Understanding SSL-VA

Let’s see what is the SSL-VA & how it can secure your network with greater visibility

SSL-VA : Secure Sockets Layer-Visibility Appliance

SSL stands for “Secure Socket Layer.” It is a technology that establishes a secure session link between the visitor’s web browser and your website so that all communications transmitted through this link are encrypted and are, therefore, secure. SSL is also used for transmitting secure email, secure files, and other forms of information.


Nubewell SSL Interception feature decrypts SSL traffic across all your network ports and sends the data in clear text format to your security device such as IPS, IDS, and firewall for inspection. This allows your organization to analyze all the enterprise traffic without compromising on performance. NSSLVA has Industry-leading Deep Packet Inspection (DPI) engine which helps you achieve complete visibility across all your network applications and network traffic.

Challenges faced by internet in terms of security:

To stay competitive, organizations need to overcome these security challenges:

Malware

Malware, or “malicious software,” is an umbrella term that describes any malicious program or code that is harmful to systems.it can steal, encrypt, or delete your data, alter or hijack core computer functions, and spy on your computer activity without your knowledge or permission.

Adware

Adware is a software designed to track data of your browsing habits and, based on that, show you advertisements and pop-ups.Adware collects data with your consent — and is even a legitimate source of income for companies that allow users to try their software for free

Spyware

Spyware works similarly to adware, but is installed on your computer without your knowledge. It can contain keyloggers that record personal information including email addresses, passwords, even credit card numbers, making it dangerous because of the high risk of identity theft.

DOS & DDOS

A DoS attack is performed by one machine and its internet connection, by flooding a website with packets and making it impossible for legitimate users to access the content of flooded website.DDoS launched from several computers.

Rootkit

Rootkit is a collection of software tools that enables remote control and administration-level access over a computer or computer networks. Once remote access is obtained, the rootkit can perform a number of malicious actions; they come equipped with keyloggers, password stealers and antivirus disablers.

SQL Injection

SQL injection attacks are designed to target data-driven applications by exploiting security vulnerabilities in the application’s software. They use malicious code to obtain private data, change and even destroy that data, and can go as far as to void transactions on websites.

Nubewell’s SSL-VA Architecture

Industry leading features

These are the list of featues that differentiates Nubewell from the current Networking Industry.



Nubewell SSL Visibility Appliance delivers “30G bulk encryption throughput” on standalone 1RU pizza box.


Nubewell SSL VA can classify and proxy for “80G Layer 7 bi-directional traffic throughput” irrespective of any protocol.


Nubewell SSL VA can support up to “400,000 TCP connections” for traffic optimization and classification.

Features & Advantages of Nubewell's SSL-VA

Gain Complete Visibility

It decrypts all encrypted traffic and gives complete visibility using the Industry leading DPI Engine. Decryption of protocols like STARTTLS, XMPP, SMTP and POP3. The decryption feature is not limited to SSL/TLS protocol traffic, NSSLVA supports SSH traffic too.

Full Proxy Architecture

It provides full proxy which enables re-negotiating different cipher suite of similar strength and making the solution for future proof against new ciphers or TLS upgrades. NSSLVA also ensures traffic is encrypted using the most secure ciphers and avoids the use of compromised ciphers.

ICAP Support

Data Loss prevention (DLP) systems typically use ICAP to connect to the network and help prevent unauthorized data exfiltration. NSSLVA supports ICAP connectivity simultaneously with other decryption modes.

Decrypt Across Multiple Ports and Protocols

It decrypts traffic across all the TCP ports and protocols. The decryption functionalities and proxy support is not limited to SSL/TLS, encryption and decryption is supported for SSH traffic too.

Network Proxy

It can act as network proxy for transparent deployment and gives control over the traffic management. Using NSSLVA you can connect to multiple upstream proxy servers.

URL Filtering for Access Control

URL filtering is used to maximize productivity and reduce security risks by blocking access to malicious websites, including malware, spam, and phishing sources.

URL Classification

It can categorize your network traffic based on URL domains and bypass decryption or enforce privacy policies for sensitive data such as medical or financial data in adherence to compliance standards like HIPPA.

Industry-Leading DPI Support

All the decrypted traffic can be classified using Industry-leading DPI Engine. This DPI Engine can classify more than 3000 applications and all the standard protocols. Nubewell SSL VA can bypass applications or block traffic based on application or protocol classification

Extensive Protocol and Cipher Support

The following protocols and Cipher are supported

1. SSL 3.0, TLS 1.0/1.1/1.2
2. RSA/DHE/ECDHE Ciphers with PFS
3. SHA-1, SHA-2, MD5 Message Authentication Code algorithms
4. Decryption of HTTPS, STARTTLS, SMTP, XMPP, POP3, SSH, SCP, sFTP

Validate SSL Certificate Status

Hackers can use fraudulent certificates to infiltrate your network. If these certificates are not identified, users and web applications can be at risk of multiple attacks.


It uses Certification Revocation List (CRL) and Online Certificate Status Protocol (OCSP) to keep the database up to date and validates network certificates using latest updates.