The age of Internet encryption has started, when I say started, it started a long time ago, but now it is at its climax. There are many forces driving this rapid adoption: monetization of intellectual property owned by the rulers of the internet: Facebook, Google, WhatsApp, E-Bay, Amazon. The rise of SAAS (e.g. O365, Salesforce, Workday or alike and the Public clouds (AWS, Azure, Google …) where infrastructure and applications alike, are born natively encrypted on the wire. Technology changes and reputation at stake, has its contribution to the adoption. It is all about how the application is ranked from security perspective and what protocols and standards are being used (HTTP 2.0, TLS 1.3 , ECC Ciphers …)

The change is a bless, however with it, comes darkness which is more commonly referred today as:” The Winter is coming”. This is a positive change, yet with a large risk hidden within. For enterprises and applications providers that means, they can no longer spot, see, catch or manipulate data communication easily as before, and there are several reasons for that:

• One cannot open encrypted data without proxying it with when new standards such as DHE, ECC based encryption protocols are in use
• Managing encryption can yield massive performance and scale penalty
• Infrastructure and technology keeps on changing therefore the solution picked should be agile to peripheral solutions
• Decrypting is needed in more than one place, which makes the entire thing more complex and obscured
• There are regulations in place: What is allowed to be decrypted, what is not and how to process it

These needs opened a new market that is being adopted in an ever-growing speed by the market and is commonly referred to: SSL or TLS Orchestration. An architecture that provides:

• Visibility and decision point of what is decrypted in high scale
• Dynamically chain security services that needs to receive decrypted traffic and free them from the unneeded workloads to become efficient again
• Flexible deployment options (TAP, ICAP, Inline L2/3, L4)

F5’s SSL Orchestrator, provides all of the above and more

Recently, I teamed up with an exciting startup company called CGS Tower Networks. CGS technology offering is unique in the packet broker and network visibility market and provides the following benefits:

• Maximize the return on cyber security tools by filtering, load balancing network traffic, and performing rate adjustment between low bandwidth tools to high capacity networks
• Improve and empower cyber security deployments
• Solve the ‘blind spot’ and network congestion challenges that have a negative impact on cyber security and network performance management tools

CGS has also taken an innovative approach towards infrastructure needs, where they deploy packet broker software on mass production, modern, scalable powerful switches and X86 servers, that results in superior performance that eliminates bottlenecks and significant cost reduction.

CGS was looking for a technology partner with extensive industry experience, that could add decryption point of control capabilities to their offering, and F5 was a perfect fit. Integration with F5 was easy and resulted in a compelling offer that provides CGS with a unique value proposition and ability to:

• Empowered by F5 Networks – a market leader in the security space
• The architecture enables the layering of many security solutions with centralized focal point of managing certificates and encryption keys
• Improve cyber security deployments by eliminating network blind spots
• Offer unparalleled Price/Performance and unmatched industry feature set
• Leverage F5 deployments that already include SSL/TLS functionality
• Scale SSL/TLS capacity and functionality without the need to upgrade the packet broker or any security solution in the chain

Two modes of deployments exist to CGS Network customers: