Was ist SSL-Scanning?

SSL (Secure Sockets Layer) and a more modern version called TLS (Transport Layer Security) are the industry standards for transmitting secure data over the Internet. SSL encrypts data that’s being sent between a remote user and a web server. It uses multiple blocks of highly complex algorithms to scramble data.

An ‘encryption key’ is needed to unscramble or decrypt the data so it can be used. Currently, no weakness has been found in these encryption algorithms. This means brute force is the only existing form of attack that can decrypt encrypted data.

How Does SSL Work?

When you attempt to access a website, the two entities, browser and web server, create a secure SSL connection. All data transferred back and forth is encrypted. SSL encryption and decryption are key-based. There are three keys used in the SLL process. They are public, private, and session keys.

Laden Sie unser eBook herunter. Dieser neue Ansatz für die Vernetzung umfasst eine Reihe von vollständig integrierten, über die Cloud verwalteten Security-Services, die vor Ort oder in der Cloud mit zentral verwalteter Sicherheit bereitgestellt werden. Erfahren Sie, wie Sie:

  • Verringerung der Komplexität und des betrieblichen Aufwands
  • Benutzerfreundlichkeit / Transparenz für Anwender
  • Mehr Sicherheit durch einen Zero-Trust-Netzwerkzugriff

The challenge with this scenario is how do intermediate devices perform SSL scanning or TLS scanning. It resides in the communication path and needs to inspect encrypted traffic for cyber-attacks, such as malware. If the traffic is encrypted, it can’t be inspected.

Inspection devices such as next-generation firewalls, CASBs, routers, and secure web and email gateways need to perform deep packet inspection using SSL scanning. These cybersecurity devices can be found wherever a connection to the Internet or cloud service is desired.

Cybersecurity SSL scanning or TLS scanning can only occur if the data is not encrypted. This means devices that stand in the middle of the data path and perform cybersecurity need to decrypt the data, inspect it, and then re-encrypt the data.

Devices that stand in the middle of a communication path are intended to keep users and organizations safe from malicious internet traffic. When the user initiates a session with a web server, the device receives the request. It acts as an intermediary, having a conversation with one entity such as a web browser, and then relaying that conversation with the web server. All the time, they are inspecting what one is communicating with the other.

SSL scanning has been in use since the mid-’90s. It’s been upgraded to TLS scanning, which includes many improvements to keep pace with the ever-growing number and diversity of cyber-threats. When developing a cybersecurity posture, it’s important to understand where the SSL or TLS scanning is performed and the depth and quality of the inspection.

Keeps Users Productive and Safe While Guarding the Edge

Contact our customer advocates and learn about the various technologies, such as SSL/TLS scanning, used to deter, detect, and remediate cyber-attacks using a multi-layer cybersecurity stack.