DPI-SSL from SonicWALL

Deep Packet Inspection for Encrypted Traffic

Why only protect 50% of your traffic?

SonicWALL’s DPI-SSL service provides critical security, application control and data leakage prevention for analyzing HTTPS and other SSLencrypted traffic.

Today, more enterprise traffic is secured using the Secure Sockets Layer (SSL) protocol — up to 35 percent, according to industry analysts, and even more in some vertical industries. Cybercriminals know this, which is why they have begun to use SSL to hide their attacks. Not only are they bypassing firewalls and capitalizing on blind spots to sneak in malware that opens doors directly into corporate networks, they are also using SSL to hide command and control traffic so they can manipulate compromised systems from virtually anywhere.

Organizations can safeguard their networks from these tactics with Dell SonicWALL SSL Inspection, an add-on service to Dell SonicWALL Network Security Appliance (NSA) and SuperMassive Series nextgeneration firewall appliances as well as most TZ units. SSL Inspection provides advanced protection against SSL threats. Dell’s patented Reassembly-Free Deep Packet Inspection® engine, a full-stack stream inspection technology scans SSL-encrypted traffic — including HTTPS, SMTPS, NNTPS, LDAPS, FTPS, TelnetS, IMAPS, IRCS, and POPS — and regardless of the port being used. The service decrypts SSL traffic, inspects it for threats and then re-encrypts it, sending it along to its destination if no threats or vulnerabilities are found. It is an invaluable service for providing critical security and application control, and for preventing data leakage.

Benefits:

  • Gain peace of mind with advanced SSL threat protection
  • Simplify SSL security with easy setup and automated scanning and threat identification
  • Customize your security needs with inclusion and exclusion lists
  • Avoid costly attacks and security incidents with a service designed to help you maximize protection from your Dell SonicWALL nextgeneration firewall

Features

Secure and simple setup — Dell SSL Decryption and Inspection service protects users on the network with minimal configuration and complexity.

Inclusion/exclusion list — For hightraffic deployments, administrators can exclude trusted sources to maximize network performance. Additionally, administrators can target specific traffic for SSL inspection by customizing a list that specifies address, service or user objects or groups.

Client deployment mode — Inspects SSL traffic when the client is on the firewall’s LAN and accesses content located on the WAN. After the appliance has decrypted and inspected the SSL-encrypted traffic, it re-writes the certificate sent by the remote server and signs the newly-generated certificate with the user-specified certificate. By default, this is the appliance certificate authority (CA), although a different certificate can be selected.

Server deployment mode — Inspects SSL traffic when remote clients connect over the WAN to access content located on the firewall’s LAN, allowing the administrator to configure pairings of an address object and certificate. When the appliance detects SSL connections to the address object, it presents the paired certificate and negotiates SSL with the connecting client. In this scenario, the owner of the Dell SonicWALL next-generation firewall owns the certificates and private keys of the origin content servers.

Comprehensive support — Support includes intrusion prevention, malware prevention, application control, content/URL filtering, and preventing malware command and control communication.

SSL Inspection – Client Deployment Mode

  1. Client initiates SSL handshake with server
  2. NGFW intercepts request and establishes session using its own certificates in place of server
  3. NGFW initiates SSL handshake with server on behalf of client using admin defined SSL certificate
  4. Server completes handshake and builds a secure tunnel between itself and NGFW
  5. NGFW decrypts and inspect all traffic coming from or going to client for threats and policy violations
  6. NGFW re-encrypts traffic and sends along to client

"Encrypted" does not always mean "Safe."

Get more information on DPI-SSL today.