What is SSL Inspection?
SSL inspection (also known as HTTPs Interception) intercepts all traffic, decrypts it, and scans it for malicious content whenever data is transmitted through an HTTPs website. The acronym “SSL” stands for secure sockets layer.
Businesses often use SSL certificates on their websites to create a safe connection and establish confidence for visitors. Usually a browser will show a padlock, branded URL, or some other visual cue that lets the user know that the connection is secure. SSL, also known as TLS (transport layer security), describes the protocols designed to provide additional security for network communication in the form of encryption.
Encryption is used to make traffic unreadable by third parties that may attempt to intercept the traffic. Encryption protects passwords, credit cards, credentials, and other information as its transferred online between client and server.
Unfortunately, malware (malicious software) creators and groups that create phishing sites use SSL encryption to their advantage. When malicious software is hidden in SSL traffic, it becomes almost impossible to detect. Phishing sites can have a valid SSL certificate, which increases the likelihood that a user will believe the site is legitimate. Many security solutions fail to detect malware within SSL traffic, meaning that you have to trust your endpoint antivirus to detect it on execution - essentially bypassing the additional layers of protection in your security environment. According to Zscaler, 50% of today’s malware is hiding in SSL traffic. This is why you need to ensure you are using a security solution that includes SSL inspection.
How Does SSL Inspection Work?
Let’s say you click on a phishing link that looks like it might be your email provider. If the traffic is encrypted, your security solution cannot review the page for any malicious content. As a result, you could be tricked into providing your email credentials to a scammer. With SSL inspection, the content of the page can be inspected for malicious content, such as malicious scripts or links to other malicious sites.
To keep the information encrypted, the SSL inspector first establishes a connection with the web server, where it decrypts the data safely and identifies any malicious content. Once scanning is complete, another SSL connection is made with the browser. This ensures that the sensitive information arrives in the proper encrypted format, free of malware.
Appliance vs. Cloud-Based SSL Inspection
Appliances often remove the overhead and management nightmares associated with several combined point solutions, but the performance impact of using an appliance like a Web Filter or UTM device for SSL inspection can be devastating for a business.
Appliances create severe latency that often cause users to turn off SSL inspection features, creating gaping security holes. According to Gartner, SSL inspection is turned off in 90% of UTMs due to latency issues.
Cloud-based SSL inspection covers ALL SSL traffic, on or off the network without creating latency, performance issues or productivity losses. The service is able to scale with growing businesses without slowing processors down or creating unnecessary downtime or performance deterioration. Using a SaaS solution also means you can inspect traffic for remote users, ensuring they are safely browsing no matter where they are.
Learn How to Stop Cyber Threats at the Source While Reducing Costs and Increasing Protection.
Appliances vs Cloud Security. Six Reasons Why Your Security Appliance and UTM Solution is Failing Your Business.