Going the ExtraHop for Real-Time SSL Decryption

The ExtraHop Application Delivery Assurance system is now capable of completely hardware-driven SSL decryption at network speeds up to 10Gbps

Events such as the recent hacking of U.S. Government officials' Google Gmail accounts and Sony's PlayStation Network as well as the RSA SecurID breach have highlighted the need for greater data security. In response, more popular applications and websites, including Facebook, Gmail, and Twitter, have made SSL encryption standard. In heavily regulated industries such as healthcare and financial services, HIPAA compliance and other data-protection laws also contribute to this elevated use of SSL encryption. In fact, according to the seventh edition of Palo Alto Networks' Application Usage and Risk Report, more than 40 percent of businesses' applications now are encrypted by SSL.

However, while this trend hopefully will keep data safe, SSL encryption can complicate application performance management (APM). An elementary premise for APM is that if you can't see your network traffic, you can't monitor the health and performance of your applications. So, when as much as 40% of an organization's application data is encrypted with SSL, it creates a massive blind spot in network visibility.

These days, the processing requirements for decrypting SSL are greater than ever, too. We are starting to see increasing numbers of organizations switch over to using new, 2048-bit SSL encryption keys in accordance with the U.S. National Institute of Standards and Technology's (NIST) recent advisory. This change makes SSL more secure, but, of course, these more-complex keys also take even more time to decrypt.

The combination of more encrypted data and stronger encryption keys makes software-driven SSL decryption increasingly untenable due to the significant drain on processing resources they require. Business demands require real-time monitoring of application health and performance, and more-powerful hardware acceleration is needed to make sure that SSL blind spots don't handicap an organization's ability to keep business-critical processes from failing.

To meet these demands, we are very happy to announce that the ExtraHop Application Delivery Assurance system is now capable of completely hardware-driven SSL decryption of 2048-bit keys at network speeds—up to a sustained 10Gbps of network traffic. With this enhancement, organizations can leverage the real-time analysis capabilities of the ExtraHop system to decrypt and analyze SSL traffic for common cipher suites at the scale and speed required by today's enterprise networks.

For more information about this functionality, see our official announcement regarding the addition of 2048-bit SSL decryption to eliminate organizations' APM blind spot.

Subscribe to our Newsletter

Get the latest from ExtraHop delivered straight to your inbox.