Rising SSL traffic to degrade firewall performance

Drop in performance caused by extra workload required to decrypt data packets to look for malicious code, then re-encrypting before sending


Increasing Internet traffic protected by Secure Sockets Layer, a cryptographic protocol, is threatening to have a dramatic impact on the performance of leading next-generation firewall devices, a security research organization found.

SSL currently comprises 25% to 35% of an average enterprise's client-side traffic, according to NSS Labs. Those percentages are expected to rise by 20% on average at least each of the next two years and possibly beyond.

Once the amount of traffic hits more than 50%, the performance of today's NGFW's will suffer dramatically, tests on seven leading products showed, John Pirc, research vice president and principal author of the report said Friday. On average, performance fell 74% when the SSL traffic used 512-bit or 1024-bit encryption and 81% with 2048-bit encryption. The current industry standard is 1024-bit, which will double to 2048-bit by the end of the year.

"As [SSL traffic] ramps up, there's going to be a cost from the bottleneck in the network," Pirc said. Enterprises will have to cluster NGFWs or buy much more powerful systems.

The reason for the drop in performance is the extra workload required to decrypt the data packets to look for malicious code and then re-encrypting them before sending the packets on their way, Pirc said. SSL traffic will likely have a similar impact on intrusion prevention systems.

If the firewalls are allowed to struggle under the SSL load, then there will be blind spots during traffic inspection, increasing the chance of malware getting through. Hackers behind advanced persistent threats, which are sophisticated attacks targeted at specific government agencies and companies, often use SSL to transport malware.

[Also see: The rising use of SSL raises new risks

As SSL use rises, more hackers are expected to use the protocol to hide malware and to communicate with command and control servers once the malicious code has infected a system.

SSL communications with Web browsers on personal computers has been implemented by major websites such as Google, Facebook and Twitter. This trend is expected to continue among many other sites, driving the traffic increase in general.

The firewalls used in the study were from Juniper Networks, Stonesoft, Palo Alto Networks, Sourcefire, Check Point, Dell SonicWall and Fortinet. Last month, Intel-owned McAfee announced plans to acquire Stonesoft for $389 million in cash.

Copyright © 2013 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline