To increase the flow of traffic through a multifunction device, the only option is to increase overall capacity. Adding capacity is a significant capital expense and some features have an extra cost to ensure the device can handle decryption.
A better option is to use a network visibility solution or network packet broker (NPB) with SSL decryption to offload security tools. Many organizations use NPBs to aggregate traffic from across the network, identify relevant packets, and distribute them at high speed to security tools. NPBs using hardware acceleration can process traffic at line rate with no packet loss, and can automatically load balance. They also eliminate the requirement for multiple inline devices to each perform independent decryption/re-encryption. The cost of scaling an NPB is lower than scaling most security appliances, and can provide a quick return on investment.
As more of the Internet shifts toward encrypted traffic, attacks in SSL traffic will become more common. To protect data and networks from hackers and cybercriminals, it is essential to inspect all encrypted network traffic. An organization that does not develop a rigorous approach to inspecting encrypted traffic will undermine network security, creating an unacceptable risk of breach and data loss. Fortunately, new solutions are emerging that improve the efficiency and cost-effectiveness of SSL decryption.
Sign up for Computerworld eNewsletters.