The ADC Key Master Delegates Application Security Functions

August 3, 2017 — by Frank Yue0

main

Application Delivery

The ADC Key Master Delegates Application Security Functions

August 3, 2017 — by Frank Yue0

One of the responsibilities of the Key Master is to provide access to the sensitive and secure information hidden within the locked facilities.  In my last post, I explained why the application delivery controller (ADC) is the Key Master for SSL/TLS communications on the internet.  It is the responsibility of the ADC to manage and distribute the access to the different essential security services.

Businesses purchase and implement a myriad of security solutions to protect their applications. Next generation firewalls, intrusion prevention systems (IPS), data leakage prevention (DLP), and web application firewalls (WAF) are just some of the diverse security solutions that companies use to ensure the safety of their applications.

Most of these security solutions are not designed to decrypt high volumes of encrypted content. They are designed to inspect application communications in order to validate the content, identify the threats, and block the malicious attackers. The resource and cost burden to decrypt the content is high. It does not make sense to apply the decryption and encryption process within each security service.

[You might also like: You Cannot Do Application Delivery Without Security]

Manage the process, not the service

This is where the ADC can be of service. The ADC is the central point for managing application encryption and provides the high-performance decryption technology. As the Key Master, the ADC becomes responsible for access to the decrypted application content.

There are three functions that the ADC performs that makes it the perfect solution for this inbound SSL inspection architecture.

• First, the ADC is a load balancer. The ADC evolved from the load balancing technologies developed in the 1990s. As a load balancer, it is designed to manage the connections to pools of devices. These devices can be the typical application servers or they can be the security services that need to inspect the unencrypted application content.
• Second, the ADC has the software and hardware enhancements to manage the high-performance encryption and decryption needs. Over 50% of the internet is encrypted today. Security and privacy concerns are driving organizations to increase the application encryption requirements.
• Third, the ADC uses service chaining to send the decrypted content to multiple security devices. The Key Master controls and directs the sensitive application content to multiple security services. The application content only needs to be decrypted once to steer the traffic to the security services because it is the central point of encryption management.

With great power…

The ADC is designed to be the central management point for all things related to application encryption. This functionality means that it is responsible for managing all of the corollary security services that need access to the protected content.

Fortunately, the ADC has the pedigree of load balancing technology and is well positioned to be the Key Master for application security services that are required within today’s vulnerable internet. Businesses are prudent to take advantage of the ADC capabilities to enable the critical security functions that application networking requires.

6_tips_sla_document_cover

Read “Keep It Simple; Make It Scalable: 6 Characteristics of the Futureproof Load Balancer” to learn more.

Download Now

Frank Yue

Frank Yue is Director of Solution Marketing, Application Delivery for Radware. In this role, he is responsible for evangelizing Radware technologies and products before they come to market. He also writes blogs, produces white papers, and speaks at conferences and events related to application networking technologies. Mr. Yue has over 20 years of experience building large-scale networks and working with high performance application technologies including deep packet inspection, network security, and application delivery. Prior to joining Radware, Mr. Yue was at F5 Networks, covering their global service provider messaging. He has a degree in Biology from the University of Pennsylvania.

Leave a Reply

Your email address will not be published. Required fields are marked *