I saw some presentations and papers about a new technology that is able to decrypts SSL traffic and sends it to existing security and network
appliances on high speed networks. This technology enables existing
IPS solutions to identify risks normally hidden by SSL such as
regulatory compliance violations, viruses, malware, data loss, intrusion attempts, etc.
This is a very good approach to detect/block those attacks (there are reports showing a increase on attacks using SSL traffic) but I see some risks related.
- If someone uses this technology to decrypt the traffic and get the info? What are the mitigation actions in place to avoid this?
- How this technology will handle DDOS attacks? It'll be overloaded?
- What is the latency that this technology will add on the network?
- How browsers handle this "man-in-the middle" like security solution?
There are obvious advantages to adopt such technology but a careful analysis must be in place earlier the adoption to address these risks. This will be a case-by-case study and (at least I believe) that not all companies will be able to deploy such technology due to regulations or compliance.