Issue link: https://insights.oneneck.com/i/1458399
36 Data Center & Hybrid Cloud Security For Dummies, Palo Alto Networks Special Edition These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. The ability to decrypt Secure Sockets Layer (SSL) and other encrypted traffic, such as Secure Shell (SSH), is a foundational security function of next-generation firewalls. Key capabilities include recognition and decryption on any port (inbound or out- bound), policy control over decryption, and the necessary elements to perform decryption across tens of thousands of simultaneous SSL connections with predictable performance. Positive application identification is the traffic classification engine at the heart of next-generation firewalls. It requires a multifaceted approach to determine the identity of applications on the network, regardless of port, protocol, encryption, or eva- sive tactics. Application identification techniques used in next- generation firewalls include: » Application protocol detection and decryption: Determines the application protocol and if encrypted, it decrypts the traffic so that it can be analyzed further. Traffic is re-encrypted after all the next-generation technologies have an opportunity to operate. » Application signatures: Context-based signatures look for unique properties and transaction characteristics to correctly identify the application regardless of the port and protocol being used. This includes the ability to detect specific functions within applications, such as file transfers within software-as- a-service (SaaS) applications. » Heuristics: For traffic that eludes identification by signature analysis, heuristic (or behavioral) analyses are applied — enabling identification of any suspicious applications, such as peer-to-peer (P2P) or Voice over Internet Protocol (VoIP) tools that use proprietary encryption. Having the technology to accurately identify applications is impor- tant but understanding the security implications of an application so that informed policy decisions can be made is equally impor- tant. Look for next-generation firewalls that include information about each application, and its behaviors and risks, to provide IT administrators with application knowledge such as known vul- nerabilities, ability to evade detection, file transfer capabilities, bandwidth consumption, malware transmission, and potential for misuse.