“With the recent widely-publicized breaches of Certificate Authorities, enterprises are in desperate need of a way to verify the authenticity of SSL certificates,” said Gene Savchuk, CTO at Fidelis. “While SSL pinning – white-listing a certificate authority public key in a browser for a specific domain or set of domains – is emerging as a potential solution, it will quickly prove inadequate for enterprises due to the dynamic nature of certificates and a need for a solution that scales. The Fidelis XPS SSL Decoder mimics this concept, but at the network edge rather than at client end-points, and offers more centralized management which is conducive to certificate changes and scale.”
Until now, the ability to alert IT security to fake certificates has been limited. By leveraging the sophisticated rules engine that is at the core of Fidelis XPS, Fidelis is adding the ability to put rules in place to evaluate certificates and to take action, such as preventing a session, if the certificates characteristics are suspect. The combination of these rules and implementing this action at the network edge provides a measure of ease of use that is a necessity for large enterprises that would otherwise have to rely on application vendors retroactively providing patches following publicized breaches at SSL Certificate Authorities and users applying these patches correctly and in a timely manner.
“SSL-encrypted traffic makes up an ever increasing share of the traffic seen on an enterprise network with the proliferation and cloud computing and social networking,” said Andrew Hay, Senior Security Analyst at 451 Research. “Though the security and confidentiality capabilities provided by SSL are widely known, SSL can also be used to conceal malicious activity such as botnet command-and-control or data exfiltration. If companies are not leveraging network monitoring tools capable of inspecting encrypted traffic, they're likely missing an important threat vector.”
Fidelis introduced the Fidelis SSL Inspector in late 2010 to remove the serious blind spots in content inspection and threat detection created by SSL-encrypted traffic. Customer uptake of the Fidelis SSL Inspector has been significant, and in response to increasing demand to inspect traffic at speeds above one gigabit, Fidelis is introducing Fidelis SSL Inspector 10G. The new system is in a smaller form factor (1U), offers interface flexibility from 1 gigabit copper or fiber to 10 gigabit fiber, is designed to inspect multiple inline segments and can distribute traffic to multiple devices in the enterprise security stack. Working with Fidelis XPS, Fidelis SSL Inspector 10G extends unparalleled visibility and control to the increasing volume of encrypted traffic that may be entering and/or leaving the network.
The Fidelis XPS SSL Decoder and Fidelis SSL Inspector 10G appliance will be available this quarter.