Product Watch: Sourcefire Rolls Out SSL Appliance

Hardware device works with IPS to inspect SSL-encrypted traffic for malicious intent, data leakage
Sourcefire today released a new appliance for the IPS that monitors SSL traffic coming and going from the enterprise network.

The new SSL Appliance decrypts the SSL traffic and passes it to the IPS, which then inspects it for malware or data leakage: the appliance then encrypts the legitimate traffic and sends it on its way. The appliance handles the processing overhead of the decryption and encryption to avoid latency in the IPS process, according to Sourcefire.

"It's all about eliminating that blind spot on the network," says Steve Piper, senior director of products for Sourcefire. "It also puts traffic back out on the network in its original encrypted state without altering the SSL packets."

Piper says the appliance solves the problem of malware or other rogue activity hiding in SSL-encrypted traffic and going undetected.

"[The IPS] looks at its own policy engine ... to see if there are any policies about what traffic should be encrypted and what should not," for example, he says, as well as any restrictions on VoIP or other traffic. "The reason we're doing this [adding the appliance] is because of the growth of SSL over the past few years. SSL is 20- to 30 percent of network traffic now, especially at the perimeter."

Sourcefire is offering two versions of the SSL Appliance -- a four-port, 1 gigabit fiber version, and a four-port, 1 gigabit copper version. List pricing ranges from $42,000 to $52,000.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.