Lightboard Lessons: SSL Outbound Visibility

You’ve been having trouble sleeping because of the SSL visibility problem with all the fancy security tools that don’t do decryption. Put down that ambien, because this Lightboard Lesson solves it. I...
Published Jul 06, 2016
Version 1.0
lbl
Secure Web Gateway
security
ssl
tls
mharris30_17770's avatar
mharris30_17770
Icon for Nimbostratus rankNimbostratus
Jul 15, 2016

Great discussion on outbound SSL visibility. You forgot one important option; forwarding of traffic to a cloud-based filter that does everything the devices you mentioned does, in a single pass, and decrypts SSL once to do it. F5 LTM can simply build a GRE tunnel to that cloud service, and without the cost, complexity, and performance hit of distributing across multiple security appliances, or the addition of the SWG module, you have a.) SSL Visibility (even for DLP), b.) Resiliency of the cloud, and c.) Scalability of a cloud security platform that can grow in SSL performance for a reasonable recurring cost, much like you pay on all those security devices sitting in your data center that you backhaul all the traffic to in order to achieve this centralized processing of outbound SSL traffic. Nothing like combining the leader in inbound traffic management and security, with the leader in outbound traffic security in the cloud.