Upload
michaelbasoah
View
298
Download
1
Tags:
Embed Size (px)
Citation preview
Are Your Appliance Based Security Solutions Ready For 2048-bit SSL?
Dr. Amit SinhaExecutive Vice President of Engineering and Operations, CTO
©2012 Zscaller, Inc. All rights reserved.
Panelist
Dr. Amit Sinha is skilled entrepreneur and leader, having driven research and development of disruptive security and wireless technologies for multiple market-leading organizations, including
Zscaler, Motorola, AirDefense and Engim. He holds 27 US patents and has contributed to three books and dozens of conference and journal papers.
Amit Sinha,Executive Vice President, of Engineering and Cloud
Operations, Chief Technology Officer
Zscaler
Webcast Logistics
To send us questions during the sessions:• Type the question in the Q&A or Chat Window provided in WebEx. We
will answer questions at the end of the webcast.
Any Technical Issues?• Email: [email protected]
Complete the survey at the end of the webcast
• The Survey will appear in your browser at the end of the session
Agenda
‣Why Security Socket Layer (SSL) Encryption
‣SSL Challenges & Trends
‣Upgrading 1024 to 2048-bit SSL: The Mandate
‣Upgrade Implications For Appliance Based Security
‣How Zscaler Secures Enterprises
‣Benefits of Direct to Cloud
‣Q & A
5
What is SSL?
• Widely used on the Internet for authenticating sites and providing encrypted traffic exchange
SSL Traffic is Exploding
‣ Internet is moving to default SSL (Google, Facebook, etc.)
‣ SSL puts lots of load on systems and security infrastructure
SSL Perfo
rmance
Requirement
Banking
Enterprise
Webmail
Social Networking
Search
SSL
on In
tern
et
Login Transactions All
App Coverage
Enterprise Attacks Shifting from Servers to Users
‣ Mobility and cloud make users vulnerable – any place, any device, direct to net
‣ Malware can be delivered over SSL
‣ Botnets call home over SSL
‣ Enterprise visibility and control is missing
Direct server attacks: RareServers: stationary, consolidated
behind FWs
Users: the BeachheadUsed to attack servers
Are your USERS SECURE EVERYWHERE?
Upgrading 1024 to 2048-bit SSL: The Mandate
▶ All existing 1024-bit certificates must be replaced with 2048-bit SSL certificates by December 31, 2013
Perf
orm
ance
Security
1024bit
2048bit
80% Performance Drop▶ Better Security ▶ 5X Performance
Degradation
9
Can Your Security Appliance Handle This?
‣How do you deal with mobile users and many distributed office locations?
‣Are your cloud applications like Office365, Box, Google Apps, etc. bottlenecked?
‣Are you scanning SSL traffic?– If NOT, you have a BIG security/visibility GAP
‣Do you use appliance based proxy servers?
‣Can your appliance handle SSL interception with 2048-bit?
The Zscaler Direct-to-Cloud Network
Secure access to leading cloud, mobile and social applications
Branch Offices
RegionalOffices
On-the-go
Home or Hotspot
Headquarters
What Does Zscaler Do?
Block the bad, protect the good
Global check post Enforces business policy
NO HARDWARE | NO SOFTWARE
Mobile & Distributed Workforce
Regional Office
Home or Hotspot
HQ
On-the-go
Cloud Services
Social Media
Cloud Apps
Mobile Apps
Botnet
Exploits
Zscaler’s Global Network of 100+ Datacenters
Active Data Centers
October 2013
Amsterdam
Los Angeles
Mexico City
Chicago I, IIToronto
New YorkWashington DC I, II
Atlanta I, IIMiami
Sao PauloJohannesburg
Oslo
Frankfurt I, IIGdansk
StockholmMoscow
Mumbai
Singapore
Sydney
Hong Kong
TokyoMadrid
TaipeiDubaiKuwait City
Cape Town
San FranciscoSunnyvale
Santiago
AmmanDallas I, II
DenverParis
LondonBern
Chennai
RiyadhCairo
Lima
Kuala Lumpur
©2013 Zscaler, Inc. All rights reserved.12
How Zscaler Works
‣ Easy to deploy and manage – no hardware, no software.‣ Zscaler provides global infrastructure. You retain full control.‣ Comprehensive security and control of Internet access
including SSL.
©2013 Zscaler, Inc. All rights reserved.13
Regional Office
HQ
Internet
WEB
Define Policy at a central portal Admin
Forward traffic(Configure FW or router)
Enforce policy bi-directionally
Home or Hotel
Same policy for mobile users
Real-time Visibility
Admin
Zscaler Inspects Full Web Transactions
Domain Path Parameters
HTML Images Scripts XML
Cookies Body
RIA
https://facebook.com/profile.php?id=x
Response
• Most vendors analyze only domain and block based on a black list
• Domain represents < 5% of a total URL
Request
ActiveX Controls & Browser Helper Objects
Windows Executables& Dynamic LinkLibraries
Java Applets &Applications
JavaScript (HTML, PDF, stand-alone).
Visual Basic forApps. Macros in Office documents
Visual Basic Script
HTML
• URL represents < 1% of a total page
• Most newer threats are hidden in the pages being served and require full page inspection
Zscaler Provides Full SSL Scanning Capabilities
1. Client/Proxy Handshake
2. Proxy/Server Handshake
3. Certificate check
4. Website sends encrypted (SSL) content
5. Decrypted content sent to the Content Engine
6. Filtered content sent to proxy
7. Re-encrypted content sent to user
Users
Web Servers
1 2
47
3
56
Content Inspection Engine
Internet
Zscaler SSL Controls ‣ Option to enable SSL Interception‣ Bypass SSL Interception for Sites/Categories (e.g.
banking)‣ Block Sites/Categories when SSL is not decrypted‣ Allow/Deny untrusted certificates‣ Option to use custom root certificates
Zscaler Security Cloud is Already Upgraded to 2048-bit
Most proxy vendors don’t do SSL interception –performance overhead
Moving from 1024 to 2048 bit is an additional 5X performance drop
Zscaler seamlessly enabled 2048-bit SSL across its cloud using hardware acceleration which improved SSL performance 25X
Customers did not have to upgrade hardware or software
Cloud Running 1024-bit SSLNo Hardware Acceleration
Cloud Running 2048-bit SSLAfter Upgrade with Hardware Acceleration
SSL
Upg
rade
SSL
Upg
rade
17
Zscaler Solution Benefits
Antivirus
Advanced Threats
Unified Policy
Global, Real-time Analytics
URL Filtering
Social Media & cloud Apps
BW control
Local Internet breakout
Regulatory Compliance
IP Protection
Can It Scale?
18
The name Zscaler stands for the Zenith of Scalability
Every day Zscaler processes more than 12 billion transactions through our cloud from 12 million users across 4,500 customers in 180 countries
Zscaler cloud operates in 100+ datacenters across 12 world class service providers
400M Tweets Per Day
5B Searches Per Day
4.7B Likes Per Day < 12B Transactions Per Day
* October 2013 Statistics
Summary
▶ Cloud, Mobile and Social Networking are powerful trends transforming Enterprises
▶ Internet is moving to SSL, everything is over HTTP(S) ▶ Attacks have shifted from servers to users▶ New standards mandate shift from 1024 to 2048-bit
SSL starting 1st Jan, 2014 (80% performance drop)▶ Traditional appliance based security is ineffective▶ Zscaler is transforming enterprise security with the
world’s largest Security Cloud
20
Q & A
Thank You! Next Steps
Register for a Free Trial http://www.zscaler.com/freeevalution.php
Register for a Personalized Demohttp://www.zscaler.com/onlinedemo.php
Register for a Webinar/Live Demo http://www.zscaler.com/webinars.php
©2013 Zscaler, Inc. All rights reserved.21