It is obvious that there are legitimate reasons to encrypt inbound / outbound enterprise traffic. But encrypted traffic also poses a security risk, since c using SSL can hide their activity, and malware. As most IT managers, all the advantages of SSL is easy to overlap those potential dangers which carries encrypted traffic.
Although SSL provides confidentiality of user and corporate data, protecting data from being intercepted, encryption at the same time can complicate or even make it impossible to compliance with corporate security policies.
In addition, due to the SSL, IT administrators have more problems with protection end-users against threats such as spam and malicious software. Not being able to analyze the contents of an encrypted channel, network operators more difficult to prevent the leakage or theft of information. Due to SSL is also virtually impossible to comply with all the requirements dictated by the regulations, such as the detection of accidental or intentional leakage of information.
Often in enterprises can exist conflicting requirements: the need both to encrypt and analyze traffic. In a typical system cannot keep these conflicting requirements without negatively affecting network performance. Organizations that are required to comply with government or industry security requirements greatly affected because of the inability to analyze encrypted traffic.
So some regulations require a detection system / intrusion prevention and authorization of users when access to software and hardware resources; Other documents also require companies with access to the public network, submit to the judicial authorities reports on network activity, and in such cases the traffic must be unencrypted.
Methods of control SSL-traffic
To protect their enterprise, network operators have already implemented a number of network devices and security systems to monitor compliance with corporate security policies and government regulations.
The devices can perform a range of functions: detection of malware, control Web-surfing, traffic filtering, provide VPN functionality, detection systems and intrusion prevention, unified threat management systems, control spam, compliance with regulatory requirements.
Typically, the work of devices based on a detailed traffic and packet analysis, in particular, on the search for known attack signatures, blocking attacks and maintaining statistics. Unfortunately, many security and networking devices analyze only unencrypted traffic, and with the increasing of use SSL majority decision are becoming less and less effective.
Previously, problems associated with the SSL, boiled down to two extremes: either draconian methods to completely block the SSL-traffic, or completely miss it, not analyzing, and thereby minimize the overall performance of network devices and security systems. Both alternatives are unacceptable for the enterprise.
In addition to the methods described above, there are other approaches to SSL-traffic control. Such methods have a similar goal: to analyze the contents of unencrypted SSL-traffic and send information about detected violations / attacks on the managed machine. Typically, alternative solutions to successfully analyze SSL-traffic, but they have their limitations.