How Important is SSL Inspection?
If you are running a UTM or firewall and are not inspecting SSL traffic I am sorry to say your firewall is useless. Why is this? Well, first of all, most traffic now occurs over HTTPS. Even malware sites! The fact of the matter is if you and I can get an SSL certificate, so can the hackers. Even if it’s not a hacker but a compromised site that has malware on it if your firewall can’t inspect the encrypted traffic it cannot block it.
Same deal for a UTM with a virus blocker such as Untangle or Sophos or any other. If the malware comes in through an SSL encrypted connection, there is no way to block it without SSL Inspection. But this feature can be pricey and require a "beefier" device for the extra overhead. However, the cost is necessary if you are running a network. The deployment can be tricky on a large network, but a smaller network is usually a breeze. It is usually a matter of importing an SSL certificate that acts as a man in the middle (MITM).
The traffic is decrypted between the client and the device and re-encrypted then sent back to the internet. Simple right? Here is a video showing what happens when I download a malware file without SSL Encryption.
Let me know if you have any questions!
Sean Mancini of www.seanmancini.com