Sourcefire, a provider of cybersecurity offerings, has released a new SSL Appliance that enables the intrusion prevention system (IPS) to inspect SSL (secure sockets layer)-secured traffic, blocking malicious traffic that would have previously been masked by encryption.
According to Sourcefire, the new SSL Appliance decrypts traffic before sending it to the IPS, and the IPS can then optionally redirect the secure and visible traffic back to the SSL Appliance for re-encryption. It allows users to maintain data security with SSL encryption, while the expanded capabilities provide IPS users with SSL visibility without impacting IP Sensor performance.
The company said that the new architecture permits the IPS and SSL processes to run on separate systems, offloading all encryption and decryption requirements from the IPS. SSL Appliances are available in two models, including a 4-port (fail-open) 1G fibre model and a 4-port (fail-open) 1G copper model.
Greg Fitzgerald, senior vice president of marketing at Sourcefire, said: “With the SSL Appliance, Sourcefire is addressing this security blind spot. And by using separate purpose-built hardware for our SSL and IPS capabilities, the Sourcefire IPS can inspect and block malicious encrypted traffic without impacting IPS performance.”