AccessData Group announced a new addition to its product lineup, SSL Locksmith. This product exposes the contents of SSL-encrypted network communications, which eliminates a critical cyber security blind spot.
Encryption is an integral part of cloud computing and is used to secure e-commerce, Web 2.0 applications, email and VPNs. SSL is the de-facto encryption standard. With more than one million SSL sites on the net today, such as Salesforce®, SAP® solutions, Oracle® solutions, the WebEx platform, Windows Update® service, Gmail ® webmail and more, SSL communications represent at least 25% of traffic on most networks.
Many network and security applications are completely blind to the contents of SSL-encrypted communications, resulting in a gaping hole in the enterprise security architecture. This allows the introduction of rogue applications, unrestricted web surfing, virus and spyware distribution and other serious threats to an organizations information assets. Industry practitioners often point to SSL as the most common method by which sensitive data is stolen. It can be as easy as adding an attachment to an SSL-based email, such as Gmail® or Yahoo!® webmail services.
SSL Locksmith solves this problem by brokering SSL connections. This highly anticipated product is a welcome asset to AccessData’s arsenal because “without the ability to see what’s going across SSL communication channels, enterprises are at a huge risk of data theft and compromise,” says AccessData’s Vice President of Cyber Security, Jason Mical.
SSL Locksmith offers easy, web-based management and configuration. To ensure privacy and regulatory compliance, white list and black list filters control which sites and connections are decrypted. Also, even though the product is used in-line, it offers “fail to wire” bypass functionality, which eliminates any potential for disruption in service. SSL Locksmith will be sold as a stand-alone product and can be used with any packet analysis or capture solution, including intrusion detection and prevention systems (IDS and IPS), data leakage prevention systems (DLP), network forensics solutions, and web content monitoring solutions. The solution is also intended to complement AccessData’s integrated information security platform, Cyber Intelligence & Response Technology (CIRT), which integrates computer, network and malware analysis, large-scale data auditing and remediation.
AccessData Group (accessdata.com) has pioneered digital investigations and litigation support for 25 years. Its family of stand-alone and enterprise-class solutions, including FTK, MPE+, Summation and the CIRT security framework, enable digital investigations of any kind, including computer forensics, incident response, e-discovery, legal review and compliance auditing. More than 130,000 users in law enforcement, government agencies, corporations and law firms worldwide rely on AccessData software solutions and its premier digital investigation and hosted review services. AccessData is also a leading provider of digital forensics and litigation support training and certification.