May 21 2010
A new secure sockets layer (SSL) appliance, which empowers the inspection of SSL-secured traffic by the intrusion prevention system (IPS) to block the encryption-masked malicious traffic, has been launched by Sourcefire, an intelligent cyber-security systems leader and developer of Snort.
Sourcefire SSL Appliance
The four-port (fail-open) 1G copper and the four -port (fail-open) 1G fiber are the two SSL Appliance models that are currently available with Sourcefire. The traffic is decrypted by the SSL Appliance before it is sent to the IPS. The IPS, in turn, has the option to redirect the visible and secure traffic to the SSL Appliance that will re-encrypt the traffic.
The SSL and IPS processes are allowed to operate on separate systems by the architecture of Sourcefire, unlike the need to utilize shared hardware resources for facilitating inspection by other on-box SSL decryption systems. The Sourcefire architecture helps users to offload encryption and decryption needs from the Sourcefire IPS, resulting in improved scalability and performance of the IPS.
SSL Appliance users can now maintain the highest data security level having SSL encryption without bothering on malware and various attacks that are masked by the traffic. The extended capabilities offer users of Sourcefire IPS the SSL visibility without affecting the performance of the IP sensor.
Sourcefire’s Senior Vice President for Marketing, Greg Fitzgerald said that leading companies worldwide use SSL to protect their communications, though this has resulted in a considerable gap in their safeguarding initiatives. He explained that such a security gap is addressed by Sourcefire’s SSL Appliance. In addition, the Sourcefire IPS has the ability to check and stop passage of malicious encrypted traffic without affecting the performance of the IPS.