ASI Series SSL Intercept & Visibility
SSL intercept provides enterprises with visibility into encrypted traffic entering, leaving, and traversing their network. Deployed in conjunction with solutions such as next-generation firewalls, network monitoring, and intrusion detection and prevention, SSL intercept offloads compute-intensive decryption and re-encryption tasks to allow essential security functions to operate at scale. SSL is an ideal solution for optimizing both security and infrastructure efficiency.
Every ASI SSL intercept solution supports Layer-2 and Layer-3 deployment modes, inline and out-of-band inspection, service chaining and the ability classify Web traffic to ensure regulated data is handled in accordance with compliance policies. Available as physical or virtual appliances, the ASI Series is ideal for businesses needing to protect user privacy while gaining scalable visibility into the increasing number of advanced threats hiding within SSL traffic.
Gain Visibility & Maintain Compliance
SSL inspection provides businesses with visibility into blind spots created by SSL encryption and leverages adaptive inspection to maintain regulatory compliance and assure data privacy.
- DEPLOY – Inbound, Outbound Layer-2, Layer-3 Service Chaining Inline, Out-of-Band
- CLASSIFY
> Source/Destination
> IP Source/Destination Port
> URL Category
> Webroot Integration - INSPECT – Forensics, Analytics Next-Gen Firewall, IPS/IDS, DLP Anti-Malware
Advanced SSLi Features
- VISIBILITY TO SSL ENCRYPTED TRAFFIC – Eliminate blind spots and threats created by encrypted traffic entering, leaving and traversing private networks.
- SERVICE CHAINING & TRAFFIC MANAGEMENT – Create custom traffic flows spanning a range of multi-vendor security, inspection and monitoring solutions.
- PRE-FILTERING & URL CLASSIFICATION – Selectively intercept traffic based on IP reputation, port, protocol and URL to assure regulatory compliance.
- CENTRALLY CONTROLLED KEYS & CIPHERS – Manage encryption keys and ciphers for multiple security devices on a purpose-built SSL intercept platform.
- FLEXIBLE DEPLOYMENT MODES – Select from multiple modes of operation, including Layer 2 or Layer 3, inbound or outbound, using one or more appliances.
- INLINE AND PASSIVE INSPECTION – Use in the data path for real-time inspection and attack prevention, or out-of-band for monitoring and analytics.
- HARDWARE ACCELERATED DECRYPT & ENCRYPT – 120 Gbps of SSL throughput and 240 thousand SSL TPS for inspecting encrypted application traffic at scale.
- PHYSICAL, VIRTUAL & CLOUD DEPLOYMENT – Available as physical or virtual appliances, or as cloud-native instances on AWS, Azure and Google Cloud Platform.
Deployment Options
- Hardware – Dedicated appliances scalable to 120 Gbps of HW-accelerated SSL throughput. Multi-tenant network hyper-converged infrastructure for flexibility with performance.
- Software – SSLi virtual appliances with support for popular hypervisors including VMware, Hyper-V and KVM. Available as permanent or subscription licenses.
- Cloud – Available natively on industry-leading cloud platforms including AWS, Azure and Google Cloud. Supports utility consumption and BYOL license options.