Next Gen Secure Web Gateway HTTPS/SSL Traffic

Next Gen Secure Web Gateway  >  Web Content Management  >  HTTPS/SSL Traffic Management

Scanning Across HTTPS/SSL Traffic

The web has become an essential aspect for daily operations with enterprises everywhere. Countless organizations rely on this must-have solution for everything from web surfing for research to tapping specific, browser-based applications (e.g., Google Apps, CRM tools and social media) for marketing purposes. Due to their sensitive nature, many of these resources
are encrypted through HTTPS to secure the data. This encryption creates a “blind spot” for organizations seeking to manage network traffic. Unfortunately, hackers, annonymizers, and
other threats use this blind spot to exploit network resources under the encryption umbrella.

Issues With Typical SSL Scanning – Root Certificates

Typically, solutions utilize root certificates to scan HTTPS traffic. This creates a network bottle neck on the network where the traffic is decrypted at the gateway. Additionally, this leaves networks vulnerable to “man-in-the-middle” attacks.

Typical SSL Traffic Scanning

The iboss Difference – Uncompromised Security

iboss Filter provides advanced EdgeScan HTTPS scanning at the individual workstations vs. at the network gateway. Edgescan ensures traffic flows uninterrupted from the workstation to its final destination and prevents network bottlenecks. In addition, this proprietary technology prevents “man-in-the-middle” attacks as the traffic is never modified once it leaves the workstation maintaining data integrity. iboss Filters' EdgeScan technology protects networks against threats embedded within HTTPS while maintaining data integrity and network performance.

The iboss Difference SSL Traffic Scanning

Data Security – Enforcing AUP, Identifying Embedded Threats, Annonymizers

HTTPS decryption enables iboss Network Security Filters to enforce a company’s AUP over HTTPS traffic. In addition, many threats are hiding inside legitimate HTTPS traffic. For example, traffic to an approved site or application through HTTPS may have an embedded link that contains malicious code or access to a site that violates the AUP. With the ability to look inside HTTPS, these threats are identified and restricted.

Many annonymizer programs utilize HTTPS encrypted traffic to circumvent filters. Many of these annonymizer applications can function even off a thumb drive. With the ability to scan inside HTTPS, combined with layer 7 scanning across all 65,535 ports through signatures and heuristics, iboss Network Security Filters maximizes the security of network data.

Social Media – Managing What Is Accessed

Social media is gaining popularity in the workplace. Many organizations also need social media
for marketing and communication purposes. Unfortunately, media platforms such as Facebook, LinkedIn, and Twitter require HTTPS access to login to accounts. With the ability to scan HTTPS traffic, iboss Network Security Filters provide flexible policies for social media access. Examples include providing a department access to only the organization’s Facebook page while restricting general access to Facebook. In addition, it provides the option to create group policies that manage page content on these sites, e.g., the ability for a department to view a page but not post or upload images to an organization’s Facebook page.

Google Applications – An HTTPS Umbrella With Effective Group Controls

Google’s portfolio of applications is ever-expanding. Many organizations wish to open only certain applications for departments without granting general access to Google’s entire portfolio.
Yet HTTPS in and of itself restricts the ability to manage individual aspects of Google services. Furthermore, many of the applications share the HTTPS certificate, making it difficult to define one Google service from another. iboss Network Security Filters cut through those complications, providing the ability to properly identify each application and establish control based on group membership. For example, if a company wishes to provide access to Google Docs for a department but restrict access to personal Gmail, this can be set up easily and enforced.

Reports – Dynamic Drill-Down Forensic Detail

Information on network activity allows administrators to properly identify threats, both known and unknown. iboss Network Security Filter incorporates industry-leading, forensic-style reporting through the iboss Network Security Forensic Logger, which provides instant feedback on activities, searches, threats, and bandwidth. This includes insight on HTTPS traffic, opening up the “blind spots.” This information is stored in a self-managed, auto-archiving database for easy management. Reports access is designed to be fluid and access instant, even in the most demanding of networks.

Reporter Screen Shots

iboss Filters – End to End Security

iboss Filters protect all 65,535 ports through layer7 across HTTPS and combines DPI, advanced application control, blended malware and threat detection, bandwidth management, and network activity reporting. In addition, iboss mobile device security and MobileEther MDM extend security to mobile devices while centrally interfacing with existing iboss products to ensure end to end network protection.

Risk-Free Demo

Take the next step towards a Secure Web
Gateway at your organization by requesting
a risk-free demo.

Intelligent Bandwidth Management / QoS

Enables organizations to extend access while ensuring mission critical services continue uninterrupted.

Clustering Filters
& Load Balancing

Allows live clustering between one
or multiple units through a Network.