ExtraHop Keeps Data Safe With Continuous, Real-Time SSL Monitoring

Wire data analytics platform continuously monitors SSL traffic, automatically confirming encryption between systems and helping organizations ensure compliance with client requirements.

LAS VEGAS, NV - Splunk .conf - September 21, 2015 – ExtraHop, the global leader in real-time wire data analytics for IT intelligence and business operations, today announced that it is working with dozens of enterprise customers to provide continuous, real-time SSL monitoring and envelope analysis to detect weak ciphers, non-compliant and outdated protocol versions, and expiring certificates. With this insight, IT organizations are able to verify the security of web traffic traversing their infrastructure and ensure compliance with their own clients' security requirements.

Web applications depend on strong encryption to ensure the security of data sent between users and applications. Users rely on this encryption to protect them from malicious operators who seek to undermine the integrity and confidentiality of their data. Unfortunately, with the rise of exploits like Heartbleed and Poodle, SSL is now a common attack vector for malicious actors. Performing manual device and certificate checks to ensure that traffic is encrypted or re-encrypted as it traverses the network is time-consuming, imprecise, and risks leaving the organization and its customers open to threats.

Unlike legacy monitoring approaches, the ExtraHop wire data analytics platform provides real-time, end-to-end visibility of all traffic across the entire application delivery chain. With this level of visibility, IT organizations can monitor all devices to ensure that traffic is encrypted, as well as drill down to the device and client level to ensure that a particular user's traffic is encrypted on a particular device. ExtraHop also provides real-time envelope analysis that allows IT to identify and correct weak ciphers and expiring certificates. The platform can also be configured to fire alerts whenever non-encrypted HTTP traffic exceeds a predefined threshold, proactively alerting IT to potential security issues.

IT can expect to gain the following key benefits by using ExtraHop for SSL monitoring:

  • Verify that all traffic is encrypted as it traverses the network.
  • Identify SSL certificates that are due to expire soon.
  • Ensure that SSL keys in use are at least 2048 bits in size.
  • Continuously monitor SSL traffic to ensure it complies with client requirements.

For one large web services hosting company, visibility into traffic encryption was critical not only to security, but also to cost-efficiency. In order to reduce the computational overhead and reduce costs associated with SSL certificates, the company configured their load balancers to offload SSL and TLS encryption from their back-end web servers. In this configuration, requests from the Internet arrived via HTTPS but were decrypted by the load balancer so that logged-in sessions could be identified and routed to the appropriate web server.

However, some of their customers had stipulated—due to their traffic's sensitive nature—that their traffic must be re-encrypted after the load balancing. The company needed an easy way to verify that the traffic for these customers was re-encrypted and that the servers used an SSL certificate with the appropriate key size.

"For this company, the ability to monitor SSL traffic was about more than just security. Without that visibility, the company would have been forced to choose between ensuring compliance with client requirements and using significant additional financial and computational resources," said Erik Giesa. SVP of Marketing and Business Development, ExtraHop. "Using the ExtraHop platform, the IT operations team created a custom activity group for the servers dedicated to these customers, allowing them to continuously monitor whether traffic was being properly encrypted. With this insight, they ensured compliance with the security policy while delivering huge cost-savings to the organization."

Check out the demo video in the sidebar to learn how customers are using ExtraHop for SSL monitoring.

Learn more about the value of the ExtraHop platform for Security Operations teams.

To experience the power of the ExtraHop platform for yourself, explore the ExtraHop interactive online demo.

For more use cases and customer stories, see ExtraHop in Action.

About ExtraHop

ExtraHop is on a mission to arm security teams to confront active threats and stop breaches. Our Reveal(x) 360 platform, powered by cloud-scale AI, covertly decrypts and analyzes all cloud and network traffic in real time to eliminate blind spots and detect threats that other tools miss. Sophisticated machine learning models are applied to petabytes of telemetry collected continuously, helping ExtraHop customers to identify suspicious behavior and secure over 15 million IT assets, 2 million POS systems, and 50 million patient records. ExtraHop is a market share leader in network detection and response with 30 recent industry awards including Forbes AI 50, Cybercrime Ransomware 25, and SC Media Security Innovator.

Stop Breaches 84% Faster. Get Started at www.extrahop.com/freetrial

© 2021 ExtraHop Networks, Inc., Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are registered trademarks or marks of ExtraHop Networks, Inc.

Press Contact

Mentha Benek

ExtraHop Networks