ExtraHop Keeps Data Safe With Continuous, Real-Time SSL Monitoring

Wire data analytics platform continuously monitors SSL traffic, automatically confirming encryption between systems and helping organizations ensure compliance with client requirements.

LAS VEGAS, NV - Splunk .conf - September 21, 2015 – ExtraHop, the global leader in real-time wire data analytics for IT intelligence and business operations, today announced that it is working with dozens of enterprise customers to provide continuous, real-time SSL monitoring and envelope analysis to detect weak ciphers, non-compliant and outdated protocol versions, and expiring certificates. With this insight, IT organizations are able to verify the security of web traffic traversing their infrastructure and ensure compliance with their own clients' security requirements.

Web applications depend on strong encryption to ensure the security of data sent between users and applications. Users rely on this encryption to protect them from malicious operators who seek to undermine the integrity and confidentiality of their data. Unfortunately, with the rise of exploits like Heartbleed and Poodle, SSL is now a common attack vector for malicious actors. Performing manual device and certificate checks to ensure that traffic is encrypted or re-encrypted as it traverses the network is time-consuming, imprecise, and risks leaving the organization and its customers open to threats.

Unlike legacy monitoring approaches, the ExtraHop wire data analytics platform provides real-time, end-to-end visibility of all traffic across the entire application delivery chain. With this level of visibility, IT organizations can monitor all devices to ensure that traffic is encrypted, as well as drill down to the device and client level to ensure that a particular user's traffic is encrypted on a particular device. ExtraHop also provides real-time envelope analysis that allows IT to identify and correct weak ciphers and expiring certificates. The platform can also be configured to fire alerts whenever non-encrypted HTTP traffic exceeds a predefined threshold, proactively alerting IT to potential security issues.

IT can expect to gain the following key benefits by using ExtraHop for SSL monitoring:

  • Verify that all traffic is encrypted as it traverses the network.
  • Identify SSL certificates that are due to expire soon.
  • Ensure that SSL keys in use are at least 2048 bits in size.
  • Continuously monitor SSL traffic to ensure it complies with client requirements.

For one large web services hosting company, visibility into traffic encryption was critical not only to security, but also to cost-efficiency. In order to reduce the computational overhead and reduce costs associated with SSL certificates, the company configured their load balancers to offload SSL and TLS encryption from their back-end web servers. In this configuration, requests from the Internet arrived via HTTPS but were decrypted by the load balancer so that logged-in sessions could be identified and routed to the appropriate web server.

However, some of their customers had stipulated—due to their traffic's sensitive nature—that their traffic must be re-encrypted after the load balancing. The company needed an easy way to verify that the traffic for these customers was re-encrypted and that the servers used an SSL certificate with the appropriate key size.

"For this company, the ability to monitor SSL traffic was about more than just security. Without that visibility, the company would have been forced to choose between ensuring compliance with client requirements and using significant additional financial and computational resources," said Erik Giesa. SVP of Marketing and Business Development, ExtraHop. "Using the ExtraHop platform, the IT operations team created a custom activity group for the servers dedicated to these customers, allowing them to continuously monitor whether traffic was being properly encrypted. With this insight, they ensured compliance with the security policy while delivering huge cost-savings to the organization."

Check out the demo video in the sidebar to learn how customers are using ExtraHop for SSL monitoring.

Learn more about the value of the ExtraHop platform for Security Operations teams.

To experience the power of the ExtraHop platform for yourself, explore the ExtraHop interactive online demo.

For more use cases and customer stories, see ExtraHop in Action.

About ExtraHop

Cyberattackers have the advantage. ExtraHop is on a mission to help you take it back with security that can't be undermined, outsmarted, or compromised. Our dynamic cyber defense platform, Reveal(x) 360, helps organizations detect and respond to advanced threats—before they compromise your business. We apply cloud-scale AI to petabytes of traffic per day, performing line-rate decryption and behavioral analysis across all infrastructure, workloads, and data-in-flight. With complete visibility from ExtraHop, enterprises can detect malicious behavior, hunt advanced threats, and forensically investigate any incident with confidence. ExtraHop has been recognized as a market leader in network detection and response by IDC, Gartner, Forbes, SC Media, and numerous others.

When you don't have to choose between protecting your business and moving it forward, that's security uncompromised. Learn more at www.extrahop.com.

© 2022 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc.

Press Contact

Catherine Segar