ExtraHop Keeps Data Safe With Continuous, Real-Time SSL Monitoring

Wire data analytics platform continuously monitors SSL traffic, automatically confirming encryption between systems and helping organizations ensure compliance with client requirements.

LAS VEGAS, NV - Splunk .conf - September 21, 2015 – ExtraHop, the global leader in real-time wire data analytics for IT intelligence and business operations, today announced that it is working with dozens of enterprise customers to provide continuous, real-time SSL monitoring and envelope analysis to detect weak ciphers, non-compliant and outdated protocol versions, and expiring certificates. With this insight, IT organizations are able to verify the security of web traffic traversing their infrastructure and ensure compliance with their own clients' security requirements.

Web applications depend on strong encryption to ensure the security of data sent between users and applications. Users rely on this encryption to protect them from malicious operators who seek to undermine the integrity and confidentiality of their data. Unfortunately, with the rise of exploits like Heartbleed and Poodle, SSL is now a common attack vector for malicious actors. Performing manual device and certificate checks to ensure that traffic is encrypted or re-encrypted as it traverses the network is time-consuming, imprecise, and risks leaving the organization and its customers open to threats.

Unlike legacy monitoring approaches, the ExtraHop wire data analytics platform provides real-time, end-to-end visibility of all traffic across the entire application delivery chain. With this level of visibility, IT organizations can monitor all devices to ensure that traffic is encrypted, as well as drill down to the device and client level to ensure that a particular user's traffic is encrypted on a particular device. ExtraHop also provides real-time envelope analysis that allows IT to identify and correct weak ciphers and expiring certificates. The platform can also be configured to fire alerts whenever non-encrypted HTTP traffic exceeds a predefined threshold, proactively alerting IT to potential security issues.

IT can expect to gain the following key benefits by using ExtraHop for SSL monitoring:

  • Verify that all traffic is encrypted as it traverses the network.
  • Identify SSL certificates that are due to expire soon.
  • Ensure that SSL keys in use are at least 2048 bits in size.
  • Continuously monitor SSL traffic to ensure it complies with client requirements.

For one large web services hosting company, visibility into traffic encryption was critical not only to security, but also to cost-efficiency. In order to reduce the computational overhead and reduce costs associated with SSL certificates, the company configured their load balancers to offload SSL and TLS encryption from their back-end web servers. In this configuration, requests from the Internet arrived via HTTPS but were decrypted by the load balancer so that logged-in sessions could be identified and routed to the appropriate web server.

However, some of their customers had stipulated—due to their traffic's sensitive nature—that their traffic must be re-encrypted after the load balancing. The company needed an easy way to verify that the traffic for these customers was re-encrypted and that the servers used an SSL certificate with the appropriate key size.

"For this company, the ability to monitor SSL traffic was about more than just security. Without that visibility, the company would have been forced to choose between ensuring compliance with client requirements and using significant additional financial and computational resources," said Erik Giesa. SVP of Marketing and Business Development, ExtraHop. "Using the ExtraHop platform, the IT operations team created a custom activity group for the servers dedicated to these customers, allowing them to continuously monitor whether traffic was being properly encrypted. With this insight, they ensured compliance with the security policy while delivering huge cost-savings to the organization."

Check out the demo video in the sidebar to learn how customers are using ExtraHop for SSL monitoring.

Learn more about the value of the ExtraHop platform for Security Operations teams.

To experience the power of the ExtraHop platform for yourself, explore the ExtraHop interactive online demo.

For more use cases and customer stories, see ExtraHop in Action.

Learn about how customers are using ExtraHop to provide continuous, real-time SSL monitoring

About ExtraHop

ExtraHop is the cybersecurity partner enterprises trust to reveal the unknown and unmask the attack. The company’s Reveal(x) 360 platform is the only network detection and response platform that delivers the 360-degree visibility needed to uncover the cybertruth. When organizations have full network transparency with ExtraHop, they see more, know more, and stop more cyberattacks. Learn more at www.extrahop.com

© 2023 ExtraHop Networks, Inc. Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are trademarks of ExtraHop Networks, Inc.

Press Contact