Protective Technology Turned Attack Vector

SSL/TLS Encrypted Attacks and How To Stop Them

Protect Against Inbound and Outbound SSL Attacks

The mass adoption of technologies is often followed by efforts to exploit its widespread use as a security threat, and SSL/TLS encryption protocols are no exception.

Encrypted traffic accounts for as much as 85% of internet traffic, and encrypted DDoS cyberattacks are on the rise. Increased customer awareness of cybersecurity, the migration to HTTP/2, and regulatory requirements now mandate the use of encryption in user communications. As a result, the ability to inspect encrypted traffic and mitigate any malicious threats embedded within has become a critical component of any security strategy.

Radware’s keyless protection against SSL-based DDoS attacks preserves user privacy, adds no latency and requires no access to the organization’s encryption keys.

SSL Attacks on the Rise! Protective Technology Turned Attack Vector


Radware’s SSL/TLS Attack Mitigation Solution

According to Radware’s 2018-2019 Global Application & Network Security Report, 50% of application-layer attacks are encrypted and HTTPS attacks increased 20% year-over-year. SSL connections require up to 15 times more resources from the server than from the requesting host. This means attackers can launch devastating attacks using a minimal number of connections.

Traditionally, most solutions rely on full-proxy, symmetric protection. But that requires full decryption of SSL communications before it is scrubbed, thereby adding latency and violating user privacy. Radware offers full protection against encrypted DDoS attacks using a unique, asymmetric approach that does not require encryption keys, preserves user privacy and does not incur additional latency.

Learn How These Fortune 1000 Companies Have Stopped SSL-Encrypted Attacks

SSL Attack Mitigation

As part of its hybrid attack mitigation solution, Radware offers a patented, encrypted mitigation solution. Radware’s solution supports all common versions of SSL and TLS and protects against all types of encrypted attacks - including TCP SYN Floods, SSL Negotiation Floods, HTTPS Floods and encrypted web attacks.

Leveraging Radware’s SSL protection solution provides numerous benefits to organizations that need to eliminate security blind spots that exist due to SSL encrypted traffic:

Behavioral-based Protection

Industry-leading, machine-learning algorithms to detect HTTPS-based DDoS attacks using both rate-based parameters, as well as behavioral parameters not dependent on rates.

Read the White Paper

Keyless Protection

Allowing Radware to identify and block potentially malicious hosts, even without having to decrypt user communications and without the customer having to provide Radware with a copy of SSL certificates.

Read the Data Sheet

Reduced Latency

Inspect and validate only suspicious transactions while enabling validated users direct access to the server without introducing further latency.

Preserve User Privacy

A unique approach that blocks malicious SSL connections without having to decrypt all customer traffic, thereby preserving user privacy and meeting compliance requirements.

A Unique, Asymmetric Approach to Mitigating Encrypted Attacks

Advanced Detection and Mitigation

Complete protection from encrypted attacks while eliminating vulnerabilities associated with stateful SSL termination

Supports Asymmetric Deployment

Full support of environments where only ingress traffic flows through the solution – crucial for cloud-based deployments

Transparent Deployment

Eliminate the need to reengineer the network or configure end user clients to pass all traffic through a predefined SSL proxy

Premise-Based, Cloud and Hybrid Deployments

Multiple deployment options to suite any organization and network architecture

Featured Resources