With SSL Traffic Growing Exponentially Within Enterprises, NGFW Vendors and Enterprises Must Confront Growing Security and Business Implications
AUSTIN, TX--(Marketwired - Jun 12, 2013) - NSS Labs today released new research analyzing the negative impact that client-side secure sockets layer (SSL) decryption has on the performance of leading next-generation firewall (NGFW) devices. With the rapid increase in SSL traffic, the ability of security devices to inspect SSL traffic effectively will continue to be a key challenge and consideration for enterprises making purchasing decisions and NSS' current testing reveals there is considerable room for performance improvement from most leading vendors.
View the NSS Labs Analyst Brief - SSL Performance Problems
NSS research found the following key conclusions:
Commentary: NSS Labs Research Vice President John Pirc
"I knew that onboard vs. offboard SSL/TLS decryption likely wouldn't yield favorable results, but I was blown away with the increased performance loss created by moving from 1024 bit certificates to 2048 bit certificates," said John Pirc, Research Vice President at NSS Labs. "Because industry standards are moving towards 2048b and SSL/TLS traffic is rapidly increasing, the ability to effectively support SSL/TLS decryption can no longer be swept under the rug. If this thought process continues I foresee a huge issue in the future for enterprises trying to keep targeted persistent attacks at bay."
"Today, the percentage of malware using SSL/TLS is very small, however, as more decide to use SSL/TLS for both delivering malware and as a call back to a command and control server, we are going to be blind to the attacks. I think we still have time for vendors to improve their capabilities... but until then, we may have to accept that operating an additional piece of hardware in the network dedicated to SSL decryption is probably our best strategy," adds Pirc. "The adversaries out there have an incredible imagination for creating methods of exploitation that go against how traditional communication protocols are supposed to be used, such as email and web, and with this SSL/TLS issue... it's likely to get interesting."
About NSS Labs, Inc.
NSS Labs, Inc. is the world's leading information security research and advisory company. NSS is both an analyst firm specializing in security technologies and a testing laboratory widely recognized as the "go to" company for research and unbiased reporting. We deliver a unique mix of test-based research and expert analysis to provide our clients with the right information they need to make IT decisions. CIOs, CISOs, and information security professionals from many of the largest and most demanding enterprises rely on NSS. The company is located in Austin, Texas. For more information, visit www.nsslabs.com.
© 2013 NSS Labs, Inc. All rights reserved. All brand, product and service names are the trademarks, registered trademarks, or service marks of their respective owners.
Contact Information:
Contact:
ReseAnne Sims
Sr. Marketing Manager, Public Relations
NSS Labs
Phone: +1 (832) 741-7373
rsims@nsslabs.com