2020-06-22T11:32:00Z

When should companies use SSL Inspection?

124

There seems to be some controversy around whether or not SSL Inspection should be used by businesses. What is your opinion - should they be used, and if so when? Conversely, what are reasons for not using SSL inspection?

ITCS user
Guest
99 Answers

author avatar
Top 5LeaderboardReal User

As more Internet traffic is encrypted each day at some point the majority of Internet traffic will be encrypted. SSL inspection is needed when a business needs to audit what their users are doing on the Internet. Cost and complexity are the largest reasons to not perform SSL inspection, especially on the network edge.


I'm not a huge proponent of performing SSL inspection at the network edge. Most solutions performance levels drops off the face of the planet when enabled and it is complex to setup and maintain. I think the better solution for SSL inspection is to perform it on endpoint devices. This will be cheaper and less complex overall and provide SSL inspection on laptops even when they are not in the office.

2021-01-05T15:57:12Z
author avatar
User

SSL Inspection is great for corporate/organizational security as it allows you visibility into the traffic going across the network. It can also break access to some sites as it is technically a man-in-the-middle. (Anything requiring certificate authentication.) If you're going to do it, you really need a login banner for your systems that advises users that their activities are being monitored. You'll also need to install certificates on people's PC's. This won't work for guest users. I wouldn't store decrypted content though as you will have to safeguard that data as it will contain sensitive information. (Is it really worth the risk?)

2020-06-22T14:51:19Z
author avatar
Top 10Reseller

In general, there are some vulnerabilities in SSL that you should try to mitigate whenever possible. SSL inspection should help indeed.

2020-06-30T10:36:02Z
author avatar
Top 5User

These days you should use it no matter if you are a home user, it is about security, and it will be easier each time to have leaked on your personal or professional info, a serious IT guy always should say you should use it.

2020-06-23T13:56:41Z
author avatar
User

I used to be against this but leaning the other way now since just about every site is encrypted.  I think some sites need to be avoided like banking, credit card processing, payroll, etc.  Management, and especially the Accounting Dept needs to be in the loop.

2020-06-23T12:11:48Z
author avatar
MSP

SSL Inspection or HTTPS Inspection is the process of intercepting SSL encrypted internet communication between the client and the server. The interception can be done between the server and the client and vice-versa, SSL Inspection intends to filter out dangerous content, such as malware. This inspection is also called Deep SSL Inspection or Full SSL Inspection. It allows the user to do web and email filtering, antivirus scanning, etc.SSL inspection not only protects you from attacks that use HTTPS, but also from other commonly used SSL-encrypted protocols, such as SMTPS, POP3S, IMAPS, and FTPS.

2020-06-23T06:34:34Z
author avatar
Consultant

We don't use it yet - but I am exploring my options here. I believe its the only way to identify exactly whats coming into the workspace

2020-06-23T00:28:11Z
author avatar
Real User

For large companies SSL Inspection is often problematic, especially with the release of TLS 1.3 which is resistant to man in the middle attacks which is what SSL Inspection is in essence. The financial services industry fought long and hard to prevent the TLS 1.3 standard from blocking MiTM attacks since they depend heavily on it. The solution for TLS 1.3 is to use large terminating proxies to terminate the connections on either side of the conversation on PCs they wholly control. 


A better approach is to scan for content prior to (or after) encryption which means a host agent on your users' machines.


Overall, i believe SSL Inspection is a losing battle as more sites adopt TLS 1.3 and more sites will break as the result of trying to use that technology unless you need to tightly control all communications. Consider the culture of companies that allow people to bring their own machines (BYOD) and are more collaborative in nature with guest/partner/vendor machines allowed on their networks. Does you company value stringent security or security that does not get in the way?



2020-06-22T20:11:19Z
Find out what your peers are saying about Fortinet, Check Point, Netgate and others in Firewalls. Updated: July 2021.
524,194 professionals have used our research since 2012.