Rising SSL traffic to degrade firewall performance

Increasing Internet traffic protected by Secure Sockets Layer, a cryptographic protocol, is threatening to have a dramatic impact on the performance of leading next-generation firewall devices, a security research organization found.

SSL currently comprises 25% to 35% of an average enterprise's client-side traffic, according to NSS Labs. Those percentages are expected to rise by 20% on average at least each of the next two years and possibly beyond.

Once the amount of traffic hits more than 50%, the performance of today's NGFW's will suffer dramatically, tests on seven leading products showed, John Pirc, research vice president and principal author of the report said Friday. On average, performance fell 74% when the SSL traffic used 512-bit or 1024-bit encryption and 81% with 2048-bit encryption. The current industry standard is 1024-bit, which will double to 2048-bit by the end of the year.

"As [SSL traffic] ramps up, there's going to be a cost from the bottleneck in the network," Pirc said. Enterprises will have to cluster NGFWs or buy much more powerful systems.

The reason for the drop in performance is the extra workload required to decrypt the data packets to look for malicious code and then re-encrypting them before sending the packets on their way, Pirc said. SSL traffic will likely have a similar impact on intrusion prevention systems.

If the firewalls are allowed to struggle under the SSL load, then there will be blind spots during traffic inspection, increasing the chance of malware getting through. Hackers behind advanced persistent threats, which are sophisticated attacks targeted at specific government agencies and companies, often use SSL to transport malware.

[Also see: The rising use of SSL raises new risks]

As SSL use rises, more hackers are expected to use the protocol to hide malware and to communicate with command and control servers once the malicious code has infected a system.

SSL communications with Web browsers on personal computers has been implemented by major websites such as Google, Facebook and Twitter. This trend is expected to continue among many other sites, driving the traffic increase in general.

The firewalls used in the study were from Juniper Networks, Stonesoft, Palo Alto Networks, Sourcefire, Check Point, Dell SonicWall and Fortinet. Last month, Intel-owned McAfee announced plans to acquire Stonesoft for $389 million in cash.

Read more about data protection in CSOonline's Data Protection section.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags softwaredata protectionapplicationsSSLNSS Labscryptographic

More about Check Point Software TechnologiesCisco SecurityCisco SecurityDellFacebookFortinetGoogleIntelJuniper NetworksJuniper NetworksMcAfee AustraliaPalo Alto NetworksSonicWallStonesoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

More videos

Blog Posts