Endpoint-based web and cloud security provider Dope Security has launched a new instant secure socket layer (SSL) error resolution feature on its secure web gateway (SWG) offering, Dope.swg.The new feature is added to simplify SSL inspection conducted by Dope\u2019s SWG and helps admins bypass SSL errors generated as a result of the inspection.\u201cDope\u2019s main differentiation is its \u2018fly-direct\u2019 architecture \u2014 rather than re-route all of your Internet traffic to a data center for security checks, we perform them on the device,\u201d said Kunal Agarwal, CEO at Dope Security. \u201cWith our new instant SSL error resolution feature, we are further simplifying the SSL inspection process.\u201dSSL inspection is a security feature of SWGs that enables them to decrypt SSL-encrypted traffic, scan it for potential threats, and re-encrypt it before forwarding the traffic to its destination.SSL inspection can sometimes break applicationsSSL inspection can sometimes cause issues and break some applications that rely on SSL encryption to function correctly. There can be different underlying reasons for breaking applications, which include certificate validation issues, hard-coded IP addresses and domains, and application-specific SSL configurations.Certificate validation failure happens when there is a mismatch between the SSL-generated certificates and the original certificate carried from the website. If the application is not designed to handle this change in certificates, validation fails, and a connection is refused.Hard-coded IP addresses in some applications may also lead to breaking as these applications are designed to connect to a specific IP address or domain, and may not recognize the SWG\u2019s IP address or domain after SSL inspection is performed.Several applications may also have specific SSL configurations, which may be incompatible with the SWG\u2019s SSL inspection process and hence lead to breaking.When SSL inspection leads to problems, admins seek to configure SSL bypass rules for specific applications or websites to bypass their inspection. The configuring of these rules, however, is typically manual, which involves logging support tickets, hunting around for application domains and URLs, manual inputs in bypass lists, and continuous manual monitoring, according to a company blog.\u201cThe previous generation of products caused more issues than they solved,\u201d Agarwal said. \u201cFor instance, if an app had an SSL inspection compatibility issue it required a huge amount of coordination between the employee, their IT team, and customer support to figure out what was happening. It takes time and it\u2019s a pain.\u201d\u201cToday\u2019s way of doing it (SSL inspection bypass) comes with so many steps and checks, that it\u2019s almost easier to just disable the SWG agent altogether so that your applications at least work,\u201d the blog added. This, obviously, will leave businesses vulnerable to security threats and hence should be avoided.\u201cSimplifying the process of updating bypass lists is a much better alternative than disabling SSL inspection entirely,\u201d said Michael Sampson, an analyst with Osterman Research. \u201cIt would be important for organizations to periodically revisit what was breaking and why, and whether any updates had resolved the breakage so that bypass rules could be reversed and thus a higher proportion of processes would be covered by SSL inspection.\u201dDope directly flags SSL errors for bypassDope\u2019s SWG offering, Dope.swg, has an existing capability of logging SSL errors. The new instant SSL error resolution feature adds additional logging and analysis capabilities to prepare and display a list of specific processes and URLs that are experiencing SSL errors.After scanning the process name and retrieving the associated URLs, these findings are logged and synced to Dope.cloud, which is a cloud-based user console for all admin configurations and reporting. Admins can use dope.cloud to add these findings to the bypass lists through one click. \u00a0All security controls effected through Dope\u2019s SWG are performed through Dope\u2019s on-device SSL proxy, Dope.endpoint, which retains a business\u2019 user\u2019s policy and protects the device from accessing bad content. Dope.endpoint is controlled by Dope.cloud\u2019s console where an organization\u2019s policies are configured.\u201cOur new Instant SSL Error Resolution simplifies the SSL inspection and bypass process and converts them into three clicks \u2014 the error shows up, you check a box, and hit bypass. That\u2019s it! It\u2019s a capability that should\u2019ve been there from day one with the legacy providers to make your life easier,\u201d Agarwal said.\u201cIt would also be good if there was a feedback loop from Dope to app owners \u2014 perhaps they could subscribe to a break feed, so they could see what is breaking where and why,\u201d Sampson said.The feature will automatically be available to customers using dope.swg, with no extra charges or license. Dope is currently working on cloud access security broker (CASB) and private access offerings to transition to a full security service edge (SSE) product.