Deep packet inspection with AT&T Global Security Gateway
Encryption of traffic on the web establishes a crucial security foundation for confidentiality and privacy online. However, encryption also provides a cloak to cybercriminals by which to transmit malware. Many firewalls claim that they offer deep packet inspection capabilities, but decryption is so processor-intensive that it greatly reduces the performance to an unacceptable level.
AT&T Global Security Gateway is a managed service that offers unified protection against web-based threats for virtually all of your users, whether they are working from the office or remotely. This solution allows organizations to utilize deep packet inspection to help determine if the content they are interacting with on the Internet contains malware, removing the burden of this function from firewalls.
Visibility into encrypted traffic
Consistently inspect web activity and apply security content policy across both HTTP and HTTPS traffic.
Help reduce security blind spots and maintain network performance
Some estimates show that as much as two-thirds of today's common malware uses encryption for obfuscation. And due to the processor-intensive nature of decryption, many organizations simply choose to ignore encrypted traffic creating a huge blind spot in the enterprise—leaving as much as 94% of web activity unchecked.
AT&T Global Security Gateway, with the capability for the enterprise to select deep packet inspection, allows for examination of all outbound traffic uniformly, whether HTTP or HTTPS. The solution helps to locate malware that commonly hides within encrypted channels.
The cloud-native architecture of AT&T Global Security Gateway makes it possible to perform deep packet inspection without introducing the kind of latency that often comes from backhauling traffic through data center security hardware. The solution gives enterprises the ability to maximize the benefits of digital transformation without compromising security.
Gain centralized visibility and control over distributed networks with the ability to view and run reports on encrypted web traffic across all users and locations through one pane-of-glass.
Backed by the 24x7 oversight from AT&T Network Operations Centers, Global Security Gateway helps to identify and block threats that are hidden in encrypted web traffic through a fully managed service. AT&T assists with directing internet traffic to the solution and provides an option for the management of on-premises firewalls as well.
Managed services from AT&T Cybersecurity provide:
- Notifications for an event that require the attention of customer’s on- site staff
- Response to change requests within 24 business hours of receipt
- Comprehensive reports that can be delivered automatically or on demand
Tap into the expertise of AT&T Cybersecurity and let your service implementation manager guide you through security policy design, configuration, testing, and maintenance.
Why do firewalls struggle to inspect encrypted web traffic?
Some traditional firewalls do not even have the capability to examine SSL/TLS traffic. But even when they do, decrypting data for deep packet inspection in line with traffic flows is a processor-intensive activity that swamps many hardware-based security devices. This activity slows traffic and degrades the user experience.
How much enterprise traffic will I ignore without deep packet inspection?
Industry analysis shows that anywhere between 70% to 95% of web traffic today is now running through encrypted channels. According to the most recent Google Transparency Report, 95% of all tracked Chrome users use HTTPS for their web connections. That means that enterprises that don't perform deep packet inspection could be limiting visibility to just 5% of their users' activity.
How does deep packet inspection compare to firewall filtering?
Conventional packet filtering only examines the header information for each packet to compare its source/destination IP and the port number against its access control list to make a decision on whether to allow or drop it. Deep packet inspection will not only consider the information contained in the header, but also the content contained within the payload of the packet. One real world scenario that it can be compared to is what is experienced at airport security. Packet filtering is similar to checking the luggage tag to validate that the originating and destination airport as well as the flight number all match up against their records. Deep packet inspection would be closer to x-raying the bag to view its contents to provide that there is nothing dangerous inside.
To get sales help from an AT&T Cybersecurity specialist, please complete this form.