Encrypted traffic, or SSL, looks to a firewall just like a random series of bits and bytes. Encryption is good in many situations, because it can hide sensitive data from hackers and ensure privacy for corporate files. However, encryption technology can also be used by cybercriminals as an effective method to hide malware, ransomware, rogue sites and other attacks. In fact, the use of encryption to hide and better spread malware has become the status quo; in a 2017 security report, SonicWall found that over 60% of all malware/ransomware/etc. infiltrated networks while encrypted. All a malicious actor has to do is to encrypt the malicious communication and the malware can tunnel through the firewall, completely bypassing most security policies.
Fortunately, advanced network security with deep packet inspection of SSL/TLS and HTTPS traffic is now available to protect against encrypted threats. Specifically, SonicWall DPI-SSL can responsibly decrypt TLS/SSL traffic and mitigate encrypted attacks, including ransomware and other zero-day attacks.
SonicWall calls SSL inspection DPI-SSL, which stands for Deep Packet Inspection of SSL encrypted traffic. Instead of the client, such as web browser, establishing an encrypted connection directly with a web server, DPI-SSL works by establishing an encrypted connection between the client and the SonicWall firewall. The SonicWall firewall then establishes an encrypted connection to the server so that the SonicWall firewall can inspect the traffic in-between. This all happens transparently and automatically, without user interaction, but with the user’s knowledge to maintain integrity.
Should you force DPI-SSL or SSL decryption on your network? Our K-12 and SMB clients are moving toward DPI-SSL. It takes substantial planning and testing before you rolling this out on your network, but is well worth the effort to protect data, users and workplace efficiencies. There is some thought that SSL decryption may be mandated by specific governing bodies in the future, such as healthcare, as a way to protect sensitive data from ransomware and other attacks.
Contact ITS for more information, or watch the video to learn more about SonicWall DPI-SSL: