P RE D I C T I V E I NTELLIGEN CE
proper traffic visibility this will be an
unachievable mission.
How crucial is network visibility
in preventing attacks and how
difficult is this to achieve?
None of the above will be achieved
without traffic visibility (ingress and
egress). Visibility in each and every
level is mandatory in order to activate
the security devices. Visibility is not a
nice-to-have, it is critical. And I always
advise our partners to consider it as a
top priority. Otherwise reporting and
analysis will be meaningless.
Also, it is very important to realise
that visibility does not mean violating
confidentiality – ensuring compliance with
privacy standards should not conflict with
visibility and this is achievable.
How does A10 Networks’
Thunder SSLi product help to
eliminate the blind spot?
Blind spot is a terminology that
describes the situation when security
devices cannot inspect the actual data
or application layer due to encryption.
Once the client/server exchanges the
TLS certificate and key during the
TCP hand-shake, the traffic will be
encrypted, thus there will be no way
to intercept the traffic and inspect it.
Cyberattackers are aware of this fact,
so it is easy to hide malicious activities
into an application layer to pass it
through security defences towards the
targeted services or machines. The
end service will then decrypt the traffic
without prior inspection. This is a risky
scenario, isn’t it?
The A10 Networks Thunder SSLi
solution helps to eliminate blind spots
by intercepting the client/server
TLS negotiation as full proxy and
maintaining two separate sessions,
one session with the client’s side and
the other one with the server’s side.
In between, A10 Thunder SSLi will
feed the security devices intelligently
with clear text traffic. After the security
device finishes the inspection and
34
Infrastructure needs
to be adapted to
accommodate the
rapid growth and
new user behaviour
to ensure safe
communication
and to eliminate
security threats.
forwards the traffic, A10 Thunder SSLi
will encrypt the traffic again before
forwarding it to the original destination.
How does the product help to
make the lives of CISOs easier?
Deploying our SSLi solution and
forwarding the traffic to many inline and
non-inline security devices eliminates the
decryption overhead of each security
device. This improves performance while
maintaining proper security diligence,
enhancing the user’s experience and
saving costs by eliminating the need to
purchase bigger security devices just to
support resource-intensive decryption
and encryption functions.
This will help CISOs achieve the next
level of securing the infrastructure by
fine-tuning the security polices and
configurations on security devices based
on the visibility obtained and the control
gained by eliminating the blind spot.
The A10 Thunder SSLi solution not only
provides visibility of the traffic to security
devices, but it also sends logs and
can mirror the traffic for the SIEM, and
logging solution and forensic analysis
tools allow CISOs to keep historical
logs and events in a readable format.
Moreover, A10 Networks can support the
ICAP protocol to feed and activate the
DPI and AV solutions.
What are the other features
CISOs can leverage from
Thunder SSLi?
Many built-in features come with
Thunder SSLi. Application Access
Management (AAM), URL filtering and
application visibility come on top of the
list. AAM enables us to integrate with
AAA servers to apply policies and track
activities per user. While URL filtering
helps to ensure compliance with privacy
standards so we can bypass SSLi
Issue 19
|
www.intelligentciso.com