The adoption of SSL/TLS has been sped up by regulatory standards such as PCI DSS, HIPAA, and the EU’s General Data Protection Regulation (GDPR), which require that transmitted data be encrypted. Moreover, organizations have been spurred to adopt SSL/TLS by Google search results policy, which gives preferential treatment to sites that encrypt.
However, the rise of SSL/TLS isn’t all good news. Attackers are increasingly hiding insidious attacks within encrypted traffic—which means that the security protocol itself has become a threat vector. Regaining visibility into that encrypted traffic is one of the most important steps you can take to protect your apps, your data, and your business.
The F5 SSL Orchestrator solution aims to solve this SSL/TLS challenge across cloud and on-premises environments. It does this by decrypting the web traffic and centralizing the SSL inspection across multiple security devices, thus enabling the detection and blocking of threats previously hidden by encryption. The centralized SSL management will allow you to manage and enforce security policies to comply with regulatory mandates and rectify any non-compliance within minutes across the entire environment.
This blog demonstrates creating and enforcing a web access policy using SSL Orchestrator to meet the data compliance of privacy regulations such as GDPR, HIPAA, PCI-DSS, and others, at the same time deliver a comprehensive view of the applications and potential threats contained in encrypted traffic.
You must have configured the security service and service chains in the SSL Orchestrator before creating the security policies. Refer to the SSL Orchestrator setup guide for guidance on configuration deployment.
The first step is to identify the web traffic of interest that needs to be monitored. Since SSL Orchestrator is deployed inline to the traffic and processes all the wire traffic, it enables you to filter the web traffic at one central inspection point.
The web classification engine in SSL Orchestrator is based on context derived from the following one or more conditions:
To classify the web traffic:
The next step is to enforce the policy action. Some of the best-practice security policies are listed below:
SSL Orchestrator supplies URL category database with over 150 URL categories and identifies over 60 million URLs that fit within these categories.
SSL Orchestrator delivers a database of over 1 million malicious Internet addresses when used in conjunction with IP intelligence subscription service to identify botnets, phishing proxies, scanners, and other malicious sources.
Once all the configurations are done, deploy the SSL Orchestrator using the guided configuration.
Test the policy by navigating to any financial company website (say a https://<bank.com>) from a browser on a client system.
Complying with regulatory standards is crucial to protect your business and users, however understanding and implementing the regulatory guideline is a laborious process. Often, achieving that goal requires deploying and managing several different types of devices. The F5 SSL Orchestrator enables your organization to understand inherent threats in the web traffic and centralize policy enforcement to protect your IT infrastructure and to satisfy various regulatory requirements.