CISOs and their teams face increasing pressure to manage the sophisticated new cyberthreats that are constantly emerging, with network visibility crucial to staying one step ahead. Hesham Elsherif, Principal System Engineer at A10 Networks, tells us how the company’s A10 Networks’ Thunder SSLi product can be seamlessly deployed to bolster an organisation’s cybersecurity defence and, critically, eliminate the ‘blind spot’.
How would you describe the overall threat landscape?
Day after day, cyberattacks and threats are increasing in complexity and in volume, which represent a daily challenge for executives to block and disarm. IOT, 5G, IPv6, office365 and NFV are all newcomers to the Middle East and these technologies will change the rules.
Infrastructure needs to be adapted to accommodate the rapid growth and new user behaviour to ensure safe communication and to eliminate security threats.
In 2019, according to Ponemon Institute and IBM Securities, US$3.92 million is the average cost of a data breach and US$150 is the average cost per record lost. There has been a 650% increase in trojan-based malware threats and a 195% increase in ransomware in Q1 2019, according to the HIPAA Journal and a total 90% of breaches were caused by phishing as per a Retruster report.
What are some of the most complex network security challenges that enterprises and large organisations are encountering?
I would say building a skilled security team that is capable of identifying priorities and executing on a plan is key. This begins with assessing the assets (data and infrastructure) up to correlating between different security reports and analyses. This helps to establish a vision, but before that the CISO has to ensure that vision is comprehensive and that an assessment is built based on accurate reports and measured analysis. Without proper traffic visibility this will be an unachievable mission.
How crucial is network visibility in preventing attacks and how difficult is this to achieve?
None of the above will be achieved without traffic visibility (ingress and egress). Visibility at each and every level is mandatory in order to activate the security devices. Visibility is not a nice-to-have, it is critical. I always advise our partners to consider it as a top priority, otherwise reporting and analysis will be meaningless.
Also, it is very important to realise that visibility does not mean violating confidentiality – ensuring compliance with privacy standards should not conflict with visibility and this is achievable.
How does A10 Networks’ Thunder SSLi product help to eliminate the blind spot?
Blind spot is a terminology that describes the situation when security devices cannot inspect the actual data or application layer due to encryption. Once the client/server exchanges the TLS certificate and key during the TCP hand-shake, the traffic will be encrypted, thus there will be no way to intercept the traffic and inspect it.
Cyberattackers are aware of this fact, so it is easy to hide malicious activities into an application layer to pass it through security defences towards the targeted services or machines. The end service will then decrypt the traffic without prior inspection. This is a risky scenario, isn’t it?
The A10 Networks Thunder SSLi solution helps to eliminate blind spots by intercepting the client/server TLS negotiation as full proxy and maintaining two separate sessions, one session with the client’s side and the other one with the server’s side. In between, A10 Thunder SSLi will feed the security devices intelligently with clear text traffic. After the security device finishes the inspection and forwards the traffic, A10 Thunder SSLi will encrypt the traffic again before forwarding it to the original destination.
How does the product help to make the lives of CISOs easier?
Deploying our SSLi solution and forwarding the traffic to many inline and non-inline security devices eliminates the decryption overhead of each security device. This improves performance while maintaining proper security diligence, enhancing the user’s experience and saving costs by eliminating the need to purchase bigger security devices just to support resource-intensive decryption and encryption functions. This will help CISOs achieve the next level of securing the infrastructure by fine-tuning the security polices and configurations on security devices based on the visibility obtained and the control gained by eliminating the blind spot.
The A10 Thunder SSLi solution not only provides visibility of the traffic to security devices, but it also sends logs and can mirror the traffic for the SIEM and logging solution and forensic analysis tools allow CISOs to keep historical logs and events in a readable format. Moreover, A10 Networks can support the ICAP protocol to feed and activate the DPI and AV solutions.
What are the other features CISOs can leverage from Thunder SSLi?
Many built-in features come with Thunder SSLi. Application Access Management (AAM), URL filtering and application visibility are top of the list. AAM enables us to integrate with AAA servers to apply policies and track activities per user. While URL filtering helps to ensure compliance with privacy standards so we can bypass SSLi for specific categories like finance or health, for instance. Last but not least is application visibility, where we can identify and classify the applications even without decryption based on the protocol ID and apply policies, such as blocking WhatsApp, or we may allow Facebook but block chatting on Facebook, for example.
We can go further than that and deploy a full secure web gateway with transparent or explicit proxy setup and use the aforementioned features.
What would you say to CISOs who might consider Thunder SSLi a complex solution to deploy?
A10 Networks has introduced a built-in application template to deploy more than 15 applications in all new ACOS releases. SSLi provides a wizard to enable any feature the security team wants to employ. Later on, editing or modifying the configurations using the same built-in template is possible. Furthermore, Thunder SSLi provides a detailed dashboard where the security team can monitor the performance and report any issue instantly. A10 Networks supports all deployment modes such as Layer 2 or Layer 3 or even fully transparent and security devices can also be transparent or Layer 2 or Layer 3. It is worth mentioning that A10 Networks also supports multi-tenancy to divide the same Thunder instance into isolated partitions to cover multiple segments on the network.
Click below to share this article