The digital world may have brought the entire physical world close, virtually. One can experience a virtual butterfly effect while being a part of the digital world, where a threat actor sitting in one part of the world targets another who is miles away from him/her. Security of our data is of paramount importance. This is why, encryption – a technology of scrambling data can help so that only authorized parties can understand the information. Based on this logic in 1995 SSL encryption was introduced where SSL is an encryption-based internet security protocol developed to ensure privacy, authentication and data integrity in internet communications. It is now deployed in many consumer products. In a world in which cyber-criminals are active 24/7, trying to get their hands on as much data as possible, this level of security is an essential feature of online data exchange. But we say that encryption is a double-edged sword and this is where Array’s SSL Intercept comes into picture.
“The SSL Intercept is a unique function that offers to decrypt SSL traffic for 3rd-party security appliances to perform the inspection; it then re-encrypts traffic before forwarding it to a final destination. It provides decryption of SSL/TLS traffic to allow security appliances to fully inspect the traffic without incurring the large compute load of SSL processing. Built-in SSL resources offload compute-intensive decryption, allowing security appliances to operate at their peak performance level,” said Shibu Paul, Vice President – International Sales at Array Networks.
Traditionally, network managers deploy best-of-breed, single-function security appliances to protect against attacks, intrusion and other threats. However, solutions such as WAF, NGFW, IDS/IPS and DDoS protection either lack the ability to decrypt and inspect SSL traffic as high volumes of SSL traffic can overwhelm their in-built SSL resources, robbing processing cycles and impacting performance or sometimes lack the time but SSL intercept helps in decrypting and re-encrypting the traffic. It also acts as an optional site service that protects users from sites with malicious payloads or inappropriate content and whitelisting ensuring that sensitive information to and from trusted sites is not decrypted. Besides, Array can load balance traffic across multiple 3rd-party security appliances to help assure high performance and availability of critical security mechanisms. SSL intercept function is provided by Array vAPV virtual appliances running on Array’s Network Functions Platform. The vAPV runs as a large, medium, small, entry or shared entry virtual application delivery controller on Array’s AVX network functions platforms to flexibly enable on-demand, full-featured load balancing and application delivery with guaranteed performance. Array APV Series appliances are also ideal for intranet applications as well as home-grown enterprise applications and services. The high-performance SSL resources process SSL traffic far more efficiently than the majority of security appliances in turn helping assure their performance. The SSL intercept offers multiple modes to accommodate different deployment environments, including L2 or L3 mode, integrated or distributed mode, forward or reverse proxy and Web-agent service.
Array’s Certified Platform Ready 3rd-party ecosystem includes technology partners whose respective products have been tested and proved compatible with AVX Series Network Functions Platforms. Deployment guides and other materials provide guided roadmaps for deploying these solutions with Array’s network functions virtualization environment. SSL intercept is also available as a stand-alone virtual appliance or a dedicated hardware appliance.