BreachView(TM) SSL Decrypts SSL Traffic On-The-Fly, Enhancing Existing IDS Deployments With 100 Percent Visibility Into SSL Network Traffic.
Breach Security announced the availability of BreachView SSL, the industry’s first add-on SSL decryption enhancement for existing intrusion detection systems. BreachView SSL decrypts SSL traffic on the fly without terminating the SSL session and delivers clear text to the IDS sensor, for the first time eliminating the blind spot in most IDSs and extending IDS protection to SSL traffic on the network.
According to a 2003 report by Infonetics Research, SSL traffic as a percentage of total network traffic will grow from 41 percent in 2003 to 49 percent in 2004 in large corporate and government organizations where SSL is used. Yet intrusion detection systems only examine clear-text HTTP traffic and ignore the encrypted traffic — unable to analyze it without impacting successful transactions and business operations. This leaves the most important — and high risk — traffic on the network invisible to the primary security tools designed to identify and prevent attacks.
BreachView is a software-based plug-in for existing IDS sensors. Once installed, it expands the visibility of the IDS to include the growing percentage of SSL traffic on large corporate and government networks.
“Network intrusion detection systems have always been blind to encrypted SSL traffic, creating conflict between two different security techniques,” said Pete Lindstrom, research director at Spire Security. “With BreachView SSL, it is possible for companies to ‘have their cake and eat it too’ by providing a way to monitor encrypted traffic for attack and compromise information.”
BreachView SSL is a software solution that monitors network traffic before it reaches the IDS sensor. A BreachView SSL adapter extracts the SSL stream and delivers it to the BreachView SSL engine. After decryption, the SSL traffic is injected back to the IDS sensor as clear text and the network packets are analyzed by the IDS against the attacks and vulnerabilities database. The BreachView SSL decryption engine securely maintains the SSL key and certificate information and works without terminating the SSL session, a key feature in maintaining full non-repudiation.
“When IDS systems were first introduced to the market the percentage of SSL traffic was tiny compared to today’s usage,” said John Payne, chief executive officer of Breach Security. “Today companies use SSL to protect the most valuable, important assets on their network and BreachView gives our customers IDS visibility into the traffic affecting those key applications and databases.”
SysAdminNews | Real world information for system administrators working in diverse networking environments, including Windows, Linux, UNIX, and more. These are the practical tips that help your work day go smoothly.
