MatrixSSLTM Interceptor provides a friendly way to monitor SSL/TLS traffic in real time without modifying the traffic (passive mode). Contrary to a hostile man-in-the-middle attacks where the proxy breaks the connection, MatrixSSLTM Interceptor can only be deployed by a valid organization knowing the server(s) secret keys. MatrixSSLTM Interceptor is optimized for performance: it decrypts both ends of the connection without copying the traffic to multiple memory buffer (zero-copy approach).
Need for network monitoring
While the increasing demand for SSL to secure network traffic helps to keep corporate data safe and protect against data breaches, it also prevents incoming traffic from being inspected properly. Malicious SSL traffic can be exploited by an attacker to mount attacks directly into application servers.
MatrixSSLTM Interceptor allows security devices to passively monitor suspicious SSL traffic to ensure security and while not affecting overall networking performance.
Real time, transparent and friendly interception
In order to prevent SSL to be used as an attack vector, MatrixSSLTM Interceptor allows security tools (e.g. Intrusion Prevention System) to detect and react in real time without affecting performance or latency. That is possible due to the design of MatrixSSLTM. Contrary to OpenSSL, it does not copy the traffic to multiple memory buffers (zero-copy) and provides efficient integration with hardware accelerators through asynchronous APIs. MatrixSSLTM Interceptor supports any number of server keys, added and removed on the fly, so multiple servers can be monitored. It fully tracks the key establishment of the connection, enabling us to inspect SSL traffic even after a rehandshake or a session resumption.
Passive SSL monitoring Versus SSL Proxy
An SSL proxy acts as a man-in-the middle using a valid certificate to terminate an SSL connection and then start a new connection. A typical usage is to monitor employees’ traffic to a suspicious location. This requires the closing and opening of a new SSL session for each connection and encrypting and decrypting of ALL traffic, negatively affecting networking performance. In contrast MatrixSSLTM Interceptor acts as a passive mode SSL interceptor. Configured with the private key of the server certificate it can decrypt traffic in both direction without re-encrypting it. The network will operate as if no monitoring is taking place with no effect on performance.
Easy to integrate for quicker time to market
MatrixSSLTM Interceptor is shipped in clean C source code which is easily integrated and fully supported. It has a simple, easy to use API, that is fully configurable and easy to compile. Pluggable cipher suites allow easy customization to meet specific requirements. No cryptographic expertise is required and INSIDE Secure®provides full integration and maintenance support. MatrixSSLTM Interceptor is pre-integrated with silicon IP from INSIDE Secure® (EIP-97, EIP-96, and EIP-197b) allowing maximum performance.
MatrixSSLTM Interceptor leverages MatrixSSLTM functionality that is in use in millions of devices on the market.
• SSL2.0, SSL3.0, TLS1.0, TLS1.1, TLS 1.2
• Rehandshake, session resumption, session tickets
• Passive monitoring
• Transparent to server
• High performance
• Efficient integration with hardware acceleration
• Broad cryptography support
• Extensible cryptography layer
• FIPS 140-2 Level 1 validated cryptographic module available
• Certificate and PSK
• OS abstraction layer
Supported Cipher Suites