Secure Socket Layer (SSL) technology is being adopted by numerous Web 2.0 application providers. While this attempts to provide a secure communications link to banks and other financial institutions, for example, cybercriminals have found that they, too, can leverage the “secure communications link” to transport their malware and steal information and sometimes money without ever being detected. This is possible since SSL traffic flows freely through most firewalls without ever being inspected by end-point security tools such as intrusion detection systems and data-loss prevention technologies.
With the wide-spread adoption of SSL, how can companies ensure that they are being compliant, or that they are not spreading malware and botnets? SSL inspection is becoming an increasingly necessary security measure. In order to ensure the integrity of the data being passed through the corporate firewall, leading financial institutions, for example, are employing hardware appliances that operate as a “bump in the wire” to quickly inspect and forward or block network traffic.