A10 Networks Thunder SSLi Benefits

KM
Data Center Network Engineer at BRIDGETON PUBLIC SCHOOLS

This is definitely a better way to go. When you have a dedicated device for SSL decryption, you're not sharing any of the resources to power anything else. When one of the competitors let us demo their unit, we turned on their decryption, but it was also doing the content filtering, the categorizations, and other things. That device could not handle the amount of traffic that we had. It turns out that the solutions that we have in place, between our content filter and the A10s, is definitely the way to go, at least for our size organization.

When you have the ability to decrypt the traffic, you can present a better security posture, which is fundamentally a good thing for a corporation. And in the education field, which is where our organization operates, it has the added benefit that if we have students going to websites that are encrypted via SSL, the content filter won't know what to do with those and sometimes will let them through or sometimes will block them, in error. But by decrypting the traffic, the content filter is able to see it and is able to work its policies on that decrypted traffic. All of this is done without the end-user knowing what's going on.

View full review »
CC
Director of Information Technology at KLEIN INDEPENDENT SCHOOL DISTRICT

It changed the way that we treat external traffic. Before this solution, students used VPNs and proxies. They could do whatever they wanted and we would never know which traffic was going outside. We had to replace another solution because it just wasn't up to the same capacity load that A10s were. That dedicated card is huge. It hardened our network. 

The only certification that the Consortium for School Networking (CoSN) issues for school networks is the Trusted Learning Environment (TLE). The TLE is simply a network hardening solution. By implementing this solution, not only did we harden our network and protect our students, but also we were one step closer to coming into compliance with the Consortium of School Networking globally.

I would assess the solutions' security features very highly. Recently Texas passed Senate Bill 820, which requires us to adopt a security framework and put in security measures to meet the current risks and threats to government entities. This was an integral part to fill that gap. We are very pleased with the security aspect that the equipment brings to us. We plan on continuing to leverage its security capacity to meet the needs of our security environment.

The reason why A10 supports that security mission set so critically is because, at Klein, one of the big things we have done is be an innovator and market leader in adopting technology and using it in the classroom. This is important because we are trying to instill a sense of digital citizenship in each one of our students. So, when they exit, they understand the importance of their data and identities. Then, as they go into this new world, they are less susceptible to identity theft and cybercrimes. By being able to decrypt this information, it allows us to curb unwanted or risky behavior. We have had several bad hackers attempt to get into the network and our A10 has been critical in using packet captures to stop them before they could do something bad.

Our students and staff are better protected because they don't have to worry about encrypted attacks or threats. We provide them with the computer and Internet, taking ownership of the experience from end-to-end.

In the IT environment, we are always asked to do more with less using the available resources that we have. Therefore, we have to work as efficiently as possible. Part of the scoring criteria with a solution coming in was how we could mitigate some of those workloads and consolidate them into a single appliance. Anytime that we can create efficiencies which allow our folks to focus on other tasks, we are more successful. In this case, this appliance has enabled us to do that.

View full review »
CH
Enterprise Security Manager at a mining and metals company with 5,001-10,000 employees

A10 fits our IT environment because we like to intercept some traffic at several points. For example, firewalls are doing threat interception and prevention. Our IPS also has some threat prevention features and, of course, it has IPS capabilities. Then, on the proxies, we're checking for malicious and suspicious websites. But when they are on HTTPS, if you don't intercept you cannot catch them. We can intercept all our HTTPS encrypted traffic with A10. That's the reason it fits us: Our security and network devices intercept all the HTTPS and SSL traffic on our network and security devices. A10 is a much better fit than other vendors' products in our organization.

Think about an example where one website, with a simple destination address, needs to be bypassed for SSL. Before, we had to do the bypass operation on the firewall, on the proxy, and also on the IPS. But with A10, we are doing it on just the A10 and nothing else. Also, all those other security devices managed SSL operations differently. So doing a bypass of that one URL on the firewall was different than bypassing it on the proxy. We were doing the same operation repeatedly on every single security device. Now, we just do it once and everything is ready for us. In a week if we have, say, ten bypass operations, which could take three hours, now it is less than one hour.

View full review »