Why You Should Be Using SSL Inspection

Organizations rely on network traffic inspections to meet numerous security objectives. Firewalls scrutinize content to ensure that it doesn’t contain malicious code. Intrusion prevention systems block attacks before they enter a network. Data loss prevention systems stop employees and other insiders from sending sensitive information outside a network without permission. These technologies all play a crucial role in protecting the confidentiality of sensitive information and the security of systems and applications.

But many IT professionals are unaware that they may be unintentionally crippling the effectiveness of these essential security safeguards. According to a recent analysis, more than 85 percent of network traffic uses end-to-end encryption. This means the traffic is encrypted by the user’s web browser and isn’t decrypted until it reaches the destination server, using a technology called Secure Sockets Layer (SSL) or its successor, Transport Layer Security (TLS). This is, of course, a good thing for internet security. We want traffic to be encrypted because encryption protects sensitive information from prying eyes. 

However, the same SSL technology that protects traffic from eavesdroppers also has the potential to stop security tools in their tracks. When users connect to a remote site using a connection protected by SSL, nobody can eavesdrop on that data traffic. This includes security tools that organizations depend on to search for and block malicious activity.

SSL inspection restores the ability of security technologies to peer inside network traffic. It does this by deploying digital certificates on an organization’s endpoint devices, instructing them to trust the encryption keys used by the SSL inspection technology. Then, when a system on the network attempts to make an encrypted connection to a system located on the internet, the SSL inspection technology steps in and moderates the connection. The traffic flows through the organization’s security infrastructure, where it is subject to inspection, before being sent safely to its destination. When the remote system replies, the traffic goes through the process in reverse. 

While this seems like a common-sense approach to bolstering enterprise security controls, the unfortunate reality is that most organizations have not yet deployed it in any significant way. I believe that rolling out this technology quickly should be one of the highest priorities of enterprise cybersecurity teams.

Deploying SSL inspection technology can be a technically complex process. The organization needs to create and manage the digital certificates used to implement the technology and then deploy them to its managed endpoints. Fortunately, security automation technology can ease the burden of this work by allowing the automated deployment of certificates to endpoints through group policies and similar mechanisms.

Before rolling out SSL inspection technology, organizations should take a careful look at the policies they use to implement centralized decryption. It’s true that employees don’t have a legal expectation of privacy on corporate networks, but employers should still exercise some discretion. For example, it’s a good idea to exempt personal banking and healthcare sites from SSL inspection rules to protect employee privacy.

SSL inspection technology will require an investment of time and money to deploy, but the investment is justified by the return: the ability to continue the effective operation of other security controls.

Story by Jeff Jensen, a senior field solution architect covering the Eastern, Central and Southern regions of the United States. He has extensive experience with security, networking, routing, switching, troubleshooting, wireless, project management and disaster recovery. He specializes in the design, deployment and operation of enterprise network security architectures.