Addressing the Growth of SSL-Encrypted Traffic Volume with FortiGate’s NGFW

By Nirav Shah | August 07, 2018

Today, businesses across industries are making the leap towards digital transformation in order to meet customer demands for greater convenience, accessibility, and connectivity. However, as businesses begin to adopt a wider variety of cloud-based services to help expand their digital offerings, the amount of SSL traffic they’re relying on across their networks increases proportionately. In fact, NSS Labs predicts that around 75 percent of total enterprise traffic will be encrypted by next year.

When it comes to securing today’s increasing amount of SSL traffic, NGFW solutions continue to act as a foundational security solution. However, your customers need modern firewall solutions that allow them to expand their digital services without jeopardizing their ability to maintain effective security posture. In order to do this, firewall solutions need to be able to provide high-speed SSL inspection combined with threat detection and protection that can keep up with modern, sophisticated cyberthreats as well as high-performance digital business demands.

Even with such a dire need for NGFWs that can actively protect SSL-encrypted traffic, the vast majority of competitive solutions available to your customers don’t have the capability to inspect SSL without dramatically reducing the performance of the NGFW solution. Subsequently, the majority of vendors don’t publish their SSL performance numbers.

With this in mind, Fortinet is proud to have received NSS Labs’ coveted “Recommended” rating for our FortiGate Next-Generation Firewall solution for the fifth consecutive year. By demonstrating high SSL performance, 100% accurate evasion detection, and optimal total cost of ownership, this third-party validation helps emphasize your business’s ability to connect your customers with the very best cybersecurity solutions.

Securing SSL-Encrypted Traffic

In January of last year, encrypted traffic surpassed the volume of unencrypted traffic for the first time, and continues to grow with no signs of slowing down. However, many of your customers still operate under the assumption that because traffic is encrypted, it’s inherently secure. Unfortunately, this is not the case. Like any attack vector along a network, cybercriminals are constantly on the lookout for new and innovative ways to exploit vulnerabilities.

What’s more, our Global Threat Landscape Report for Q1 indicated that 16.8% of the top 20 unique exploits detected were using SSL-encrypted traffic to hide malicious code and exfiltrate data. In order to properly secure SSL traffic against threats, your customers need solutions capable of actively conducting full SSL inspection—a process that involves decrypting the data, examining it for potential threats, and then re-encrypting it so it can then be securely transmitted to the appropriate receiver.  

Reimagining the Industry Standard to Better Serve Your Customers

In order to ensure that we maintain our ability to secure businesses and organizations, our NGFW solutions are setting a new standard for protection and performance.

With this in mind, our NGFWs offer a variety of benefits that help our partners deliver effective and scalable solutions that actively secure their customers against today’s threat landscape. Specifically, FortiGate NGFWs provide your customers with:

·       Optimal SSL Inspection Performance: Our FortiGate NGFWs use patented content processors, advanced Parallel Processing Technology, and industry-mandated ciphers supported within the NGFW processors themselves. As a result of this distinct engineering, Fortinet delivers “SSL ready,” cloud access NGFWs that are capable of maintaining secure SSL encryption without compromising performance.

·       Evasive Threat Protection: Modern cybercriminals are constantly developing sophisticated evasion techniques to bypass SSL encryption. Given the increasing role that SSL traffic is playing as businesses scale by using cloud-based services, having the capability to secure SSL traffic at digital business speeds is paramount to an effective security posture. In the latest NSS Labs group test, the FortiGate NGFW was able to identify and stop 100 percent of evasion attempts.

·       Broad Security Across the Network: It should come as no surprise that the most effective network security occurs when NGFWs operate alongside additional network security solutions that are tied together by a unified Security Fabric. With this in mind, Fortinet has received additional NSS Lab “Recommended” ratings in eight different group tests, including network and end-point security, web application firewalls, and breach detection services.

The Role of FortiGate NGFWs in Integrated Security Strategies

For Fortinet partners, having the ability to provide independently validated security solutions that can operate within a modern, unified network security architecture is crucial to the overall security posture of your customers. In order to detect modern cyberthreats, IT personnel also require meaningful integration across their security solutions, allowing them to analyze, detect, prevent, and mitigate security threats across the entire attack surface.

As your customers increasingly rely on network elements that leverage SSL traffic, having the capability to deploy effective encryption security is crucial. Additionally, businesses are incorporating more endpoints like IoT devices, mobile devices, and a wide array of cloud-based applications, data centers, and multi-cloud environments into the network. To actively secure such a diverse network architecture, your customers need a solution that can maintain holistic SSL encrypted traffic security across a variety of environments and systems.

Fortunately, Fortinet’s next-generation firewall solutions are the first to operate across every major cloud environment while maintaining effective security posture across a wide range of physical network environments. With this approach, Fortinet partners have the ability to deliver an effective NGFW solution that secures SSL-encrypted traffic while maintaining broad network defense across the complex network ecosystems your customers deploy.

While NGFWs remain a pivotal foundation for effective cybersecurity efforts, digital transformation is making it increasingly important that NGFWs also maintain effective performance while securing the SSL-encrypted traffic of digital environments. Your customers need a solution that can address this issue head-on, providing strong firewall protection combined with active SSL traffic detection and mitigation. As the amount of encrypted traffic continues to increase, our partners will have a distinct advantage by offering Fortinet’s NGFW solutions.

Download the NSS Labs Next Generation Firewall Test Report and Security Value Map here.

Read more about the Fortinet Security Fabric and the Third Generation of Network Security

Visit Fortinet’s FortiGate Next-Generation Firewall homepage to learn more about this advanced security solution.