Identify & Control SSL
Analysts estimate that SSL traffic represents more than20% of the traffic traversing enterprise networks today making it one of the largest blind spots on the network. With SSL, malware propagation and the unseen transfer of company data is greatly simplified. And because existing security solutions are unable to identify, decrypt and inspect SSL, enterprises have few options. They can block it completely, redirect it to another point product or ignore it and hope for the best. Ideally, the firewall solution for SSL would be one that:
- Identifies and decrypts SSL, giving the administrators the ability to control it.
- Enables granular policy creation to selectively block, allow and inspect SSL traffic.
- Facilitates protection of employee privacy while safeguarding the network.
Policy-based Decryption, Identification and Control of SSL Traffic
As the first firewall on the market to provide visibility and control of SSL traffic, Palo Alto Networks enables customers to assemble policies to identify and control SSL. When SSL traffic is detected, it is decrypted and the application inside the encrypted tunnel is identified. A policy decision is made prior to re-encrypting and sending the traffic to its destination. Employee privacy is protected by enabling or disabling SSL decryption on a per policy basis using source/destination, user or group identity from Active Directory and URL category.
Customer Examples
Customers are deploying the PA-4000 Series to take advantage of the ability to identify SSL traffic and see exactly what application is being used, applying appropriate security policy rules to control and inspect it.
Datasheet Download
"Visibility into SSL allows me to quickly determine good traffic from bad and control it via a security policy."
Mark Rein
Senior Director, Information Technology
Mercy Medical Center