An HTTPS connection is a secure connection from the browser or application through the network and internet to the destination server or website.
If you are NOT preforming sanctioned Man-In-The-Middle inspection, you cannot filter these HTTPS connections running through your firewall.
Todays most popular websites are encrypted. If you are not inspecting HTTPS traffic there is a good chance users are getting around your CFS solution.
These HTTPS websites could be unknowingly hosting malware
Popular proxy and bypass apps are encrypted. These types of apps allow users to bypass CFS solutions and surf anonymously.
Do you really know what users doing on your network with your current solution??
Attackers are now using HTTPS to their advantage. They know that most people are not inspecting HTTPS traffic with their legacy firewall solutions.
If you are not scanning HTTPS traffic you are putting your network at risk.
- There was a 38% increase in SSL/TLS hits between 2015 and 2016. One reason for this increase is the growth in cloud application usage.
- Google is also influencing the increase in HTTPS sites by driving search rankings to websites who use HTTPS rather than HTTP.
62% of web traffic running through your firewall will be encrypted. This number will continue to increase.
With DPI-SSL in place. We can now inspect all SSL/TLS traffic flowing through the SonicWall.
We can then block unwanted websites and applications while also scanning packets for malicious payloads.
SonicWall Firewall
File scanned by Gateway AV, Cloud AV, IPS services for known malware
File mirrored to CaptureATP service for analysis.
File hash, URI and verdict cached on firewall (File hash calculated from all file bits)
Malicious file blocked if block till verdict enabled (HTTP/S only)
SonicWall Capture cloud service
Capture database checked for existing verdict
Capture file pre-process checks AV aggregator, vendor/domain trust, file authenticode, presence of embedded code
Capture sandbox platform executes file in up to 3 sandbox engines (SonicSandbox, Lastline, VMray)
Verdict and behavior analysis result stored in Capture database, clean file deleted immediately.
Malicious file sent to SonicWall threat team for further analysis, threat intel harvest. File deleted within 30 days
MySonicWall portal
Capture malicious file notification/email
Capture subscription and notification
Management
Capture status and report access
SonicWall GRID Data Center & Threat Research Team
Malicious file analysis, threat intel harvest
Gateway AV, IPS, Cloud AV signature updates created and submitted to Grid Network databases
Malicious file deleted after analysis/signature
- We offer a wide range of models to meet your throughput requirements