By Amos Aesoph, CISO
SSL inspection is a topic that divides the IT security world. Some organizations see it as an essential part of their security program, while others say it’s time consuming, adds complexity, and could open up additional data exposure avenues.
How do you decide? In my opinion, on a scale of 1-10, where 10 is an “absolute must have,” I would rank this at a 6. Two years ago, I would have put this at a 2, so it’s gradually growing on me. If you have ALL of your other security program initiatives on point, this would be worth testing the waters with an SSL inspection. Some points to consider:
- Overall protection: depending on which reports you believe, encrypted traffic accounts for 75-95% of internet traffic these days, including malicious sites. That means we’re only inspecting 10-30% of all the traffic coming through the firewall.
- Prevent infection: even legitimate sites can become infected and spread malware through their SSL traffic.
- Network visibility: even if the traffic is not malicious, it is nice to have full visibility of what is coming and going on the network, what files are being accessed, what games are being played, etc.
- More sophisticated filtration: with the massive proliferation of content servers, it’s getting tough to filter out what is good from what is not so good by looking at the URL.
- Administrative overhead: it can be quite the headache to manage certificates, end user experiences, and decryption policies on the device.
- Liability: when you are decrypting this content, what happens when you end up with something HIPAA, PCI, regulated or otherwise sensitive data? What happens to that data? Who can see it? Who can retrieve it? How long is it stored? Each vendor provides mechanisms for avoiding things like health, banking and government data, but… are we sure? Really, really sure?
- Costs: plain and simple, it takes bigger equipment to do the decryption and therefore additional costs, as well as performance hits and more IT employees to carry out the work.
In cases like these, an expert assessment of your overall security needs can help you make the right decision. A good security plan will take into consideration your environment, the value of your data, and the size of your workforce. A security consultant can help you determine whether this type of end point inspection will help you catch threats or unnecessarily expose data, causing greater risks of problems.
Xigent specializes in helping mid-market organizations develop and/or run a security program that is appropriately sized and tested.
To learn more about our cybersecurity services, visit https://xigentsolutions.com/managed-services/cyber-security-services/