SSL is growing,
and that presents
a challenge for
our customers.
70%
Privacy and security concerns are driving encrypted
traffic growth, which is expected to represent
70 percent of all Internet traffic this year.
Source: Sandvine, Global Internet Phenomena Spotlight, 2016
making the security tools you trust and rely on less effective
DLP
Firewalls
Anti
Virus
IDS/
IPS
APT
making the security tools you trust and rely on less effective
DLP
Firewalls
Anti
Virus
IDS/
IPS
APT
Decrypt and re-encrypt on each device
Decrypt,
Inspect,
Re-encrypt
Users / Devices
Firewall
User
Web Gateway
Decrypt,
Inspect,
Re-encrypt
Decrypt,
Inspect,
Re-encrypt
DLP
Anti-Malware
Decrypt,
Inspect,
Re-encrypt
Decrypt,
Inspect,
Re-encrypt
IPS
Firewall
Internet
SSL is a Significant Performance Hit on Security
SSL
79 %
•
•
75 %
100 %
Next-Gen Firewall
Next-Gen IPS
Sandbox/Anti-Malware
Performance Impact
Performance Impact
No SSL Support
Additional performance loss when multiple security
devices each decrypt, inspect and re-encrypt
But, it’s not just performance: Latest cipher support
is often missing from security devices
Security architectures are not
built for SSL encryption. Not
handling SSL traffic creates
blind spots and enables SSL
on next-gen security products
to impact their performance,
sometimes by over 80%!
First ADC vendor to provide Elliptic Curve Cryptography
(ECC) SSL TPS in hardware across all platforms
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Gain visibility
into SSL traffic
Flexible
deployment options
Dynamically
chain services
with centralized SSL decryption
across multiple security tools
provide ease of integration with
unique network topologies
based on context-based policy to
efficiently deploy security
• SSL decrypt / encrypt at high performance
• Policy-based decrypt / handoff / encrypt of traffic flows
• Dynamic service chaining of security solutions
• Load balancing of SSL traffic flows across security devices
• Flexible deployment for seamless fit into networks
• Proxy architecture allows support for
DHE/ECDHE and Forward Secrecy
Purpose-built, all-in-one SSL appliance, providing security solutions
with visibility into SSL/ TLS-encrypted outbound traffic
• 52% of all Internet traffic is non-human
•
% Internet traffic that is
•
52
%
29
%
41
•
•
non-human.
Website traffic from
malicious bots
Malicious bots enter a
website network disguised
as a human.
Source: Incapsula, CheckPoint, ANA/White Ops, Dell SecureWorks.
Threat
Intelligence
Device
Fingerprinting
•
•
•
Geo-location
Proactive
classification
Intelligence
Feeds
Profiling
•
•
•
BOT signatures
Inline
Fingerprinting
Identity
Behavioral
•
•
•
Session Anomaly
Transaction
Anomaly
Brute Force
https://panopticlick.eff.org
https://amiunique.org
IoT – Mirai Botnet
“Major DNS Provider Hit by
Mysterious, Focused DDoS Attack”
ARS TECHNICA
“Rent-a-Botnet Services Making Massive DDoS
Attacks More Common than Ever Before”
PC WORLD
News on
DDoS threats
isn’t going away
“DDoS Attacks: Getting Bigger
and More Dangerous All the Time”
ZD NET
“DDoS Attacks Continue to
Rise in Power and Sophistication”
SECURITY WEEK
“New Botnet Hunts for Linux –
Launching 20 DDoS Attacks/Day”
THE HACKER NEWS
Good vs.
Bad Traffic
Multiple
Vulnerable Points
Sophisticated
and Targeted
DDoS Attacks are
Easy to Launch
All traffic/connections look the
same – hard to distinguish the
good from the bad
Attacks target weakest
link network, WAN bandwidth,
authentication, and
applications
Multi vector attacks
leveraging TLS connections,
with malware planted
on botnets
Attacks can be crowdsourced and monetized,
launched by simple apps
Good vs.
Bad Traffic
DDoS Attacks are
Easy to Launch
Rate limiting or black holing
techniques impact legitimate
traffic (and the business)
Blind to SSL and easily
overwhelmed, contributing
to the DDoS
Sophisticated
and Targeted
Multiple
Vulnerable Points
Too little too late due to
out-of-band deployment
against short, bursty traffic
Partially effective depending
on type of solution and
placement in the network
DDoS Hybrid Defender
Quickly Detect
Attack Behavior
Block DDoS with
Real-Time Decryption
Behavioral-based attack
detection with ability to sustain
DDoS due to the high
performance proxy solution
SSL visibility with real-time
traffic decryption and
inspection of malicious data
Ultra-Fast
Attack Detection
Full Protection
on All Fronts
Sub-second attack detection
with hardware assist inline or
in out-of-band mode
Holistic DDoS protection for
network, application, and bandwidth
with hybrid DDoS approach
Network
Protection
Application
Protection
WAN Bandwidth
Saturation
Multiple techniques - statistical method
to baseline 3000+ L3/4 metrics & auto
thresholds IP reputation feeds
Leverages SSL inspection to
defend against L7 DDoS
with behavioral analysis
DDoS Hybrid Defender to send
Layer 3, 4, and 7 DDoS attack info
via a JSON blob to Silverline
DDoS Hybrid Defender seamlessly integrates on-premises protection with cloud-based scrubbing service
for the most complete DDoS threat coverage. DDoS Hybrid Defender offers simplified user interface and
“out-of-the-box” experience with new licensing, targeted for DDoS use case and security buyer.
• Protects against attacks on the network through to the application
• Only vendor with native, seamlessly integrated
on-premises and cloud-based scrubbing services
• Leverages industry-leading application protections to
defend against L7 DDoS
• Unsurpassed SSL performance with SSL termination
and outbound SSL interception protection
• Ensures app availability and performance with leading datacenter
scalability and up to 2 Tbps of cloud-based scrubbing capacity
F5 delivers comprehensive protection in a single box
•
•
•
•
https://haveibeenpwned.com/
•
•
https://www.bleepingcomputer.com/news/security/14-766lets-encrypt-ssl-certificates-issued-to-paypal-phishing-sites/
Site Visit
Device
Fingerprinting
Phishing
Threats
Site
Log In
User
Navigation
Transactions
Transaction
Execution
• Geo-location
• Brute Force
Detection
• Behavioral
Analysis
Behavioral and
Click Analysis
Abnormal Money
Movement Analysis
Customer Fraud
Alerts
Malware
Injections
Transaction
manipulation
Credential
Grabbing &
Remote Access
Trojans
Automated
Transactions