Leveraging the Characteristics of ADC with Flexible Traffic Control
In October 2014, A10 Networks unveiled the A10 Security Alliance, an ecosystem of leading security and networking companies that are working together to help mitigate threats and automate security operations. Participating in this ecosystem are leading vendors in the network and security industries, including RSA, Arista, FireEye, FlowTraq, IBM Security, Ping Identity, Pulse Secure, Symantec, Vectra, Venafi, and Webroot. By integrating each product and providing a solid tested solution, A10 Security Alliance is helping organizations to enhance security through detection and prevention of advanced threats, eliminate the risk of data leakage, and reduce the cost of security operations.
"By combining different security devices, you can flexibly handle new and sophisticated threats that are difficult to deal with. You can also leverage such joint solutions by utilizing the flexibility of the Thunder ADC’s traffic control," Kumamura added.
Flexibility of traffic control refers to the ability to use ADC’s layer 7 traffic control features to encrypted SSL traffic. For example, granular traffic management to define to decrypt or not to decrypt when Thunder ADC finds the URL strings related to a legitimate financial institution’s website or individual client’s privacy.
Furthermore, IT administrators can use a scripting feature called aFleX to control traffic while inspecting application data. When Thunder ADC finds application content which needs to be inspected, for instance a certain string of data, the identified traffic can be redirected to another system. On top of that, Thunder ADC can change behavior based on destination TCP/UDP port numbers. With this feature, enabling inspection per destination port number can be done, example using a next generation firewall (NGFW) for TCP/443 and a DNS firewall for UDP/53. This means that the products that can be integrated with Thunder ADC expand beyond A10’s Security Alliance partners. According to Kumamura, there are also other joint solutions have been made with the security products available in Japan.
By utilizing these features, attacks happening in the client side and also in the server side can be protected. With this decryption and encryption technology, it can be said that it is effective against most attacks that leverages on the blind spots in SSL. And not only does SSL Insight provide high performance, but by combining A10’s ADC flexibility, it delivers fantastic results.
Considering user security and convenience, it can be expected that permanent SSL will likely to become more common in the future, but in the shadow of this, the number of attackers who will attempt to utilize SSL technology to attack will also be likely to increase. With this background, there will be a growing need to create the security ecosystem which leverages on the strengths of various products, and SSL Insight enabled by Thunder ADC will contribute to achieve the goal.
