Fidelis Security Systems, a specialist in network visibility, analysis, and control solutions, announced the SSL Decoder within Fidelis XPS, which provides the ability to assess the authenticity of a Secure Socket Layer certificate. Fidelis also introduced the SSL Inspector 10G, which enables the XPS Deep Session Inspection architecture to detect threats in SSL-encrypted content on 10G Ethernet networks. The XPS SSL Decoder and SSL Inspector 10G appliance will be available this quarter.
By leveraging the rules engine that is at the core of XPS, Fidelis is adding the ability to put rules in place to evaluate certificates and to take action, such as preventing a session, if the certificates characteristics are suspect. The combination of these rules and implementing this action at the network edge is designed to provide a measure of ease of use for large enterprises that would otherwise have to rely on application vendors retroactively providing patches following publicized breaches at SSL Certificate Authorities and users applying these patches correctly.
"With the recent widely-publicized breaches of Certificate Authorities, enterprises are in desperate need of a way to verify the authenticity of SSL certificates," said Gene Savchuk, CTO at Fidelis. "While SSL pinning - white-listing a certificate authority public key in a browser for a specific domain or set of domains - is emerging as a potential solution, it will quickly prove inadequate for enterprises due to the dynamic nature of certificates and a need for a solution that scales. The Fidelis XPS SSL Decoder mimics this concept, but at the network edge rather than at client end-points, and offers more centralized management which is conducive to certificate changes and scale."
Fidelis introduced the SSL Inspector in late 2010 to remove the blind spots in content inspection and threat detection created by SSL-encrypted traffic. "SSL-encrypted traffic makes up an ever increasing share of the traffic seen on an enterprise network with the proliferation and cloud computing and social networking," said Andrew Hay, senior security analyst at IT research firm 451 Research. "Though the security and confidentiality capabilities provided by SSL are widely known, SSL can also be used to conceal malicious activity such as botnet command-and-control or data exfiltration. If companies are not leveraging network monitoring tools capable of inspecting encrypted traffic, they're likely missing an important threat vector."
In response to increasing demand to inspect traffic at speeds above one gigabit, Fidelis is introducing the SSL Inspector 10G. The system is in a smaller form factor (1U), offers interface flexibility from 1 gigabit copper or fiber to 10 gigabit fiber, is designed to inspect multiple inline segments and can distribute traffic to multiple devices in the enterprise security stack.