Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Are Your Appliance Based Security
Solutions Ready For 2048-bit SSL?
Dr. Amit Sinha
Executive Vice President of Engineering...
Panelist

Dr. Amit Sinha is skilled entrepreneur and leader, having driven
research and development of disruptive security...
Webcast Logistics
To send us questions during the sessions:
• Type the question in the Q&A or Chat Window provided in WebE...
Agenda
‣ Why Security Socket Layer (SSL) Encryption
‣ SSL Challenges & Trends
‣ Upgrading 1024 to 2048-bit SSL: The Mandat...
What is SSL?

• Widely used on the Internet for authenticating sites and
providing encrypted traffic exchange
5
SSL Traffic is Exploding

SSL on Internet

Search
Social Networking
Webmail
Enterprise
Banking
Login

Transactions All

Ap...
Enterprise Attacks Shifting from Servers to Users

Direct server attacks: Rare
Servers: stationary, consolidated
behind FW...
▶

All existing 1024-bit
certificates must be
replaced with 2048bit SSL certificates by
December 31, 2013

▶

Better Secur...
Can Your Security Appliance Handle This?
‣ How do you deal with mobile users and many
distributed office locations?
‣ Are ...
The Zscaler Direct-to-Cloud Network
Regional
Offices

Home or Hotspot

Branch
Offices

On-the-go

Headquarters

Secure acc...
What Does Zscaler Do?
Mobile & Distributed Workforce

Global check post
Enforces business policy

Cloud Services

Regional...
Zscaler’s Global Network of 100+ Datacenters

Oslo
Chicago I, II

Toronto

Moscow

Gdansk
Amsterdam
London
Frankfurt I, II...
How Zscaler Works
Define Policy at
a central portal
Regional
Office

Admin

Forward traffic

WEB

(Configure FW or router)...
Zscaler Inspects Full Web Transactions

• Most vendors analyze only
domain and block based on a
black list
• Domain repres...
Zscaler Provides Full SSL Scanning Capabilities
Content
Inspection
Engine

Users

Internet

6

5

1
7

2



4

Web Server...
SSL Upgrade

Zscaler Security Cloud is Already Upgraded to 2048-bit

Cloud Running 1024-bit SSL
No Hardware Acceleration

...
Zscaler Solution Benefits

Advanced
Threats

Social Media
& cloud Apps

Antivirus

URL Filtering

Unified Policy
Global, R...
Can It Scale?
 The name Zscaler stands for the Zenith of Scalability
 Every day Zscaler processes more than 12 billion t...
Summary
▶

Cloud, Mobile and Social Networking are powerful
trends transforming Enterprises

▶

Internet is moving to SSL,...
Q&A
Thank You! Next Steps
Register for a Free Trial
http://www.zscaler.com/freeevalution.php

Register for a Personalized Demo...
Upcoming SlideShare
Loading in …5
×

Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?

1,414 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?

  1. 1. Are Your Appliance Based Security Solutions Ready For 2048-bit SSL? Dr. Amit Sinha Executive Vice President of Engineering and Operations, CTO
  2. 2. Panelist Dr. Amit Sinha is skilled entrepreneur and leader, having driven research and development of disruptive security and wireless technologies for multiple market-leading organizations, including Amit Sinha, Executive Vice President, of Engineering and Cloud Operations, Chief Technology Officer Zscaler Zscaler, Motorola, AirDefense and Engim. He holds 27 US patents and has contributed to three books and dozens of conference and journal papers. ©2012 Zscaller,
  3. 3. Webcast Logistics To send us questions during the sessions: • Type the question in the Q&A or Chat Window provided in WebEx. We will answer questions at the end of the webcast. Any Technical Issues? • Email: webcast@zscaler.com Complete the survey at the end of the webcast • The Survey will appear in your browser at the end of the session
  4. 4. Agenda ‣ Why Security Socket Layer (SSL) Encryption ‣ SSL Challenges & Trends ‣ Upgrading 1024 to 2048-bit SSL: The Mandate ‣ Upgrade Implications For Appliance Based Security ‣ How Zscaler Secures Enterprises ‣ Benefits of Direct to Cloud ‣Q & A
  5. 5. What is SSL? • Widely used on the Internet for authenticating sites and providing encrypted traffic exchange 5
  6. 6. SSL Traffic is Exploding SSL on Internet Search Social Networking Webmail Enterprise Banking Login Transactions All App Coverage ‣ Internet is moving to default SSL (Google, Facebook, etc.) ‣ SSL puts lots of load on systems and security infrastructure
  7. 7. Enterprise Attacks Shifting from Servers to Users Direct server attacks: Rare Servers: stationary, consolidated behind FWs ‣ Mobility and cloud make users vulnerable – any place, any device, direct to net ‣ Malware can be delivered over SSL ‣ Botnets call home over SSL ‣ Enterprise visibility and control is missing Users: the Beachhead Used to attack servers Are your USERS SECURE EVERYWHERE?
  8. 8. ▶ All existing 1024-bit certificates must be replaced with 2048bit SSL certificates by December 31, 2013 ▶ Better Security ▶ Performance Upgrading 1024 to 2048-bit SSL: The Mandate 1024 bit 5X Performance Degradation 80% Performance Drop 2048 bit Security
  9. 9. Can Your Security Appliance Handle This? ‣ How do you deal with mobile users and many distributed office locations? ‣ Are your cloud applications like Office365, Box, Google Apps, etc. bottlenecked? ‣ Are you scanning SSL traffic? – If NOT, you have a BIG security/visibility GAP ‣ Do you use appliance based proxy servers? ‣ Can your appliance handle SSL interception with 2048-bit? 9
  10. 10. The Zscaler Direct-to-Cloud Network Regional Offices Home or Hotspot Branch Offices On-the-go Headquarters Secure access to leading cloud, mobile and social applications
  11. 11. What Does Zscaler Do? Mobile & Distributed Workforce Global check post Enforces business policy Cloud Services Regional Office Botnet Cloud Apps HQ Mobile Apps Home or Hotspot Exploits On-the-go NO HARDWARE | NO SOFTWARE Block the bad, protect the good Social Media
  12. 12. Zscaler’s Global Network of 100+ Datacenters Oslo Chicago I, II Toronto Moscow Gdansk Amsterdam London Frankfurt I, II Paris Bern New York Washington DC I, II Madrid Atlanta I, II Dallas I, II Miami Mexico City San Francisco Sunnyvale Los Angeles Stockholm Denver Amman Cairo Riyadh Tokyo Kuwait City Dubai Hong Kong Taipei Mumbai Chennai Kuala Lumpur Singapore Lima Sao Paulo Santiago Johannesburg Cape Town Sydney October 2013 Active Data Centers 12 ©2013 Zscaler, Inc. All rights reserved.
  13. 13. How Zscaler Works Define Policy at a central portal Regional Office Admin Forward traffic WEB (Configure FW or router) Enforce policy bidirectionally Internet HQ EMAIL Real-time Visibility Same policy for mobile users Home or Hotel Admin ‣ Easy to deploy and manage – no hardware, no software. ‣ Zscaler provides global infrastructure. You retain full control. ‣ Comprehensive security and control of Internet access including SSL. 13 ©2013 Zscaler, Inc. All rights reserved.
  14. 14. Zscaler Inspects Full Web Transactions • Most vendors analyze only domain and block based on a black list • Domain represents < 5% of a total URL Request Domain Parameters Cookies Body https://facebook.com/profile.php?id=x Response HTML • URL represents < 1% of a total page • Most newer threats are hidden in the pages being served and require full page inspection Path Images ActiveX Controls & Browser Helper Objects Windows Executables & Dynamic Link Libraries Scripts Java Applets & Applications JavaScript (HTML, PDF, stand-alone). Visual Basic Script XML RIA Visual Basic for Apps. Macros in Office documents HTML
  15. 15. Zscaler Provides Full SSL Scanning Capabilities Content Inspection Engine Users Internet 6 5 1 7 2  4 Web Servers 3 1. Client/Proxy Handshake Zscaler SSL Controls 2. Proxy/Server Handshake ‣ Option to enable SSL Interception 3. Certificate check 4. Website sends encrypted (SSL) content 5. Decrypted content sent to the Content Engine 6. Filtered content sent to proxy 7. Re-encrypted content sent to user ‣ Bypass SSL Interception for Sites/Categories (e.g. banking) ‣ Block Sites/Categories when SSL is not decrypted ‣ Allow/Deny untrusted certificates ‣ Option to use custom root certificates
  16. 16. SSL Upgrade Zscaler Security Cloud is Already Upgraded to 2048-bit Cloud Running 1024-bit SSL No Hardware Acceleration SSL Upgrade Cloud Running 2048-bit SSL After Upgrade with Hardware Acceleration  Most proxy vendors don’t do SSL interception – performance overhead  Moving from 1024 to 2048 bit is an additional 5X performance drop  Zscaler seamlessly enabled 2048-bit SSL across its cloud using hardware acceleration which improved SSL performance 25X  Customers did not have to upgrade hardware or software
  17. 17. Zscaler Solution Benefits Advanced Threats Social Media & cloud Apps Antivirus URL Filtering Unified Policy Global, Real-time Analytics Local Internet breakout BW control 17 Regulatory Compliance IP Protection
  18. 18. Can It Scale?  The name Zscaler stands for the Zenith of Scalability  Every day Zscaler processes more than 12 billion transactions through our cloud from 12 million users across 4,500 customers in 180 countries  Zscaler cloud operates in 100+ datacenters across 12 world class service providers 5B Searches Per Day 4.7B Likes Per Day 400M Tweets Per Day 18 < 12B Transactions Per Day * October 2013 Statistics
  19. 19. Summary ▶ Cloud, Mobile and Social Networking are powerful trends transforming Enterprises ▶ Internet is moving to SSL, everything is over HTTP(S) ▶ Attacks have shifted from servers to users ▶ New standards mandate shift from 1024 to 2048-bit SSL starting 1st Jan, 2014 (80% performance drop) ▶ Traditional appliance based security is ineffective ▶ Zscaler is transforming enterprise security with the world’s largest Security Cloud
  20. 20. Q&A
  21. 21. Thank You! Next Steps Register for a Free Trial http://www.zscaler.com/freeevalution.php Register for a Personalized Demo http://www.zscaler.com/onlinedemo.php Register for a Webinar/Live Demo http://www.zscaler.com/webinars.php 21 ©2013 Zscaler, Inc. All rights reserved.

×