SAN FRANCISCO -- Netronome Systems, the industrys leading provider of Open Appliance systems, today announced the availability of the industrys highest-performance transparent proxy for Secure Socket Layer (SSL) network communications. The Netronome SSL Inspector is designed for security and network appliance manufacturers, enterprise IT organizations and system integrators. The SSL Inspector allows network appliances to be deployed with the highest levels of flow analysis while still maintaining multi-gigabit, line-rate network performance for compliance, NAC and other security applications.
SSL communications constitute a significant and growing percentage of the traffic in enterprise LAN/WAN and service provider networks. The privacy benefits provided by SSL can be overshadowed by the risks it brings to the enterprise network. SSL encryption can prevent IT organizations from ensuring that threats such as viruses, spam and malware are stopped before they reach individual users. Encryption also makes it difficult for network administrators to enforce corporate acceptable-use policies. Regulatory and other compliance requirements, including identifying accidental or intentional leakage of confidential information, are also virtually impossible to meet because of SSL encryption. Existing methods to control SSL include severely limiting its use, preventing its use entirely, or installing SSL proxy solutions that significantly reduce network performance for both SSL and non-SSL traffic.
Until now, managing SSL traffic has proven difficult, but with the Netronome SSL Inspector, users can take advantage of a unique combination of capabilities that removes the risks arising from lack of visibility into SSL traffic while increasing the performance of security and network appliances, including:
- Line-rate Network Performance: All non-SSL flows are cut-through in hardware in less than 10 microseconds, eliminating unnecessary delay for time-sensitive applications, such as VoIP.
- Network Transparency: Unlike existing SSL proxies, the SSL Inspector is deployed as a bump in the wire and is completely transparent to both end users and intermediate networking elements. It does not require network configuration, IP addressing or topology changes, or modification to client IP interface and web browser configurations.
- Scalable Flow-based Processing: At up to 4 gigabits per second, the SSL Inspector supports the analysis of 200,000 SSL and 1,000,000 total simultaneous flows.
- High Connection Rate: The SSL Inspector provides more than ten times the setup and teardown rate of SSL proxy solutions, at over 50,000 SSL and 250,000 total sessions per second.
- Application Preservation: All network and security applications and appliances, such as IDS, IPS, UTM and HTTP and WAN load balancing, can continue to work for SSL and non-SSL communications, extending their usability.
- Open Application Programming Interface: Netronomes solution is the only probe with API programmability that provides network and security appliance manufacturers with a simple way to integrate SSL inspection into their new applications. The SSL Inspector can also be used with existing, unmodified applications.
The combination of these capabilities provides security and network appliance vendors with a way to increase the performance of their applications, avoid becoming the source of reduced network throughput and expand the scope of their applications to also provide benefits for SSL encrypted traffic.
Enterprise organizations continue to struggle with the growth of SSL in their networks. Whether trying to comply with corporate and government regulations, or merely trying to preserve the use of existing network and security appliances after SSL has been introduced, the Netronome SSL Inspector delivers a way to meet their IT and network compliance requirements, while preserving the benefits of SSL communications, said Jarrod Siket, vice president of marketing at Netronome Systems.