TLS/ SSL Decryption – One of the Main Pillars of Zero Trust Model

Adil Baghir Photo

By: Adil Baghir, Technology Consultant Lead, Middle East & Africa at A10 Networks

In a world where everything and everyone is connected to the internet, in one way or another, it’s hard to imagine a network that is truly secure. Data, large amounts of it, are at the centre of it all. With industries from healthcare to the education sector to the government using the internet to provide easy access to data, it is no wonder that cybersecurity teams are always working around the clock to try and come up with better ways of defending these networks and the data they store.

Insider Threats – Need for Security to Evolve from “Castle and Moat” Approach

Modern cyberattacks are not limited to just network intrusion from the outside. Internal threat actors can often be found at the centre of sophisticated attacks.

Initially, we had the concept of zones, perimeters and network segments – placing all the protected assets “inside” the secured network perimeter. However, attackers are always evolving the methods they use; always on the lookout for weak points in your network defences; and coming up with newer ways of infiltrating the perimeter. Keeping up with them is a challenging and ongoing struggle. We also need to realize that the “castle and moat” approach to our network defences was mostly effective against threats that resided outside the network. But what about the threats on the inside? What about modern attacks that work on multiple levels to try to bring your networks down? How do we protect our networks from people who have legitimate access to all its resources? How do we battle the ever-growing and ever-evolving modern cyberattacks? Add to these questions, regulations like GDPR, and the rising fines, and you will see that having your networks attacked and data breached is one of the worst things that can happen to your company. With these issues as the backdrop, we are forced to re-assess and re-think the way we defend our networks, users and data.

Zero Trust Model – a Modern Cybersecurity Approach

Zero Trust attempts to fix the problems, and patch the holes, in our cybersecurity strategies. At the core of it, the Zero Trust model is based on the principal of “trust nobody.” The Zero Trust model dictates that no one in your network should be trusted completely, that access should be restricted as much as possible, and that trust should be seen as yet another vulnerability that can put your network at risk.

Some of the precepts of the Zero Trust model are:

  • Networks need to be redesigned in a way that east-west traffic and access can be restricted.
  • Incident detection and response should be facilitated and improved using comprehensive analytics and automation solutions, as well as centralized management and visibility into the network, data, workloads, users and devices used.
  • Access should be restricted as much as possible, limiting excessive privileges for all users.
  • In multi-vendor networks, all solutions should integrate and work together seamlessly, enabling compliance and unified security. The solutions should also be easy to use so that additional complexity can be removed.

Danger of Security Blind Spots

In recent times, we have witnessed a phenomenal rise in the use of encryption across the internet. Google reports that over 90 percent of the traffic passing through its services is encrypted. The same is true for all the other vendors. This rise has been driven by many factors, including privacy concerns.

However, with encryption comes the creation of a “blind spot” in our network defences as most of the security devices we use are not designed to decrypt and inspect traffic. The Zero Trust model is not immune to this problem as visibility is considered as one of the key elements to its successful implementation. Without complete encrypted traffic visibility, the model will fail, introducing vulnerabilities that can be exploited by both insiders and hackers.

TLS/SSL Decryption – One of the Main Pillars of Zero Trust

A centralized and dedicated decryption solution must be placed at the centre of the Zero Trust model and should be included as one of the essential components your security strategy.

Many security vendors will make claims of the ability to decrypt their own traffic, working independently of a centralized decryption solution. However, this “distributed decryption” approach can introduce problems of its own, including inferior performance and network bottlenecks, and fixing these would require costly upgrades. In a multi-vendor, multidevice security infrastructure, the distributed decryption also forces you to deploy your private keys in multiple locations, creating an unnecessarily large threat surface in your network, which could be subject to exploitation.

Key features of a good TLS/ SSL Decryption Solution

It is important that a dedicated, centralized decryption solution provides full visibility to the enterprise security infrastructure for TLS/SSL traffic. Not only that, but the solution also needs to provide a multi-layered security approach, which then makes it the perfect candidate to be deployed at the centre of a Zero Trust network.

Below are some of the features to look out for when looking to implement a TLS/ SSL Decryption Solution:

  • Full Traffic Visibility – It needs to enable the entire security infrastructure to inspect all traffic in clear-text, at fast speeds, ensuring that no encrypted attacks or data breaches can slip through
  • Ease of Integration – It should be vendor agnostic and easily integrate with security devices already deployed within the network. This drives down additional costs and upgrades.
  • Multi-Layered Security Services – These are additional security services, including URL filtering, application visibility and control, threat intelligence and threat investigation, that help strengthen the security efficacy of the entire enterprise network
  • User Access Control – The product should be able to enforce authentication and authorization policies to restrict unneeded access, log access information and provide the ability to apply different security policies based on user and group IDs.
  • Micro Segmentation – It should facilitate micro-segmentation through its ability to provide granular traffic control, user and group ID-based traffic control, and support for multi-tenancy
  • Securing Cloud Access – SaaS security is an important feature which can be provided by enforcing tenant access control and visibility into user activities.

In conclusion, without a centralized and dedicated TLS/SSL decryption solution, the Zero Trust model is unable to do what it was designed to do – protect our networks, users and data from threats residing inside and outside the network.


Kodak Alaris Announces 2020 Partner of the Year Award Winners for EMEA Region

Kodak Alaris has recognised eight partners from the Europe, Africa and Middle East region (EMEA) in its annual Partner of the Year awards. The awards are an integral part of the global information capture leader’s annual Partner Summit, which this year was held as a virtual event due to the COVID-19 pandemic.

The Kodak Alaris Partner Awards acknowledge partners who have demonstrated excellent growth, engagement, innovation, and implementation of customer-centric solutions based on Kodak Alaris’ technology and services portfolio. The finalists and winners were chosen based on their commitment to customers, investment in solutions from Kodak Alaris, year on year revenue and growth trajectory, as well as successful joint wins over the past year.

“Kodak Alaris has a market-leading partner network and I am delighted to formally recognise our highest performing partners who continue to deliver added value to our joint customers, helping them to transform their and their clients’ businesses,” said Gerry Kelliher, Managing Director, EMEA Region, Alaris division of Kodak Alaris. “This year’s winners stand out by delivering the expertise organisations need to automate business processes, to maximise productivity and drive growth in increasingly complex business environments.”

Kodak Alaris Virtual Partner Summit 1

Spigraph, Benelux was named Top Value Added Distributor; the company has collaborated closely with the Kodak Alaris sales team and continued to drive high market share in the region. “To be awarded as Top Value Added Distributor of the year is a great recognition of all our joint efforts to drive profitable growth through the region,” said Koen Beeuwsaert, Vice President Sales, Northern Europe, Spigraph. “The unique ecosystem built between our reseller community, Spigraph and Kodak Alaris is offering tremendous value to end users that are in the middle of their Digital Transformation.”

Having delivered significant revenue growth in FY20, long-standing partner ALOS, one of the leading system providers of capture and Enterprise Content Management solutions in German-speaking countries, secured the Top Performing Partner accolade. The Top Solutions Provider award category which recognises partners’ success in developing solutions capability around Kodak Alaris’ complete hardware, software and services offering, was won by e-das, Germany. “We have been a partner of Kodak Alaris now for over 20 years,” said e-das CEO Helmut Geilenkeuser. “We have a fantastic working relationship and many successful projects. A good relationship is important but not everything. Brilliant products like the scanner range from Kodak Alaris as well as the software and service offerings make the total package complete.”

Pitney Bowes UK scooped the Top Strategic Partner award. The partnership between the two companies is a relatively new one. Pitney Bowes has very quickly integrated Kodak Alaris into its solutions portfolio, rapidly growing the business and is driving new opportunities, particularly within the digital mailroom. In the service category, Restore Digital UK won the 2020 Service Partner ‘Large Deal’ award, and the Service Partner ‘Loyalty’ award was presented to ScanfabrikTM KG.

A Special Award went to Wietec in Israel celebrating its successes over the past 12 months, most notably winning three major tenders to deliver election solutions despite tough competition. And Dubai-based distributor Rookie Ninja, was the first recipient of the Service Partner ‘Start-up’ award which was designed to recognise a partner that has built a successful service business from scratch. “We are proud and humbled to receive this award from Kodak Alaris for our Services,” said Shashank Patel, Managing Director, Rookie Ninja. “Kodak Alaris believes in delivering industry leading service to its clients globally and it feels great to be the torch bearer for the same in this region.”

To learn more about the Kodak Alaris Partner Programme, please click here.


The Sunreef 70 joins Sunreef Yachts range of exclusive sail catamarans. With outstanding living spaces, Sunreef Yachts’ latest model balances extreme comfort, great performance under sail and advanced technology. A fully-customizable craft, she offers an infinite variety of layouts and décors.

Named Ocean Vibes, the first launch of the Sunreef 70 features a spacious 5 cabin layout, a vast flybridge and a bow terrace accessed directly from the main saloon. Equipped with a hydraulic aft platform, the yacht’s generous stern cockpit uses the yacht’s entire 10.8m beam to provide for supreme comfort and perfect conditions for watersports.

The Sunreef 70 now joins Sunreef Yachts’ sail catamaran range, alongside the Sunreef 50Sunreef 60, and Sunreef 80. For more information about the Sunreef 70, feel free to get in touch with the team.