Solve Your Organization’s SSL Problem with the Joint Gigamon–Blue Coat Solution
It is the new reality that SSL traffic makes up a larger and larger portion of network traffic. According to a 2013 NSS report, “25%–35% of enterprise traffic [was] SSL and, depending on the industry vertical, the percentage … can reach as high as 70%.”1
Hackers have turned the rising SSL tide in their favor, hiding malware in “secure” SSL‐encrypted sessions—think of it as a wolf in sheep’s clothing. In fact, a recent Gartner report indicates that by 2017 more than 50% of network attacks will use encrypted traffic to bypass controls.2
Why is this SSL scheme so popular? Unfortunately, many security solutions are unable to inspect SSL‐encrypted traffic. While some security solutions can inspect encrypted traffic, the computationally intensive nature of SSL decryption can lead to significant performance problems.
To make matters worse, most comprehensive security architectures leverage multiple inline and out‐of‐band monitoring tools, each of which is responsible for inspecting its own type of traffic and performing its own unique function. This means that any possible solution, like the problem, will be far from simple: After all, decrypting and routing SSL traffic to myriad monitoring tools or enabling those tools with decryption capabilities can be costly and, for the most part, out of the question.
That’s where the joint Gigamon GigaSECURE®–Blue Coat SSL Visibility Appliance solution comes in. Together, these two tools can bring robust inline SSL decryption with advanced load balancing, inline bypass, and more.
Read on for the full story—and get onboard today.
Equal parts Gigamon and Blue Coat
First, let’s take a look at the key players in this SSL success story: the Blue Coat SSL Visibility Appliance and GigaSECURE.
According to Blue Coat, “The SSL Visibility Appliance can decrypt and re‐encrypt both inbound and outbound network traffic in a single device—offering the performance and scalability to support the most demanding enterprises.… The SSL Visibility Appliance enhances your installed security devices (e.g., DLP, IPS, NGFW, sandbox, and network forensics), offloading the SSL/TLS inspection capabilities without degrading performance. This avoids the 2x to 3x hardware capacity upgrade costs typically required by these security solutions needing SSL inspection.”3
For its part, GigaSECURE, the industry’s first Security Delivery Platform, delivers a robust platform to enable the increased scalability and availability of your network while ensuring the right traffic is delivered to the right tools—fast. Security appliances simply connect into the GigaSECURE platform to receive a high‐fidelity stream of relevant traffic (physical, virtual, and encrypted) from across the network infrastructure.
On their own, these solutions are powerful weapons in the fight against security breaches. But together, they’re even better. Here’s how it works:
Inbound and outbound SSL traffic flows to the inline Blue Coat SSL Visibility Appliance through the Gigamon inline connection. The SSL Visibility Appliance decrypts the traffic and passes it back to the Gigamon platform. GigaSECURE can then efficiently route this traffic to designated security and monitoring tools (inline and out of band) for inspection. The traffic from inline tools then returns to the Blue Coat SSL Visibility Appliance for re‐encryption and further routing to its final destination.
In a nutshell, GigaSECURE adds robustness and performance to Blue Coat SSL Visibility Appliance deployments.
Now let’s take a closer look at what GigaSECURE brings to the table:
- Load balancing: GigaSECURE can spread traffic flows across multiple Blue Coat SSL Visibility Appliances and then on to security monitoring tools, avoiding bottlenecks and bolstering the security architecture on the whole.
- Inline bypass: With GigaSECURE, if a Blue Coat SSL Visibility Appliance fails (or needs to be taken offline), customers have a range of failover options to choose from, including fail close (traffic will continue to flow unimpeded), fail open (no traffic will pass while the device is down), logical passthrough, and distributing network traffic across other devices upon failure.
- Flow Mapping®: Once the traffic has been decrypted by the Blue Coat SSL Visibility Appliance, GigaSECURE can route that unencrypted traffic through several security and performance monitoring tools fast. That decrypted traffic is then inspected and sent back to the Blue Coat SSL Visibility Appliance for re‐encryption.
So, if you’re either currently using the Blue Coat SSL Visibility Appliance or are struggling to provide visibility of SSL‐encrypted traffic to your security infrastructure in general, this is the perfect solution for you.
- For more on the individual solutions, see the GigaSECURE product page and the Blue Coat SSL Visibility Appliance product page
- For more on the joint solution, see the Blue Coat press release
1 Pirc, John W. “SSL Performance Problems.” NSS Labs. 2013. Accessed October 27, 2015. https://library.nsslabs.com/reports/ssl-performance-problems.
2D’Hoinne, Jeremy, and Adam Hils. “Security Leaders Must Address Threats From Rising SSL Traffic.” Gartner. December 9, 2013. Accessed October 28, 2015. https://www.gartner.com/doc/2635018/security-leaders-address-threats-rising.
3“SSL Visibility Appliance.” Blue Coast Systems, Inc. Accessed October 22, 2015. https://www.bluecoat.com/products/ssl-visibility-appliance.