Leading Approach to HTTPS/SSL Security
Secure Socket Layer (SSL) protocol was created to provide additional security for sensitive data on the Internet and it’s been used ever since to send encrypted financial, healthcare or other sensitive information. Today, SSL is also used for everything from Web surfing to popular browser-based applications, such as Google Apps, CRM applications and social media platforms – many of which are essential to organizational efficiency. And while encrypted SSL traffic was designed to add security, its very nature creates blind spots that cyber criminals have been quick to exploit.
iboss Agentless Selective Decryption at the Gateway
Blocking SSL traffic completely is impractical, so most standard security solutions handle HTTPS/SSL by decrypting traffic at the gateway, and then encrypting it when it reaches its destination, which can create latency and consume bandwidth unnecessarily. Only iboss offers selective decryption that allows trusted traffic to travel unrestricted and selectively decrypts other SSL traffic per your policies. And iboss selective decryption is content aware. It lets you create policies that give access to certain sections of a site, such as corporate Facebook pages or Google Apps, while restricting access to non-work-related content.
iboss Granular SSL Traffic Management without Decryption
iboss also provides content-aware SSL management without requiring any decryption, by allowing you to identify SSL traffic and apply directory group policies without touching mobile devices. This is important in environments where you want to avoid pushing certificates, manage privacy issues for BYOD users or enforce regulatory compliance requirements that prohibit SSL decryption.
Data Security — Identifying Embedded Threats and Anonymizers
iboss also uses HTTPS/SSL content scanning to protect against data loss by examining HTTPS traffic for embedded links, malicious code or access to sites with objectionable content so threats are immediately recognized and restricted. This helps enforce your organization’s AUP and supports regulatory compliance.
Many anonymizer programs are using SSL/HTTPS encrypted traffic to circumvent Web security, using advanced techniques that may be hard to detect. With its ability to scan inside HTTPS traffic, combined with application layer scanning across all 65,535 ports using signatures and heuristics, iboss Web Security provides unrivaled defense against attempts to circumvent your cybersecurity via SSL protocol.
Granular Social Media Scanning
Many marketing and HR departments depend on access to social media platforms such as Facebook, LinkedIn, and Twitter, but these platforms require HTTPS access to login to accounts, forcing an all or nothing approach to access management. With iboss, you don’t have to restrict all access in order to comply with your organization’s policies because iboss’ content-aware scanning of HTTPS/SSL traffic enables granular management of social media platforms. It allows you to create group policies that manage access per page content, so you can reap the benefits of social media engagement without incurring the risks.
Google Application Control
Google’s portfolio of applications continues to grow, but you may want to limit access to a select group in your organization, or to certain applications. Because Google relies on the HTTPS/SSL protocol, you may be limited in your ability to manage individual parts of Google services. And the fact that many Google Apps share the same certificate compounds the problem. iboss solves this dilemma with its ability to accurately identify each Google application and establish control based on a user’s group membership. Once you have defined a group with iboss, you can easily provide access to specific groups and only to parts of Google Services that are work-related, while restricting access to others.
iboss incorporates industry-leading, forensic-style reporting through the iboss Threat and Event Console Reporter, which provides instant feedback on activities, searches, threats, and bandwidth usage. This feature provides unrivaled insight into the blind spots in SSL traffic, with the information stored in a self-managed, auto-archiving database, for easy retrieval and management.
Unique iboss Capability – EdgeScan Advanced HTTPS Scanning
For Windows environments, iboss Web Security also provides advanced EdgeScan HTTPS scanning at the individual workstation, rather than at the network gateway. Typically, security solutions use root certificates to scan HTTPS/SSL traffic, which can create bottlenecks that slow the network and leave you vulnerable to man-in-the-middle (MiTM) attacks. MiTM attacks can occur when gateway SSL decryption exposes root certificates and private keys to possible data theft. iboss EdgeScan scans and decrypts SSL traffic at the workstation, ensuring an interrupted flow of HTTPS traffic, while also protecting against MiTM attacks.