WIXLIB

Enabling Full Visibilityfor Zero Trust NetworksSSL Insight Solution OvervieAlways Secure. Always Available.

Cyber Crimes are on the Rise! 3.92 M650%90%Average cost of aData BreachIncrease inTrojan-basedmalware threatsBreaches caused byPhishingA lot of these attacks are enabled byInternal Threat ActorsSources: Ponemon Institute HIPAA Journal RetrusterConfidential Do Not Distribute2

Impact of Data Breaches Ransom Lost revenue Brand damage Regulatory fines e.g. GDPR Investigation costs LawsuitsData Breaches can happen anywhere, at any timeSource: Bleeping ComputerConfidential Do Not Distribute3

Are All Attacks Launched From The Outside? More than often, Internal Threat Actors are to be blamed for such attacks Who is an Internal Threat Actor? Any user within the trusted internal network Has legitimate access to resources Has conscious intent to cause harm Malicious insider or disgruntled employee An imposter who technically is an outsider Corporate spies Has no conscious intention of causing harm Careless or negligent insider Internal Threat Actors are generally not aware of the damage they are causingConfidential Do Not Distribute4

Zero Trust Aims to Solve These Security Issues What is Zero Trust? Conceptual model driving architectural changes The concept has been around for long Vendors and customers finally implementing the model Demands major architectural changes In the Zero Trust model, visibility is key Visibility into users, data, workflows etc.Confidential Do Not Distribute5

Basic Principles of Zero Trust “Trust Nobody” Redesign networks into secure micro-perimeters Limit excessive user privileges Improve detection and response times throughanalytics and automation Enable compliance Improve security detection and response withcentralized visibility & control Avoid solutions that are too complex to deploy and use Avoid solutions that don’t support diverse integrationsSource: ForresterConfidential Do Not Distribute6

Encryption Introduces New Challenges & ComplexityEncryption gives you PrivacyBut it can hurt your SecurityConfidential Do Not Distribute7

Exploiting The Growing Encrypted Blind Spot94% of all internet traffic isencryptedSource: Google Transparency Report Dark ReadingAlmost half of cyber attacks useencryption to evade securityConfidential Do Not Distribute8

Encryption Makes Traditional Defenses IneffectiveInfiltrationCommand and ControlExfiltration Intrusion Prevention System (IPS)FirewallSecure Web Gateway (SWG)Anti Virus SystemBeforeAdvanced Threat Protection (ATP)Anti Malware SystemSandboxDuringData Loss Prevention System (DLP)ForensicsAfterThe Cyber Attack ContinuumConfidential Do Not Distribute9

Zero Trust Model Will Also Fail Without Decryption BecauseVisibility Is KeyConfidential Do Not Distribute10

But Visibility Requires More Than Simple UpgradesExisting Solutions are Inefficient, Expensive and icultOperationalizationCostly & NotPurpose BuiltDisruptive &IncompleteComplex UI &Incomplete AnalyticsConfidential Do Not Distribute11

Decryption Scale and Security ProblemsEncrypted Internet TrafficDecrypted Internet TrafficEach device must decrypt and re-encrypt its owntraffic for full visibilitySSL/TLS decryption is extremelycompute-intensive and adds latencyNo single point of decryption policycontrol & key managementDLP/AVSWGSeparate decryption licensesrequired on each deviceATPIPSNGFWExpensive upgrades required toscale with rising demandsConfidential Do Not Distribute12

So What’s The Solution?Performance Hit at Every ApplianceORNo TLS/SSL Inspection?Confidential Do Not Distribute13

The Solution – Dedicated and Centralized DecryptionA Solution That: Provides full visibility to the entiresecurity infrastructure Enhances efficiency and efficacy ofexisting security infrastructure Is vendor agnostic and provides flexibledeployment options Is easy to operationalize and use Provides centralized visibility andanalytics Provides centralized management Centralizes decryption, policy control, keymanagementConfidential Do Not Distribute14

“Dedicated Decryption” is the Preferred SolutionSource: NSAConfidential Do Not Distribute15

Introducing SSL InsightAlways Secure. Always Available.Confidential Do Not Distribute16

SSL Insight is at the Core of the Zero Trust Model With most of internet traffic being encrypted, SSL Insight enables other Zero Trustsecurity devices and improves their efficacy Multi-Layered Security Services: Enable compliance Restrict and scrutinize user access Provide consolidation of multiple security services in one platform “Ease Of Use Matters” – Forrester Centralized visibility, management and policy control with uniform UIs help position us as a strongcontender Seamless integration with other security solutionsConfidential Do Not Distribute17

Enhance Performance with Secure Decrypt ZoneEncrypted Internet TrafficDecrypted Internet TrafficEnhanced performance due toDecryption/Re-encryption offloadSECURE DECRYPT ZONEDLP/AVImproved user experience due toreduced latencySWGATPIPSNGFWCentralized decryption, policy controland key managementConfidential Do Not Distribute18

Solution Components – A Deeper DiveFULL TRAFFIC VISIBILITYMULTI-LAYERED SECURITYANALYTICS & EASE OF USEConfidential Do Not Distribute19

Full Traffic Visibility Full Visibility, including PFS, at industry’s highest performance Decrypt across all multiple protocols including SSL/TLS, SSH, STARTTLS, XMPP, SMTP and POP3 Dynamic port inspection to identify and decrypt SSL/TLS over any port Full proxy architecture ensures granular control over traffic SSL Insight is non-disruptive, integrating seamlessly into any network Can be deployed as an L2 bump-in-the-wire or L3 device Can be deployed as a transparent or explicit proxyConfidential Do Not Distribute20

Secure Decrypt Zone Decrypt once, inspect many times Flexible interoperability Supports inline, passive or ICAP-enabled devices Works with transparent and explicit proxies Supports proxy chaining for connecting to upstream proxies Service chaining can be used to steer traffic through different security devices based on Source and destination IP addressesProtocol typeUser and group IDApplication IDConfidential Do Not Distribute21

What Goes in the Secure Decrypt Zone?SECURE DECRYPT ZONENote: Logos of only some of our validated security partners are shown hereConfidential Do Not Distribute22

Compliance Selective bypass for compliance with privacy regulations e.g. HIPAA, SOX, PCI/DSS etc. Examples: Healthcare websites due to HIPAA regulations Personal financial data due to EU General Data Protection Regulation Decrypt traffic to stop data breaches, ensuring GDPR compliance Ensure your organization is safe from large fines and lawsuits High speed and detailed logging for PCI/DSS complianceConfidential Do Not Distribute23

Web Classification Service Classifies web traffic into 83 site categories in orderto bypass decryption of specific, sensitive data On-box database of 20 million domain entries &600 million domains in the cloud Powered by WebrootWEB CLASSIFICATION SERVICE 600 million domains 27 billion URLs classified 83 site categories 45 languages 12 million dangerous IPscorrelated with URLsConfidential Do Not Distribute24

Multi-Layered Security ServicesApplicationFirewallThreatInvestigatorURL & WebFilteringICAPIntegrationThreatIntelligenceUser ID BasedTraffic Filtering And MoreConfidential Do Not Distribute25

Application Visibility Identify applications irrespective of port, protocol, or evasive tactics Identify applications based on bandwidth or connections consumption Restrict applications based on security and performance concerns Steer traffic through different security devices based on Application IDNote: Application Visibility subscription is requiredConfidential Do Not Distribute26

Threat Investigator Investigate threats & gainvaluable insights Risk score assessment fordomains, IPs, Apps & Files Reputation index scores from 0-100 Detailed graph of all linked actorsand their reputation index Integrated into Access Logs forease of useNote: Web Classification service subscription is requiredConfidential Do Not Distribute27

URL and Web Filtering Preventive security service Block access to known malicious and harmful content Specific categories for K-12 user protection Block access based on security concerns (malware, phishing etc.) Stop users from bypassing security (proxies, VPNs) User-ID/Group-ID based filtering for granular controlSecurity ggers/MonitoringEmployeeProductivity Social NetworkingInternet CommunicationGamesShoppingRecreation & HobbiesNote: Web Classification service subscription is requiredNetworkSpeed Streaming Media Shareware/Freeware Peer to PeerLegal/Compliance Financial ServicesLegalEducational InstitutionsWeb-based EmailHealth & MedicineParentalControls Adult & PornographyAbused DrugsGamblingIllegalHate & RacismViolenceCheatingConfidential Do Not Distribute28

ICAP Support Extends TLS inspection support to ICAP based security appliances ICAP Request Mode for Data Loss Prevention (DLP) appliances ICAP Response Mode for Anti-Virus/Malware appliances Pre-Filtering of traffic based on request method, payload or preview lengthEncrypted Internet TrafficDecrypted Internet TrafficSECURE DECRYPT ZONEDLP/AVDecrypted data sentto DLP via ICAPConfidential Do Not Distribute29

Threat Intelligence Continuously classifies and scores 95% of the Internet, and monitors the entire IPv4, andin-use IPv6 address space Enhances security efficacy to cover a broad range of attacks originated by different IPthreat categories Applied through Thunder CFW firewall rules27 600 15 62 BillionURLs4 52 MillionDomainsBillionIP AddressesBillionFile BehaviorRecordsMillionMobile AppsMillionConnected SensorsNote: Web Classification service subscription is requiredConfidential Do Not Distribute30

User-based Policies Authentication and Authorization servicesfor internal users Provide Identity-based access control Connect to Active Directory for User/Group IDs Define User-ID/Group-ID based policies forTraffic Steering, URL Filtering and more Provide detailed activity logs Enable SIEMs for high-speed, extensive logs totrack malicious activityConfidential Do Not Distribute31

Analytics & Ease of UseAlways Secure. Always Available.Confidential Do Not Distribute32

Simple and Easy to Use AppCentric Templates Streamlined Wizards Wider coverage of use cases Configuration Dashboard 3-step configuration Streamlined, single devicedeployments Simplified, wizard-basedtroubleshootingOrTroubleshootinguse the customYou nfigurationsthe devicebefore making editsScreenshots Source: AppCentric Templates (ACT) v4Confidential Do Not Distribute33

Intuitive Dashboards and Detailed Visibility Customizable Dashboards Intuitive Widgets and Tiles Grouped by service type Detailed Access Logs Exportable logs Threat Investigator Integration Instantaneous lityand sSSLi, orScreenshots Source: AppCentric Templates (ACT) v4Confidential Do Not Distribute34

Centralized Management and Visibility Harmony Controller SSLi App Streamlined Wizards Device and Policy Manager Wider coverage of use cases withshared objects Multi-device, Multi-sitedeployments Enhanced operational efficiencyThe icesdetailedManagerDevicecanin informationtheforbeManagerDevicecreatingused roupsusedwizardby SSL Insightthat can be applied to multiple devices and device groupsScreenshots Source: Harmony Controller SSLi AppConfidential Do Not Distribute35

Enhanced Logging High speed logging to syslog, SIEMetc. Comprehensive SSLi logging and statsfor all SSL sessions Shows detailed traffic andconnections statistics Dedicated Splunk Enterprise AppScreenshots Source: Splunk SSL Insight App available on SplunkbaseProactive DeploymentConfidential Do Not Distribute36