The new TLS test feature makes it easy for Engineers to find the right balance between security and network performance.
This is achieved by comparing the performance impact of using different cipher suites and certificates.
SSL/TLS encryption is now used extensively for web browsing, applications and email, but it can also encrypt malicious malware. If the encrypted traffic is not decrypted prior to reaching the security layers – such as Intrusion Prevention Systems – the security layers do not have visibility of the malware.
To mitigate this risk, SSL/TLS decryption devices, and some Network Packet Brokers can now decrypt the SSL/TLS traffic on one side, inspect the content, and re-encrypt the traffic on the other side. However, this can lead to a trade-off between security effectiveness and Quality of Experience when inline security devices are working harder, and therefore throughput can drop.
The new capability from Xena Networks provides native TLS traffic generation using up to date cipher suites and certificates, so they can compare parameters such as handshake per second, concurrent TLS session, and TLS throughput.
This adds real value for network owners and device manufacturers seeking to compare security setups to optimise the performance envelope of their network security devices.