We just raised a $30M Series A: Read our story

Symantec SSL Visibility Appliance OverviewUNIXBusinessApplication

Symantec SSL Visibility Appliance is #2 ranked solution in top SSL/TLS Decryption tools. IT Central Station users give Symantec SSL Visibility Appliance an average rating of 8 out of 10. Symantec SSL Visibility Appliance is most commonly compared to A10 Networks Thunder SSLi:Symantec SSL Visibility Appliance vs A10 Networks Thunder SSLi. The top industry researching this solution are professionals from a computer software company, accounting for 24% of all views.
What is Symantec SSL Visibility Appliance?

The Symantec SSL Visibility Appliance is a high-performance transparent proxy for Secure Socket Layer (SSL) network communications. You install the SSL Visibility Appliance in the network and attach one or more security devices to it. The SSL Visibility Appliance is able to decrypt the SSL traffic, enabling the attached security appliances to see the plaintext (that is, the original unencrypted data) in SSL encrypted connections. It eliminates the blind spot created by encrypted traffic, enables your organization to combat the threats hidden within SSL, while preserving user privacy and regulatory compliance. Powerful policies allow you to bypass specific types of traffic (such as financial or healthcare data) to maintain employee data privacy.

Symantec SSL Visibility Appliance Video

Pricing Advice

What users are saying about Symantec SSL Visibility Appliance pricing:
  • "Licensing fees are billed annually and we purchased a three-year license."

Symantec SSL Visibility Appliance Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Mohammad Taufeeq
Senior Network Security Engineer | Security Solutions Design Engineer at a government with 1,001-5,000 employees
Real User
Top 5Leaderboard
Enhanced our threat detection rates and does not interrupt our traffic on failure, but it needs to be easier to manage

Pros and Cons

  • "The most valuable feature is the Fail-to-Network (FTN) option, which means that if for any reason the appliance goes down then there is no interruption in traffic."
  • "The most valuable feature is the Fail-to-Network (FTN) option, which means that if for any reason the appliance goes down then there is no interruption in traffic."
  • "Technical support needs to be improved."

What is our primary use case?

We are a federal organization and we host sensitive data from all over the country. The nature of our data was enough for us to start thinking about mitigating the blind spots in our traffic and security. At the same time, we needed to provide an analytic solution.

The solution decrypts SSL traffic and integrates with our security solution.

How has it helped my organization?

Essentially, this device allows us to retrieve traffic and efficiently utilize our security solution to help our analytics detect threats. This was something that was lacking because our firewall was unable to see the encrypted traffic and they were very late to release the SSL off-loading functions.

Since implementing this solution, we have enhanced our detection rates and our proxy.

What is most valuable?

There are a lot of noticeable benefits including the ability to categorize and detect a lot of URLs, hostnames, and file types.

This solution is really easy to deploy as long as the implementer understands PKI as a whole.

The most valuable feature is the Fail-to-Network (FTN) option, which means that if for any reason the appliance goes down then there is no interruption in traffic.

It allows for easy categorization of data according to the hostname, out of the box. For example, we may not want to unencrypt certain things that are subject to compliance, such as an e-commerce site, government site, or a banking site. We can easily detect and classify these, acting accordingly once they have been classified. In a single click, I am able to specify which category of hostnames it should decrypt or not decrypt. This allows us to easily comply with enterprise policy.

It is easy to bypass decryption not just by category but also by using the IP address. For instance, we have a finance minister who sits in our network and we do not want to see their internal activity. This solution allows us to bypass that traffic based on IP, whether it is the source or destination. We can also bypass decryption based on the URL.

What needs improvement?

Technical support needs to be improved.

I would like to see a graphical trace or view of the issues. It has to be in the simplest language because a lot of network and security operations people do not understand SSL. For the sake of smooth operations, there should be a graphical, easy naming convention for SSL. The GUI should give us easier access to those concerns, like a packet tracer. If somebody enters the host IP or the hostname then it will tell the administrator that there is a problem with a policy, or what is causing the issue. Again, it has to be in the simplest words because not all organizations can hire PKI experts. It depends on the organization because in banking they will have a PKI team and they understand these things well, but a lot of organizations do not have the same resources. Essentially, from an operations perspective, they have to come up with nice ways for operational personnel to easily and effectively manage it.

For how long have I used the solution?

We deployed the Symantec SSL Visibility Appliance in our data center about six months ago.

What do I think about the stability of the solution?

So far, we haven't experienced any stability-related issues in terms of hardware or software. So far, so good. As long as you understand the way it behaves, the way it works, and the way it processes traffic, then one should not expect a lot of issues with the product itself. It is a vast subject and one needs to understand it very well, but once it is deployed it is reliable and it can really deliver what you had expected before making the decision to purchase.

What do I think about the scalability of the solution?

Scalability depends on the model that you purchase. We have an SV2800 or SV3200 and we can deploy it as a standalone box or in HA mode. Depending on the model that you purchase, there is a limitation in the number of network modules or Netmods. This is something that should be done as part of the initial assessment and determination of the host requirements. If you find that five Netmods are sufficient then the initial requirements will be met and only if you have new network zones, you have to bring in new devices.

It really all depends upon the type of deployment. I could have multiple zones that connect to it, and there is a choice between active interception versus passive. There are lots of options and many factors. Overall, it is scalable and you can add as many as you want because it is not a legacy HA device, where there is a limit of 24 or 30 devices, or where you cannot have a cluster size with, for example, more than 20 or 30 devices. There is no such limitation.

We have approximately 7,000 employees who are covered by this solution. We do plan to increase our usage by including more business applications. We're going to have our DLP solutions in place and we have big plans for our SOC security team.

How are customer service and technical support?

These days, I have not been happy with technical support. The issues are not related to the SSL but rather the proxy. The justification from the vendor is that due to the acquisition of Broadcom, the service has been impacted.

Overall, I would say that for the past two months, we have not been satisfied with the level of support that we have been getting.

Which solution did I use previously and why did I switch?

This is the first SSL visibility product that we have used.

How was the initial setup?

The implementation is very easy and it is a same-day deployment. The majority of the time spent on this solution is only after users report an issue. There are, of course, network requirements and passive requirements that have to be in place before starting, but that cannot be counted in terms of implementing the solution itself.

What about the implementation team?

I implemented this solution with the help of our partner company.

In terms of maintenance, I am the primary point of contact, but we do have an operations team that handles operational-level activities. For instance, if there is a need to bypass one of the hostnames then that request goes to the operations team. If there is an issue that they are not able to handle then I will jump in to address it.

What was our ROI?

This solution provides a good return on investment. The hardware is very good and they are already prepared to decrypt SSL 1.3. Of course, not all types of traffic can be decrypted, but it is something amazing that most other vendors cannot do.

What's my experience with pricing, setup cost, and licensing?

Licensing fees are billed annually and we purchased a three-year license. Five-year licenses are also available.

Which other solutions did I evaluate?

I did some research on other products and found that with F5, for example, you could not whitelist which sites to intercept and which ones to ignore.

We did see that there were other solutions on the market but we did not evaluate or compare them.

What other advice do I have?

Most of the customers who maintain their own data center will use the on-premises deployment, but there are cloud-based SSL solutions as well.

My advice to anybody who is implementing this solution is that there is nothing like a full-fledged HA deployment and when it comes to SSLV, one should always go for active-active deployment. Also, until somebody understands SSL and PKI very well, they should not try to implement this product. If it is not properly implemented then the support team, or operations team, will be very busy.

During the planning phase, you really have to understand what is inside the web proxies that are in place. For example, you need to know what exceptions have been entered for each of the servers, each of the clients, and each of the hosts. Based on all of that, they have to make sure that they are implementing SSLV correctly.

The biggest lesson that I have learned from using this solution is that you shouldn't go into operation until you transparently test everything. You don't have to go live immediately. I would suggest that you keep SSL bypassed and monitor how many messages are failing or are not being processed correctly. We had to do monitoring for at least a month and kept a constant eye on that. This will give you a clear idea of how many issues you're going to have to face. By doing this, you have the option to correct the problems immediately. If not, and you go into production, you will have a really hard time and may have to roll back.

I made this mistake, where I did not monitor everything for a couple of days. I just did some quick tests like a few categories and a few URLs, then said that everything was working fine. There was the pressure of compliance during this time, so I had to put the system into production. It was good for three days and then the problems started. Had I done the monitoring and kept a constant eye on the log, understanding each and every log message, then I could have avoided these problems.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Mohammad Taufeeq
Senior Network Security Engineer | Security Solutions Design Engineer at a government with 1,001-5,000 employees
Real User
Top 5Leaderboard
Easy to deploy without a lot of complications but the operations side should be simplified

Pros and Cons

  • "One of the most valuable aspects of this solution is that it's easy to deploy without a lot of complications."
  • "From the operations perspective, they have to come up with easier ways so that the operational guys can easily manage it."

What is our primary use case?

We are a federal organization and we are classified as number four in terms of sensitivity. That was enough for us to think about mitigating the blind spots in the traffic. We have to offer an SSL solution that could enable the rest of our analytics solution. We brought SSLV to start dictating the traffic. We actually wanted to efficiently utilize our security solution with a threat detection solution.

This was something we were lacking, our FireEye did not have the ability to see the SSL traffic because FireEye was very late to release their SSL offloading functions. They were really late and they relied on F5 Orchestration and we did not want to go with it. So we got SSLV. Since we brought a system, we also started feeding the created traffic to analytics that also enhanced our detection rates and our proxy. That proxy is also benefiting from that. We are able to categorize and detect a lot of URLs, hostnames, and file types. 

What is most valuable?

One of the most valuable aspects of this solution is that it's easy to deploy without a lot of complications. Of course, one has to be very good at understanding the PKI as a whole. But in terms of implementation, we are utilizing Fail-to-Network, which means even if SSLV for some reason goes down, we don't get traffic interruption. 

In terms of SSLV's feature itself, it is very flexible in terms of whitelisting. For example, if I do not want to encrypt some things that are subject to compliance, it has easy categorization of the hostname that is out of the box. In one click I am able to dictate which hostname it should encrypt or not. It is easy to abide by the compliance policy. It is not just category-based, it is also very easy to whitelist or bypass the decryption based on IP addresses. For example, we have a finance minister who is in our network and we do not want to see all of his internet activity. It allows us to bypass it based on his IP address.

There are many ways we can bypass SSL decryption. Be it destination IP, the source IP, the URL, the hostname, et cetera. This is the easiest solution and I did a little bit of research before and I could not find another solution that does this. 

There is also a return on investment. They have very good hardware and it is already prepaid for SSL 1.3. They have a way to do that. Not all types of versions can be decrypted. But to some extent, they can do that also, SSL 1.3. That is something amazing and most of the other vendors cannot do that.

For how long have I used the solution?

We have been using Symantec SSL Visibility Appliance for around six months. 

What do I think about the stability of the solution?

So far we haven't experienced any stability related issues in terms of the hardware or software. So far good. As long as we understand the way it behaves, the way it works, the way it processes the traffic then we don't expect a lot of issues with the product itself. It is reliable and it can really deliver what we were excepting before we chose it. 

What do I think about the scalability of the solution?

Scalability depends on the model that you're purchasing. We have got 2800-B or 3200-B. We could deploy it as a standalone box or in an HA. 

It all depends on the type of deployment. I could have multiple zones connected to SSLV. It depends on how the organization wants to have an active interception of SSL traffic or if they want traffic.

I would say that it is scalable. You cannot have a cluster size with more than 20 to 30 devices. One is going to get as many devices as they want to and go on deploying it.

The bottom line is there is nothing like a full-fledged HA deployment when it comes to SSLV, so one should always go for active-active deployment.

We do have plans to increase its usage, we are going to use it for our business applications also. 

How are customer service and technical support?

The issues we've experienced haven't been related to SSLV but actually with their proxy solution. The vendor says our problems are due to the acquisition of Broadcom and they were going through a transition period and that's why the service product has been impacted. We haven't been satisfied with their support for around two months now. 

Which solution did I use previously and why did I switch?

We had a look at F5 Orchestrator and that is it. 

What about the implementation team?

It was a one day deployment. It was me, my supervisor and our partner company. I was responsible for its successful deployment.

The operations team handles the operational level activities. If there is an issue that they are unable to handle, I will jump in and address it. My primary responsibility is to handle the project.

We have 7,000 employees using the solution. 

What other advice do I have?

Don't go for this solution until you understand SSL very well. If it's not properly implemented, the operations team will be busy with the installation. Especially for the service that requires software updates. For the planning phase, you have the first wave to understand what is inside the web proxies.

Keep a system bypass. Monitor how many of the accessor positions are failing or unable to process clearly. We have to have a monitoring period for at least a month and keep a constant eye on it. That will give you a clear idea of how many issues you're going to have. If I just keep the action blocked for the SSL connections, that are not labeled terminated, then I can take action immediately. If I failed to do so and if I go directly to the correction I will have a really hard time. I have to actually rollback. I have done this mistake. I did not monitor everything for a couple of days. I did quicksteps to fill categories, a few URLs and I said everything was working fine, there was operational compliance. I had it rolled out. The moment it rolled out it was good for the first three days and then the servers infra team started calling us saying that the updates were not operating. 

That is the biggest lesson. One should give time for the monitoring and assign each and every logged message. 

In the next release, I would like to have a graphical view of the issues. Something in a simple language because a lot of network security operations do not understand. For the sake of smooth operations there should be a graphical, easy naming convention of SSL and it should also give us easier access. From the operations perspective, they have to come up with easier ways so that the operational guys can easily manage it.

I would rate it a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
CTO at a tech services company with 1-10 employees
Reseller
Top 5Leaderboard
Feature-rich, works as advertised, and sends decrypted traffic at close-to-line speed to products that can't decrypt

Pros and Cons

  • "The ability to do SSL chaining is most valuable. It provides the ability to send decrypted traffic at close-to-line speed to products that can't decrypt. So, it can take the decrypted traffic and send it to your IPS or your other tools to be able to see what's inside of that traffic for DLP or malicious content detection. That's the whole beauty of it. It was probably the elephant in the room for the longest in terms of SSL decryption. It can get the high band, especially for places that had a lot of decryption to do, such as big finance companies, big telcos, etc."
  • "They're working on being able to handle more traffic. They're working on bigger boxes full of throughput because now networks are going to 40 gigs and 100 gigs. So, trying to keep up with the bandwidth demands is where things are being pushed."

What is most valuable?

The ability to do SSL chaining is most valuable. It provides the ability to send decrypted traffic at close-to-line speed to products that can't decrypt. So, it can take the decrypted traffic and send it to your IPS or your other tools to be able to see what's inside of that traffic for DLP or malicious content detection. That's the whole beauty of it. It was probably the elephant in the room for the longest in terms of SSL decryption. It can get the high band, especially for places that had a lot of decryption to do, such as big finance companies, big telcos, etc.

It is a really good product. It has different features and things built into it. Feature-wise, they're the elephant in the room.

What needs improvement?

They're working on being able to handle more traffic. They're working on bigger boxes full of throughput because now networks are going to 40 gigs and 100 gigs. So, trying to keep up with the bandwidth demands is where things are being pushed. 

For how long have I used the solution?

We have been using this solution for years.

What do I think about the stability of the solution?

It works well, and it is a workhouse. I haven't had anyone come back and say that they want to get rid of this product because it doesn't perform well. It tends to work. You just have to get it set up and configured, but it work as advertised.

How are customer service and technical support?

When it comes to tech support, they have challenges everywhere. There was a drop in the quality of technical support during the transition from Symantec to Broadcom, and they are trying to build it back.

How was the initial setup?

It is a hardware box, so it is always on-prem. You need training, and you need to understand the technologies for setting it up, but it is straightforward. We have installed most of their products within a week with configuration. They aren't terribly difficult to set up.

What other advice do I have?

I would advise understanding how your workflows go because with users being remote and on-prem, you probably have to come up with some type of a hybrid solution. If you're trying to provide protection for your workforce, you'll wind up with a hybrid solution.

I'd give it a nine out of 10. It is hard for me to give something a 10. It is a really good product, and I don't have any problems with it.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate