SSL Decryption: A Next Generation Firewall Must-Have Feature

Akins IT • July 30, 2019
GET MICROSOFT VIRTUAL DESKTOP FOR YOUR BUSINESS

NEXT GENERATION FIREWALL MUST-HAVE FEATURES

PART 2: SSL DECRYPTION 


In today’s digital age, security has become tantamount to success in ensuring business continuity. That said, ensuring that the latest and greatest security measures are in place on a network’s perimeter security appliance is crucial in ensuring a healthy and vulnerability-free network. In this blog, the NG or “Next Generation” firewall will be showcased to underscore some of the top modern-day features that should be taken into consideration when purchasing or refreshing a new firewall. These features will reduce the probability of successful attack, consolidate feature-sets, and ensure an optimal network. 


DEEP-PACKET SSL INSPECTION


It’s now estimated that over 70% of traffic is now SSL encrypted. From a security perspective, this means that every connection to an SSL enabled website is encrypted between the hand-shake of an endpoint (a computer) and the connecting server. This prevents any man-in-the-middle from inspecting the traffic and possibly compromising data in-between.


From an analytics perspective, this makes it increasingly difficult to effective monitor and log data that’s flowing through a network. The solution to this issue would be an implementation of SSL Decryption on an NG firewall.


In this scenario, a self-signed certificate generated from the firewall is assigned to all endpoints utilizing the network. The endpoint will “trust” the firewall and allow the firewall to attack as a decryption point into the network and allow, block, or log the traffic as needed. This is important in environments that require granular logging or requires regular reports on network traffic.


Additionally, this allows administrators to block specific parts of a website. For example, objects within a site can be blocked and certain parts can be left as-is.


STAY TUNED NEXT WEEK FOR PART 3: MALWARE/IPS PREVENTION.

68% OF BREACHES ARE NOT DISCOVERED FOR MONTHS OR LONGER.

LEVERAGE FORTIGATE'S CYBER THREAT ASSESSMENT PROGRAM (CTAP) TO FIND WHAT'S BEHIND YOUR FIREWALL. 
GET A FREE CTAP TODAY
CONTACT US TO LEARN MORE ABOUT THIS TOPIC OR TO SCHEDULE A CALL
Data security needs layers of protection throughout its lifecycle. Akins IT and Microsoft Purview

Why MFA Alone Isn't Enough: Enhancing Security with Microsoft Conditional Access

By Shawn Akins May 15, 2025
Strengthening Your Security Posture with Dynamic Access Control

Alternatives to VMware: Cost-Effective Virtualization Solutions for Your Business

By Shawn Akins May 15, 2025
Discover Affordable and Reliable Virtualization Platforms

Comparing Mimecast Email Security vs M365 Email Security: A Comprehensive Guide

By Shawn Akins May 13, 2025
Discover the Key Differences Between Mimecast and M365 Email Security Solutions and Learn Why Akins IT is Your Trusted Partner for Email Protection
More Posts