100G SSL/TLS Decryption Is Indeed Possible for High Capacity Links
TimeTuesday, November 13th2pm - 2:30pm
DescriptionCurrently it's not possible to decrypt traffic on 100G network links in a single appliance in order to analyze traffic for security exposure. This is problematic for high capacity networks, especially in HPC environments where large data transfers occur. I will introduce a new architectural concept of using a Corsa appliance to horizontally scale out traffic, and effectively load balance 100G traffic, into physical or virtual appliances of lower capacity for SSL/TLS decryption. Traffic is then programmatically service chained through relevant security functions as required before being returned for SSL encryption and continued transit. This is an important use case as more than 75% of internet traffic is encrypted. This talk will dig into the architecture and dissect the various elements required to successfully deploy 100G SSL. It is intended to be interactive, and participants are invited to bring their network security challenge to the session for discussion.