Organizations today should be as concerned about the business challenges with SSL inspection as they are with the security risks posed by exempting encrypted traffic from inspection. According to Gartner, only 1 in 5 organizations currently inspects SSL traffic, with majority turning a blind eye to encrypted activity.
While there are understandable reasons for this approach, it does raise a number of risks to the business:
- Failure to inspect encrypted activity can enable inappropriate use and lead to an unsafe work environment as web filtering and other policies cannot be enforced.
- Allowing encrypted traffic to pass may result in regulatory violations should protected information (such as publicly identifiable health, financial or personal information) or harmful content (such as that outline in CIPA) bypass outbound or inbound content controls while within encrypted tunnels.
- Allowing encrypted content and communication without inspection opens a wide boulevard of attack for Cybercriminals. Specifically, it precludes identification of potentially malicious downloads, communications with command and control servers and ultimately exfiltration of sensitive data to drop sites.
- Decrypting SSL traffic is a processor intensive activity that can significantly impact performance of network security devices – one of the largest reasons companies aren’t performing it today.
Fortinet and GDT are hosting this event so that you can understand the complexities associated with SSL Encryption and how we can assist you with developing a plan and a strategy for your company.
We’ll show how your company can leverage our custom ASICs for SSL acceleration on our flagship FortiGate solution.