ssl visibility
4 TopicsF5 SSL Orchestrator and McAfee Web Gateway Solution for SSL Visibility and Management
Data transiting between clients (e.g. PCs, tablets, phones, etc.) and servers are predominantly encrypted with Secure Socket Layer (SSL) or the newer Transport Layer Security (TLS). Pervasive encryption results in threats being hidden and invisible to security inspection unless traffic is decrypted. This creates serious risks, leaving organizations vulnerable to costly data breaches and loss of intellectual property (For reference, see the TLS Telemetry Report Summary from F5 Labs). An integrated F5 SSL Orchestrator and McAfee Web Gateway (MWG) solution provide visibility and management of SSL/TLS traffic to expose the hidden malware, data exfiltration, and command and control threats. F5 SSL Orchestrator with its ability to address HTTP proxy devices inside its decrypted inspection zone allows the MWG to provide optimal security functionality while offloading SSL and complex orchestration to the F5 system. Bill of Materials F5 SSL Orchestrator Optional functional add-ons include URL filtering subscription, IP Intelligence subscription, network hardware security module (HSM), and F5 Access Manager (APM). McAfee Web Gateway Pre-requisites F5 SSL Orchestrator is licensed and set up with internal and external VLANs, and self-IP addresses. An SSL certificate—preferably a subordinate certificate authority (CA)—and private key are imported into SSL Orchestrator. The CA certificate chain with the root certificate is imported into the client browser. SSL orchestration generally presents a new paradigm in the typical network architecture. Integrated with SSL Orchestrator, the traffic to the MWG is decrypted – including usernames, passwords, social security, and credit card numbers, etc. It is therefore highly recommended that security services be isolated within a private, protected enclave defined by the SSL Orchestrator. Solution Deployment In this example deployment setup, the SSL Orchestrator is configured to send decrypted traffic to an inline MWG. SSL Orchestrator handles both decryption and re-encryption of HTTPS traffic, with an inspection zone installed between the ingress and egress. Decrypted traffic is steered to a service pool of MWG devices. You can also deploy the F5 system as a device sync/failover device group (including an HA pair) with a floating IP address for high availability. Configure the Web Proxy Service Before the MWG can receive traffic from the SSL Orchestrator, there are a few basic configurations that must be completed.Any and all licenses should be applied, and the basic system setup should be completed. Along with many other settings, the system setup will include the configuration of the hostname and Domain Name Servers (DNS).The system hostname should be configured as well as the IP address, subnet mask, and hostname for the management interface. The following settings will detail how to configure MWG as an explicit proxy. Please refer to the appropriate MWG documentation for more detailed information on configuring MWG. In the MWG UI under Appliances -> (this appliance) -> Proxies (HTTP(S), FTP, SOCKS, ICAP…): Deploy SSL Orchestrator using Guided Configuration The SSL Orchestrator guided configuration presents a completely new and streamlined user experience. This workflow-based architecture provides guided configuration steps tailored to a selected topology. Step 1: Topology Properties SSL Orchestrator creates discreet configurations based on the selected topology. Select L3 Outbound (transparent proxy) or L3 Explicit Proxy to support decrypted forward proxy traffic flows through the MWG. Step 2: SSL Configuration Select the previously imported subordinate CA certificate (see Prerequisites, above) for signing and issuing certificates to the end-host for client-requested HTTPS websites that are intercepted by SSL Orchestrator. Step 3: Create the McAfee Web Gateway Service The services list section defines the security services that interact with SSL Orchestrator. The guided configuration includes a services catalog that contains common product integrations. In the service catalog, double click the 'McAfee Secure Web Gateway HTTP Proxy' service and configure the service settings: McAfee Web Gateway IP address, port, and connected VLANs. In the MWG Web UI, create these routes to route from the MWG appliance back to SSL Orchestrator. A gateway route to SSL Orchestrator 'from-service' self-IP ( 198.19.96.245 in the above example). A static return route to define the path back to the SSL Orchestrator 'to-service' self-IP (198.19.96.7 in the above example) on the inbound side of the MWG. Using the SSL Orchestrator service catalog, create additional security services as required before proceeding to the next step. Step 4: Service Chains Create a service chain, which is an ordered list of security devices. The service chain determines which services receive decrypted traffic. Step 5: Security Policy SSL Orchestrator’s guided configuration presents an intuitive rule-based, drag-and-drop user interface for the definition of security policies. In the background, SSL Orchestrator maintains these security policies as visual per-request policies. If traffic processing is required that exceeds the capabilities of the rule-based user interface, the underlying per-request policy can be managed directly. Use this section to create custom rules as required. Step 6: Intercept Rule Interception rules are based on the selected topology and define the listeners (analogous to BIG-IP Local Traffic Manager virtual servers) that accept and process different types of traffic, such as TCP, UDP, or other. The resulting listeners will bind the SSL settings, VLANs, IPs, and security policies created in the topology workflow. Step 7: Egress Settings The egress settings section defines topology-specific egress characteristics like NAT and outbound route. Step 8: Summary Review the setting and click deploy SSL Orchestrator. Testing the Solution Use one of the following ways to observe the decrypted traffic Server certificate test To test an explicit forward proxy topology, configure a client’s browser proxy settings to point this listening IP and port. Ensure that the client trusts the local issuing CA certificate. Open a browser from the client and attempt to access an external HTTPS resource. Once the page is loaded, observe the server certificate of that site and take note of the certificate issuer, which should be the local issuing CA. If you have access to the client’s command-line shell and the cURL or wget utilities, you can simulate browser access using one of the following commands: curl -vk --proxy [proxy IP:port] https://www.example.com wget --no-check-certificate -e use_proxy=yes -e https_proxy=[proxy IP:port] -dO – https://www.example.com Both of these commands will display both the HTML server response and the issuer of the server’s certificate. Decrypted traffic analysis on the SSL Orchestrator Perform a tcpdump on the SSL Orchestrator to observe the decrypted clear text traffic. This confirms the SSL interception by the F5 system. tcpdump –lnni [interface or VLAN name] -Xs0 The security service VLANs and their corresponding application services are all visible from the SSL Orchestrator GUI: Network -> VLANs. Decrypted traffic analysis on the McAfee Web Gateway From the MWG UI, use the Packet Tracing feature to capture traffic on all interfaces. Analyze the tcpdump to observe the decrypted clear text traffic. Additional Resources Learn more about SSL Orchestrator on f5.com Recommended best practices guide: F5 SSL Orchestrator and McAfee Web Gateway Solution1.4KViews0likes0CommentsF5 SSL Orchestrator and FireEye NX Integrated Solution
Blind Spots It is nearly impossible to defend against an attack you cannot see. Increased adoption of TLS/SSL is helping organizations secure IP communications between users and web services through encryption. But increased use of encryption also creates challenges for devices in the security stack, such as FireEye NX, that cannot inspect encrypted traffic for hidden threats. When encrypted communications cannot be seen as clear text, they are passed through without inspection and become security blind spots. Clearly this creates serious risks for businesses as they face the very real concern that attackers could hide malware inside encrypted traffic. Fortunately, solving this problem is simply a matter of decrypting SSL traffic and sending the unencrypted data to additional security devices for inspection. In fact, some security devices today do support SSL decryption natively—but at a cost: Decryption and re-encryption, especially of 2048-bit certificates, demands a lot of computing resources and can tremendously degrade the performance of these devices. An integrated solution from F5 Networks and FireEye solves this challenge by centralizing SSL inspection across the security stack. This joint solution utilizes a dedicated F5 SSL Orchestrator to decrypt and route traffic before inspection by FireEye NX or other security devices, thereby greatly expanding your ability to prevent hidden threats and block zero-day exploits. F5 Full Proxy Architecture F5 SSL Orchestrator is the core of F5’s SSL/TLS visibility and orchestration solution. When deployed on the wire between an intranet and the Internet, as shown in Figure below, F5 SSL Orchestrator installs a decrypt /clear-text zone between the client and web server, creating an aggregation visibility point for FireEye NX to inspect the traffic. F5 full proxy architecture establishing the inspection zone. When the client initiates an HTTPS connection to the web server, the F5 SSL Orchestrator intercepts and decrypts the client-encrypted traffic and steers it to a pool of FireEye NX devices for inspection. After inspection, the F5 SSL Orchestrator re-encrypts the same traffic before sending it to the web server. The return HTTPS response from the web server to the client is likewise intercepted and decrypted for inspection before being sent to the client. Solution Deployment F5 SSL Orchestrator intercepts both outbound and inbound traffic. Other security services like DLP (using ICAP), IPS, and next-generation firewalls can also be deployed alongside FireEye NX when configured in a service chain within the decrypt zone. The F5 SSLO FireEye NX solution with service chain I. Bill of Materials F5 SSL Orchestrator 5.1 Optional functional add-ons include URL filtering subscription, IP Intelligence subscription, network hardware security module (HSM), F5 Secure Web Gateway (SWG) Services and F5 Access Manager (APM). FireEye NX appliance II. Pre-requisites F5 SSL Orchestrator is licensed and set up with internal and external VLANs and Self-IP addresses. An SSL certificate—preferably a subordinate certificate authority (CA)—and private key are imported into F5 SSL Orchestrator. The CA certificate chain with root certificate is imported into the client browser. FireEye NX is setup with physical connectivity to F5 SSL Orchestrator. III. Configure FireEye Operation Mode Login to FireEye web user interface, navigate to Settings, and select Inline operation mode. FireEye supports both Inline and TAP mode of operation IV. Deploy F5 SSL Orchestrator using Guided Configuration SSL Orchestrator version 5.1 introduced Guided Configuration, a workflow-based architecture that provides intuitive, re-entrant configuration steps and presents a completely new and streamlined user experience. To deploy the SSL Orchestrator application, log into the F5 system. On the F5 Web UI Main menu, navigate to SSL Orchestrator > Configuration and follow the guided configuration steps. Step 1: Topology Properties SSL Orchestrator creates discreet configurations based on the selected topology. Selecting explicit forward proxy topology (as shown in the example) will ultimately create an explicit proxy listener. Step 2: SSL Properties Select the previously imported subordinate CA certificate (see Prerequisites, above) to sign and issue certificates to the end-host for client-requested HTTPS websites that are intercepted. Step 3: Create the FireEye Inline Service The services list section defines the security services that interact with SSL Orchestrator. The guided configuration includes a services catalog that contains common product integrations. In the service catalog, double click on the FireEye Inline service and configure the service settings: service name, VLAN pair and port remap. The ‘From VLAN’ and ‘To VLAN’ pairs (inward and outward VLANs) and the associated interfaces define the network connectivity from SSL Orchestrator to the inline security device. For the FireEye NX device to recognize that the steered traffic has been decrypted, it needs to be sent on a non-443 TCP port. Using the service catalog, create additional security services as required, before proceeding to the next step. Step 4: Service Chains Create a service chain, which is an arbitrarily ordered lists of security devices. The service chain determines which services receive traffic. Step 5: Security Policy SSL Orchestrator’s guided configuration presents an intuitive rule-based, drag-and-drop user interface for the definition of security policies. In the background, SSL Orchestrator maintains these security policies as visual per-request policies. If traffic processing is required that exceeds the capabilities of the rule-based user interface, the underlying per-request policy can be managed directly. Use this section to create custom rules as required. Step 6: Intercept Rule Interception rules are based on the selected topology and define the listeners (analogous to BIG-IP Local Traffic Manager virtual servers) that accept and process different types of traffic, such as TCP, UDP, or other. The resulting BIG-IP LTM virtual servers will bind the SSL settings, VLANs, IPs, and security policies created in the topology workflow. Step 7: Egress Settings The egress settings section defines topology-specific egress characteristics like NAT and outbound route. Step 8: Summary The configuration summary page presents an expandable list of all the workflow-configured objects. Review the setting and click the Deploy button to deploy SSL Orchestrator. SSL Orchestrator will be successfully deployed on the F5 system. V. Verification Navigate to http://www.eicar.org/ and download a malware test file via HTTP and HTTPS links from the client. Login to FireEye NX Web UI and navigate to Alerts to view the malware alert. Conclusion The joint solution from F5 Networks and FireEye brings together the best of application delivery and advanced content security to help you identify and stop even the most sophisticated attacks, whether in the data center or at the perimeter of your network. Together, we help you accelerate business growth while decreasing the risk of security breaches. Learn more: Product page: F5 SSL Orchestrator White paper: Beyond Advanced Threat Protection962Views0likes1CommentF5 SSL Orchestrator and Cisco Firepower Threat Defense (FTD) Integrated Solution
The Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS), have been widely adopted by organizations to secure IP communications, and their use is growing rapidly. While TLS/SSL provides data privacy and secure communications, it also creates challenges to inspection devices in the security stack when inspecting the encrypted traffic. In short, the encrypted communications cannot be seen as clear text and are passed through without inspection, becoming security blind spots. This creates serious risks for businesses: What if attackers are hiding malware inside the encrypted traffic? However, performing decryption of TLS/TLS traffic on the security inspection devices, with native decryption support, can tremendously degrade the performance of those devices. This performance concern becomes even more challenging given the demands of stronger, 2048-bit certificates. An integrated F5 and Cisco solution solves these two SSL/TLS challenges. F5 SSL Orchestrator centralizes TLS/SSL inspection across complex security architectures, enabling flexible deployment options for decrypting and re-encrypting user traffic. It also provides intelligent traffic orchestration using dynamic service chaining and policy-based management. The decrypted traffic is then inspected by one or more Cisco FTD systems, which can prevent previously hidden threats and block zero-day exploits. The Cisco Firepower Threat defense may be delivered using several combinations of Cisco Firepower and ASA platforms and software images. This solution eliminates the blind spots introduced by TLS/SSL and closes any opportunity for adversaries. Solution Deployment The F5 and Cisco integrated solution enables organizations to intelligently manage SSL/TLS Traffic while providing visibility into a key threat vector that attackers often use to exploit vulnerabilities, establish command and control channels, and steal data. Without SSL visibility, it is impossible to identify and prevent such threats at scale. F5 SSL Orchestrator intercepts both outbound and inbound traffic. Other security services like DLP (using ICAP), IPS, and HTTP(s) Proxies can also be deployed alongside Cisco FTD when configured in a service chain within the decrypt zone. Cisco FTD supports both Inline (Layer 2 and Layer 3) and TAP mode of operation. In this example solution, Cisco FTD is configured as Layer 3 / routed hop. I. Bill of Materials F5 SSL Orchestrator 5.1 Optional functional add-ons include URL filtering subscription, IP Intelligence subscription, network hardware security module (HSM), F5 Secure Web Gateway (SWG) Services and F5 Access Manager (APM). Cisco FTD II. Pre-requisites F5 SSL Orchestrator is licensed and set up with internal and external VLANs and Self-IP addresses. An SSL certificate—preferably a subordinate certificate authority (CA)—and private key are imported into F5 SSL Orchestrator. The CA certificate chain with root certificate is imported into the client browser. Cisco FTD is setup with physical connectivity to F5 SSL Orchestrator. This Cisco FTD system is managed by Cisco Firepower Device Manager (FDM). III. IP Addressing When a Cisco FTD is deployed as an Layer 3/ routed hop, we recommend configuring its IP addresses for interface in the inside zone and interface in the outside zone, from default fixed addressing subnets, provided by SSL Orchestrator, that are derived from a RFC2544 CIDR block of 192.19.0.0. This minimizes the likelihood of address collisions. In this example, the Cisco FTD is configured with IP address 198.19.64.61/25 on the interface in the inside zone (connected to SSL Orchestrator ‘To Service’ VLAN) and 198.19.64.161/25 on the interface in the outside zone (connected to SSL Orchestrator ‘From Service’ VLAN). You will also need to configure static routes to the internal networks with 198.19.64.7 as the next hop and a default route to the Internet with 198.19.64.245 as the gateway. The table below explains the IP addresses that you need to configure when deploying multiple FTDs in the service pool. IV. Configure Cisco FTD Configure the interfaces with IP addresses and assign them to Inside and Outside zones. Configure the static route to internal network (192.168.16.0/24) with next hop as the IP address on the ‘To Service’ VLAN of the SSL Orchestrator (198.19.64.7). Also, configure the default route to internet with IP address on the ‘To Service’ VLAN of the SSL Orchestrator (198.19.64.245) as the gateway. V. Deploy F5 SSL Orchestrator using Guided Configuration SSL Orchestrator version 5.1 introduced Guided Configuration, a workflow-based architecture that provides intuitive, re-entrant configuration steps and presents a completely new and streamlined user experience. To deploy the SSL Orchestrator application, log into the F5 system. On the F5 Web UI Main menu, navigate to SSL Orchestrator > Configuration and follow the guided configuration steps. Step 1: Topology Properties SSL Orchestrator creates discreet configurations based on the selected topology. Selecting explicit forward proxy topology (as shown in the example) will ultimately create an explicit proxy listener. Step 2: SSL Properties Select the previously imported subordinate CA certificate (see Prerequisites, above) to sign and issue certificates to the end-host for client-requested HTTPS websites that are intercepted. Step 3: Create the Cisco Inline L3 Service The services list section defines the security services that interact with SSL Orchestrator. The guided configuration includes a services catalog that contains common product integrations. In the service catalog, double click on the Inline L3 service and configure the service settings: service name, VLAN pair and port remap. The ‘To VLAN’ and the associated interface define the network connectivity from SSL Orchestrator to the interface in the inside zone on the Cisco FTD. The ‘From VLAN’ and the associated interface define the network connectivity from SSL Orchestrator to the interface in the outside zone on the Cisco FTD. For the Cisco FTD to recognize that the steered traffic has been decrypted, it needs to be sent on a non-443 TCP port. Using the service catalog, create additional security services as required, before proceeding to the next step. Step 4: Service Chains Create a service chain, which is an arbitrarily ordered lists of security devices. The service chain determines which services receive traffic. Step 5: Security Policy SSL Orchestrator’s guided configuration presents an intuitive rule-based, drag-and-drop user interface for the definition of security policies. In the background, SSL Orchestrator maintains these security policies as visual per-request policies. If traffic processing is required that exceeds the capabilities of the rule-based user interface, the underlying per-request policy can be managed directly. Use this section to create custom rules as required. Step 6: Intercept Rule Interception rules are based on the selected topology and define the listeners (analogous to BIG-IP Local Traffic Manager virtual servers) that accept and process different types of traffic, such as TCP, UDP, or other. The resulting BIG-IP LTM virtual servers will bind the SSL settings, VLANs, IPs, and security policies created in the topology workflow. Step 7: Egress Settings The egress settings section defines topology-specific egress characteristics like NAT and outbound route. Step 8: Summary The configuration summary page presents an expandable list of all the workflow-configured objects. Review the setting and click the Deploy button to deploy SSL Orchestrator. SSL Orchestrator will be successfully deployed on the F5 system. VI. Verification Navigate to http://www.eicar.org/ and download a malware test file via HTTP and HTTPS links from the client. Login to Cisco FDM Web UI and navigate to Analysis > Intrusions > Alerts to view the malware alert. Conclusion The joint solution from F5 Networks and Cisco brings together the best of application delivery and advanced malware protection to help you identify and stop even the most sophisticated attacks, whether in the data center or at the perimeter of your network. Together, we help you accelerate business growth while decreasing the risk of security breaches. Learn more: Product page: F5 SSL Orchestrator715Views0likes0CommentsF5 SSL Orchestrator - Symantec DLP Integrated Solution
The Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS), have been widely adopted by organizations to secure IP communications. But while SSL provides data privacy and secure communications, it also creates challenges to inspection devices such as data loss prevention (DLP) software in the security stack. In short, the encrypted communications cannot be seen as clear text and are passed through without inspection, becoming security blind spots. This creates serious risks, leaving organizations vulnerable to costly data breaches and loss of intellectual property. But today’s security devices, such as intrusion prevention systems (IPSs) and next-generation firewalls (NGFWs), lack the processing power to easily decrypt SSL/TLS traffic. This performance concern becomes even more challenging with the demands of 2048-bit certificates. An integrated F5 SSL Orchestrator and Symantec Data Loss Prevention (DLP) solution solves these SSL/TLS challenges across cloud, mobile, and on-premises environments. F5 SSL Orchestrator centralizes SSL inspection across complex security architectures, providing flexible deployment options for decrypting and re-encrypting user traffic. It also provides intelligent traffic orchestration using dynamic service chaining and policy-based management. Once decrypted, the traffic is inspected by Symantec DLP, which can detect, and block data breaches and exfiltration of sensitive data previously hidden by encryption. This joint solution thus eliminates the blind spots introduced by SSL and closes any opportunity for attackers. Solution Overview Functional implementation of the solution involves both SSL visibility and content adaptation. F5 SSL Orchestrator, deployed inline to the wire traffic, intercepts any outbound secure web request and establishes two separate SSL connections: one each with the client (the user device) and the requested web server. This creates a decryption zone between client and server with SSL visibility for inspection. Within the decryption zone, the content adaptation feature of SSL Orchestrator conditionally forwards both unencrypted HTTP and decrypted HTTPS requests by encapsulating them within Internet Content Adaptation Protocol (ICAP, RFC3507). These encapsulated requests go to a pool of Symantec DLP servers for inspection and possible request modification (REQMOD). In this context, SSL Orchestrator is the ICAP client and Symantec DLP is the ICAP server. After inspection, HTTPS requests are re-encrypted on their way to the web server. The same process of decryption, inspection, possible response modification (RESPMOD), and re-encryption takes place for the return response from the web server to the client. The F5 SSL Orchestrator and Symantec DLP solution Bill of Materials F5 SSL Orchestrator 5.1 Optional functional add-ons include URL filtering subscription, IP intelligence subscription, network hardware security module (HSM) and F5 BIG-IP Access Policy Manager (APM) Symantec Data Loss Prevention (DLP) 15.0 Pre-requisites F5 SSL Orchestrator is licensed and set up with internal and external VLANs and self-IP addresses. An SSL certificate—preferably a subordinate certificate authority (CA)—and private key are imported into SSL Orchestrator. The CA certificate chain with root certificate is imported into the client browser. Symantec DLP is installed and set up with IP connectivity to SSL Orchestrator. Symantec DLP software is composed of three components: Oracle Database, Enforce Server, and a detection server. Refer the Symantec technical documentation to further understand the various deployment types. Solution Configuration Steps The solution deployment involves policy creation on Symantec DLP and configuration of SSL Orchestrator on the F5 system. I. Configure DLP Policy On the web UI of the Symantec DLP Enforce Server, navigate to the Policies page and configure a policy. For example, here we show configuration of a policy named symconfidential with a rule type of Content Matches Keyword and the keyword confidential. II. Deploy SSL Orchestrator using Guided Configuration SSL Orchestrator version 5.1 introduced Guided Configuration, a workflow-based architecture that provides intuitive, re-entrant configuration steps and presents a completely new and streamlined user experience. To deploy the SSL Orchestrator application, log into the F5 system. On the F5 Web UI Main menu, navigate to SSL Orchestrator > Configuration and follow the guided configuration steps. Step 1: Topology Properties SSL Orchestrator creates discreet configurations based on the selected topology. Selecting explicit forward proxy topology (as shown in the example) will ultimately create an explicit proxy listener. Step 2: SSL Properties Select the previously imported subordinate CA certificate (see Prerequisites, above) to sign and issue certificates to the end-host for client-requested HTTPS websites that are intercepted. Step 3: Create the ICAP service The services list section defines the security services that interact with SSL Orchestrator. The guided configuration includes a services catalog that contains common product integrations. In the service catalog, double click the ICAP service and configure the service settings: Symantec DLP IP address, port, URI paths and preview maximum length. Using the service catalog, create additional security services as required before proceeding to the next step. Step 4: Service Chains Create a service chain, which is an arbitrarily ordered lists of security devices. The service chain determines which services receive traffic. Step 5: Security Policy SSL Orchestrator’s guided configuration presents an intuitive rule-based, drag-and-drop user interface for the definition of security policies. In the background, SSL Orchestrator maintains these security policies as visual per-request policies. If traffic processing is required that exceeds the capabilities of the rule-based user interface, the underlying per-request policy can be managed directly. Use this section to create custom rules as required. Step 6: Intercept Rule Interception rules are based on the selected topology and define the listeners (analogous to BIG-IP Local Traffic Manager virtual servers) that accept and process different types of traffic, such as TCP, UDP, or other. The resulting BIG-IP LTM virtual servers will bind the SSL settings, VLANs, IPs, and security policies created in the topology workflow. Step 7: Egress Settings The egress settings section defines topology-specific egress characteristics like NAT and outbound route. Step 8: Summary The configuration summary page presents an expandable list of all the workflow-configured objects. Review the setting and click Deploy to deploy SSL Orchestrator. SSL Orchestrator will be successfully deployed on the F5 system. III. Verification From the client, open Gmail or any other email service and compose an email with the body containing “confidential” and press Send. You will see the mail blocked with the following alert in Symantec DLP server. Conclusion The joint solution from F5 and Symantec brings together the best of application delivery and data security to help you identify and stop data loss. By taking advantage of ICAP and other standards, this joint solution gives you easy-to-use tools and granular control to decrease the risk of data breaches and data ex-filtration. Learn more: Product page: F5 SSL Orchestrator920Views0likes0Comments