Rising SSL traffic to degrade firewall performance

Increasing Internet traffic protected by Secure Sockets Layer, a cryptographic protocol, is threatening to have a dramatic impact on the performance of leading next-generation firewall devices, a security research organization found.

SSL currently comprises 25% to 35% of an average enterprise's client-side traffic, according to NSS Labs. Those percentages are expected to rise by 20% on average at least each of the next two years and possibly beyond.

Once the amount of traffic hits more than 50%, the performance of today's NGFW's will suffer dramatically, tests on seven leading products showed, John Pirc, research vice president and principal author of the report said Friday. On average, performance fell 74% when the SSL traffic used 512-bit or 1024-bit encryption and 81% with 2048-bit encryption. The current industry standard is 1024-bit, which will double to 2048-bit by the end of the year.

"As [SSL traffic] ramps up, there's going to be a cost from the bottleneck in the network," Pirc said. Enterprises will have to cluster NGFWs or buy much more powerful systems.

The reason for the drop in performance is the extra workload required to decrypt the data packets to look for malicious code and then re-encrypting them before sending the packets on their way, Pirc said. SSL traffic will likely have a similar impact on intrusion prevention systems.

If the firewalls are allowed to struggle under the SSL load, then there will be blind spots during traffic inspection, increasing the chance of malware getting through. Hackers behind advanced persistent threats, which are sophisticated attacks targeted at specific government agencies and companies, often use SSL to transport malware.

[Also see: The rising use of SSL raises new risks]

As SSL use rises, more hackers are expected to use the protocol to hide malware and to communicate with command and control servers once the malicious code has infected a system.

SSL communications with Web browsers on personal computers has been implemented by major websites such as Google, Facebook and Twitter. This trend is expected to continue among many other sites, driving the traffic increase in general.

The firewalls used in the study were from Juniper Networks, Stonesoft, Palo Alto Networks, Sourcefire, Check Point, Dell SonicWall and Fortinet. Last month, Intel-owned McAfee announced plans to acquire Stonesoft for $389 million in cash.

Read more about data protection in CSOonline's Data Protection section.

Join the CSO newsletter!

Error: Please check your email address.

Tags NSS LabsapplicationscryptographicsoftwareSSLdata protection

More about Check Point Software TechnologiesCisco SecurityCisco SecurityDellFacebookFortinetGoogleIntelJuniperJuniperMcAfee AustraliaPalo Alto NetworksSonicWallStonesoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place