identified and then select SSL/TLS traffic is inspected and decrypted based upon established policies. • Enable inline tools to identify and inspect encrypted traffic based upon comprehensive policies 3.The SSL Visibility Appliance sends a copy of the decrypted traffic back to GigaSECURE. 4.GigaSECURE filters the decrypted traffic based on user defined policy and forwards it to multiple in-line tools either sequentially or in parallel. These tools determine whether the decrypted SSL • Robust architecture ensures minimized disruption of traffic for device failure and maintenance • Intelligent traffic filtering maximizes efficiency of specialized tools that only require to see some of the traffic • Load balance traffic flows across multiple SSL Visibility Appliances to scale up for large traffic flows SOLUTION BRIEF About Gigamon For More Information Gigamon provides active visibility. Having the industry’s first Security Delivery Platform, GigaSECURE®, and the Visibility Fabric™, an intelligent architecture for enterprises, data centers and service providers around the globe, Gigamon’s technology empowers security and infrastructure architects, managers and operators with pervasive and dynamic intelligent visibility of traffic across both physical and virtual environments without affecting the performance of the production network. Through patented technologies and centralized management, the Gigamon GigaVUE® portfolio of high availability and high-density products intelligently delivers the appropriate network traffic to management, analysis, compliance and security tools. Gigamon has been designing and building traffic visibility products since 2004 and its solutions are deployed globally across vertical markets including over half of the Fortune 100 and many government and federal agencies. Learn more at www.gigamon.com, the Gigamon Blog, or follow Gigamon on Twitter, LinkedIn or Facebook. Learn more about Blue Coat technology partners on our website. Blue Coat Systems Inc. www.bluecoat.com Corporate Headquarters Sunnyvale, CA +1.408.220.2200 EMEA Headquarters Hampshire, UK +44.1252.554600 APAC Headquarters Singapore +65.6826.7000 © 2015 Blue Coat Systems, Inc. All rights reserved. Blue Coat, the Blue Coat logos, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter, CacheOS, CachePulse, Crossbeam, K9, the K9 logo, DRTR, MACH5, PacketWise, Policycenter, ProxyAV, ProxyClient, SGOS, WebPulse, Solera Networks, the Solera Networks logos, DeepSee, “See Everything. Know Everything.”, “Security Empowers Business”, and BlueTouch are registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain other countries. This list may not be complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the trademark. All other trademarks mentioned in this document owned by third parties are the property of their respective owners. This document is for informational purposes only. Blue Coat makes no warranties, express, implied, or statutory, as to the information in this document. Blue Coat products, technical services, and any other technical data referenced in this document are subject to U.S. export control and sanctions laws, regulations and requirements, and may be subject to export or import regulations in other countries. You agree to comply strictly with these laws, regulations and requirements, and acknowledge that you have the responsibility to obtain any licenses, permits or other approvals that may be required in order to export, re-export, transfer in country or import after delivery to you. v.SB-TECHPARTNER-SSL-GIGAMON-EN-v1c-1215
© Copyright 2024 Paperzz