Blog
Going the ExtraHop for Real-Time SSL Decryption
Adam Sinnett
June 6, 2011
The ExtraHop Application Delivery Assurance system is now capable of completely hardware-driven SSL decryption at network speeds up to 10Gbps
Google Gmail accountsSony's PlayStation Network
RSA SecurID breachmade SSL encryption standard40 percent of businesses' applicationsHowever, while this trend hopefully will keep data safe, SSL encryption can complicate application performance management (APM). An elementary premise for APM is that if you can't see your network traffic, you can't monitor the health and performance of your applications. So, when as much as 40% of an organization's application data is encrypted with SSL, it creates a massive blind spot in network visibility.
These days, the processing requirements for decrypting SSL are greater than ever, too. We are starting to see increasing numbers of organizations switch over to using new, 2048-bit SSL encryption keys in accordance with the U.S. National Institute of Standards and Technology's (NIST) recent advisory. This change makes SSL more secure, but, of course, these more-complex keys also take even more time to decrypt.
The combination of more encrypted data and stronger encryption keys makes software-driven SSL decryption increasingly untenable due to the significant drain on processing resources they require. Business demands require real-time monitoring of application health and performance, and more-powerful hardware acceleration is needed to make sure that SSL blind spots don't handicap an organization's ability to keep business-critical processes from failing.
To meet these demands, we are very happy to announce that the ExtraHop Application Delivery Assurance system is now capable of completely hardware-driven SSL decryption of 2048-bit keys at network speeds—up to a sustained 10Gbps of network traffic. With this enhancement, organizations can leverage the real-time analysis capabilities of the ExtraHop system to decrypt and analyze SSL traffic for common cipher suites at the scale and speed required by today's enterprise networks.
Discover more