SSL Decryption Ensures Policies & Protection Apply to Encrypted Content

Make the shift from cumbersome appliances for SSL decryption to inspecting encrypted content in the cloud with iboss

As websites and cloud apps move to encrypted HTTPS connections, it is critical to inspect encrypted content to meet compliance, prevent malware and protect against data loss. Performing decryption with network appliances is expensive and unscalable. The iboss Zero Trust Secure Service Edge performs this function in the cloud to inspect encrypted traffic with scalability and ease.

Selectively decrypt HTTPS traffic to inspect for compliance, malware and data loss

Although decrypting SSL/TLS HTTPS traffic is necessary, doing so may need to be selectively controlled. For example, it might be desirable to avoid breaking HTTPS on highly trusted financial sites while decrypting traffic to destinations that host generic files such as Box or Dropbox. The iboss Zero Trust Secure Service Edge provides a broad array of selective decryption options that allow certain traffic to be decrypted while leaving other traffic untouched.

These granular and selective controls on HTTPS decryption and bypass are critical to ensure administrators have the needed tools to adequately apply web filtering, compliance, malware defense, botnet detection and data loss protection to users.

Solution Brief

Inspect and Secure HTTPS Encrypted Traffic Easily in the Cloud

Decrypt traffic based on a variety of criteria including user, group, category and source

HTTPS decryption can be applied to specific users, or groups of users, on the network based on their Active Directory Group, LDAP Security Group or Organization Unit (OU).

Specific destinations can be decrypted by denoting specific domains. Complete website categories can be decrypted or bypassed from decryption….or it can be applied to a network subnet or bypassed for that subnet altogether.

Leverage cloud elasticity to decrypt traffic at scale

Encrypted SSL/TLS traffic continues to increase. According to Google’s Transparency Report on HTTPS traffic, as of the end of the end of February 2020, 97% of all browsing time through the Chrome browser was over HTTPS encrypted connections. Virtually all data traveled to the cloud over encrypted data channels, making it impossible to inspect and protect network data masked by the protected connection.

Google HTTPS Transparency Report –
Percentage of Browsing Time Over HTTPS

View the Google HTTPS Transparency Report.

With this amount of encrypted HTTPS traffic, network security appliances can’t handle the load of performing HTTPS decrypt to enable compliance, malware defense, and data loss applied to cloud connections. Adding to this problem, without decryption, reporting visibility vanishes as the content of the connections is not visible for reporting purposes.

The iboss Zero Trust Secure Service Edge delivers network security as a service, directly in the cloud. This allows organizations to decrypt any volume of HTTPS traffic for network security without worrying about increased costs or slower cloud connections due to HTTPS decryption. The iboss Zero Trust Secure Service Edge delivers through containerization, which allows infinite horizontal scaling: adding more “checkout lanes” as bandwidth and encrypted traffic increase to ensure fast connections from anywhere in the world.

Take the next step in shifting to the world’s largest security platform built for the future.

Sign up for a demo to see how the iboss Zero Trust Edge prevents breaches by making applications, data and services inaccessible to attackers while allowing trusted users to securely and directly connect to protected resources from anywhere.