Gigamon Scales Decryption to 100G
When it comes to IT security, encryption is both a blessing and a curse. Data that is encrypted is generally safe from cybercriminals. But it turns out that cybercriminals are also using encryption to hide their malware payloads.
To address that issue Gigamon today unveiled an addition to the GigaSECURE Security Delivery Platform that can be used to decrypt and re-encrypt data fast enough to make it practical to inspect data using a variety of existing security tools.
Tom Clavel, senior manager for product marketing at Gigamon, says Gigamon has developed a hardware platform capable of operating at anywhere from 40 to 100G per second to decrypt and re-encrypt data within either SSL/TLS network sessions.
Clavel says most existing security platforms can't keep up with 100G speeds. The latest edition of the Gigamon platform makes it possible for security tools to inspect decrypted data running at near line speed. The Gigamon platform also supports Application Session Filtering and NetFlow/Metadata Generation to provide additional insights into network traffic.
The GigaSecure platform, says Clavel, registers itself with applications such as Microsoft Office 365 to gain access to encryption keys. It then uses those keys to decrypt and then re-encrypt data. Today that process is handled by security appliances that typically buckle under the strain, says Clavel.
"There can be as much as an 80 percent degradation in security appliance performance when processing encrypted data," says Clavel.
Clavel notes that by 2019, analyst firms such as Gartner are forecasting that as much as 80 percent of all data will be encrypted. Rather than having to invest in new appliances for every security application, Clavel says the Gigamon approach enables IT organizations to preserve their security software investments as part of what the company refers to as a Defender Lifecycle Model wrapped around its hardware platform.
Obviously, it's still early days in terms of IT organizations trying to gain more visibility into encrypted data. Without some way to practically inspect encrypted data, just about all the security tools that most IT organizations have in place today would be rendered useless. The new challenge is to find ways to decrypt data in applications that don't result in performance degradation. After all, if history is any guide, end users will find a way around any security measure that they perceive to be compromising their productivity no matter how good that additional layer of security might be for the organization as whole.