I am currently assessing our IPS blade configuration and am wondering how much of a role SSL inspection plays in IPS Threat Protections. I would assume that Threat Protections without SSL inspection would be better than no Threat Protections at all but, is the inspection of encrypted traffic a major contribution to the effectiveness of Threat Protection? Thank you!
Results 1 to 2 of 2
-
2021-07-28 #1
Junior Member
- Join Date
- 2019-07-12
- Posts
- 14
- Rep Power
- 0
Threat Protections and SSL Inspection
-
2021-08-08 #2
Senior Member
- Join Date
- 2007-03-30
- Location
- DFW, TX
- Posts
- 424
- Rep Power
- 17
Re: Threat Protections and SSL Inspection
It depends if you offer or use unencrypted services. For example, if you host an FTP site or if you access somebody else's, then IPS, threat emulation, and so on could see the traffic and provide some protection.
The overwhelming majority of traffic you are likely to care about is encrypted, though. Even DNS is moving towards encryption with DNS-over-HTTPS. If your traffic is encrypted, then you need SSL inspection to get any protection out of any of the deep inspection features. If the firewall can't see that the traffic is malicious, it can't respond to it.
Reply With QuoteSimilar Threads
-
R80.40 Threat Prevention Profiles - What are you doing?
By TheDroppedPacket in forum R80.40Replies: 0Last Post: 2020-09-18, 10:50 -
mobile threat protection
By jflemingeds in forum MiscellaneousReplies: 0Last Post: 2017-01-04, 02:12 -
Threat database Update in VSX
By ba3113 in forum VPN-1 VSXReplies: 3Last Post: 2016-12-19, 03:09 -
IPS Geo Protections
By armando.ferreira in forum Geo ProtectionReplies: 4Last Post: 2010-08-16, 11:22 -
Protocol inspection, how deep the inspection?
By blackberry in forum Content Security/Security Servers/CVP/UFPReplies: 1Last Post: 2006-07-14, 05:17
Bookmarks