product
- Web Protection Suite(SWG)
- Symantec Cloud SOC (CASB)
- Symantec Zero Trust Network Access(ZTNA)
- Symantec Endpoint Security(EPP・EDR)
- Symantec Email Security.cloud (Email Security)
- Symantec Ghost Solution Suite (kitting tool)
- SSL Visibility Appliance (SSL Composite)
- Macnica Cloud Security Security Package
- Other services/product information
Specifications/Technical Information
Symantec products
symantec products
SSL Visibility Appliance
Although SSL communication represented by HTTPS continues to increase year by year, it is difficult to implement sufficient security measures because the contents of communication are encrypted. Some products, such as next-generation firewalls, IPS, and secure gateways (proxy), have a function to decrypt SSL, but because they are not dedicated appliances, their performance is degraded and there are few cases where it is difficult to introduce them in actual operations. There is none. In particular, there are many cases where the performance drops significantly as the SSL key length increases to 512bit, 1024bit, and 2048bit.
On the other hand, in cyber-attacks represented by targeted attacks, there are an increasing number of cases where SSL is used to avoid security measures such as firewalls, Box, and forensics. Countermeasures are urgently needed.
Enables transparent SSL decryption without changing the existing network configuration!
feature
- Dedicated appliance that operates transparently and decrypts SSL communication
- Combine decrypted SSL communication with other communication and pass data to an external device
- Decrypt once and serve data to many devices
- Supports a variety of inline and passive security appliances/applications
- URL supports category database Supports Global Intelligence Network, enabling SSL decoding targets to be controlled on a category-by-category basis
Examples of linked devices
UTM/IPS linkage
Active Inline configuration
Among UTM products, AV, IPS, URL Filter, Sandbox, etc.
Also check SSL communication
It is possible to expand detection targets and understand detailed logs.
- Communicate with SSL site in https state
- SSL decoded by SSL-VA and deployed to UTM
- Return communication after inspection by UTM
- After re-encrypting, connect to SSL site with https
Sandbox/Forensic linkage
Passive inline configuration
Sandbox and Forensic products installed in the mirror also inspect SSL communication to expand the detection target.
- Communicate with SSL site in https state
- SSL decoded by SSL-VA, mirror deployment to Sandbox and Forensic
- After re-encrypting, connect to SSL site with https
Use cases by industry
Case study ① Financial industry [Box /forensics collaboration]
- background
- A Box (FireEye) has been introduced due to high security awareness
- Forensics (packet capture) has also been implemented in accordance with guidelines from government agencies.
- There are plans to introduce a web cloud service in the future, and SSL Visibility Appliance will be introduced in order to maintain the functions of the existing environment due to SSL communication between the client and the web cloud service *Cloud service to be introduced Verification required by
Case ② Public sector [UTM/WAF collaboration]
- background
- When deploying a large-scale security product all at once, we could not ignore the increasing number of SSL communication measures.
- Due to the cost, many security functions were covered by UTM, but the performance was not enough to implement SSL communication measures with UTM.
- By introducing SSL Visibility Appliance, not only many outbound security functions (AV, IPS, Sandbox) but also inbound security WAF (Imperva) can be inspected for SSL communication with one unit while keeping costs down. was able to realize
Case study (3) Manufacturing industry [IPS/ Box collaboration]
- background
- I installed FireEye, but I didn't realize until just before installation that I couldn't see the contents of the SSL communication.
- We were aware that more than 40% of all communications within the company were converted to SSL, so an immediate response was required.
- Macnica has a proven track record of implementing FireEye and SSL Visibility Appliance together, so we selected the product with confidence.
- In the future, we plan to simultaneously link with existing IPS products.
Network configuration example
When installing in an internal network (forward environment)
In the forward environment, it is possible to introduce devices inline, decrypt SSL, transfer packets to devices with inline configuration, and copy to devices that are waiting with SPAN/TAP configuration. In this case, the device terminates the SSL handshake once, dynamically generates an SSL certificate (Re-Sign), and communicates with the client side, so the client trusts the CA certificate of the device. must be pre-registered as a registered root certification authority.
When installing in a data center (reverse environment)
If you have a Web server key and certificate in a reverse environment, install it in either TAP mode or Inline mode.
Each configuration comparison list (inbound / outbound)
|
Outbound configuration |
Inbound configuration |
||
|---|---|---|---|
| Direction of SSL communication | for internet | For DMZ, for internal | |
| Installation form | inline | inline | TAP |
| mode | passive inline active inline |
passive inline active inline |
passive tap |
| Devices that can be combined | IPS, IDS, Box, Forensics | IPS, IDS, Box, Forensics | IPS, IDS, Box, Forensics |
| CA certificate distribution to client PCs | requirement | unnecessary | |
| Web server certificate and private key | unnecessary | requirement | |
| SSL session termination | can be | can be | None |
Inquiry/Document request
In charge of Macnica Symantec Co., Ltd.
- TEL:045-476-2010
- E-mail:symantec-sales@macnica.co.jp
Weekdays: 9:00-17:00