Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
9
Helpful
3
Replies

Encrypted Visibility Engine (EVE) vs SSL Decryption on FTD

Go to solution
Carlos Trujillo Jimenez
Beginner
Beginner

‎05-18-2023 06:33 AM

Hi, 

We see "Encrypted Visibility Engine" (EVE) on the FTD is supposed to replace the SSL Decryption feature.

Our requirement is to fully detect and block malware over encrypted traffic (HTTPS). 

At the present time (May 2023) is safe to use EVE instead of SSL Decryption on new implementations of FTD? Im using FTD 7.2

 

On release 7.2. If we enable only EVE and NOT SSL decryption, is it correct that the IPS and File and malware blocking rules don't work (block) malware traffic over the encrypted https traffic?

 

Thanks,

CT

1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame Community Legend Hall of Fame Community Legend
Hall of Fame Community Legend
In response to Carlos Trujillo Jimenez

‎05-29-2023 06:16 AM

With respect to perimeter firewall settings, you are correct.

However, the perimeter firewall is only one of several means to protect against malware. Endpoint security, email security and other methods can be used to avoid and deny malware incursions as well.

View solution in original post

3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame Community Legend Hall of Fame Community Legend
Hall of Fame Community Legend

‎05-22-2023 10:18 AM

EVE  does not replace SSL decryption. Instead it gives some ability to inspect an SSL/TLS-protected flow by discerning what it can from things like the SSL handshake. That's very different from decrypting and inspecting the encrypted payload.

Go to solution
Carlos Trujillo Jimenez
Beginner
Beginner

‎05-29-2023 06:10 AM

Thanks Marvin, so just to be 100% clear, at the present time (May 2023), if we want to have a safe and secure environment, we should keep using SSL decryption for malware detection and blocking and IPS filtering. Is this correct?

 

I understand that if we have only EVE, but NOT SSL decryption, we are still at risk of passing malware or the IPS engine not detecting malicious connections on HTTPs traffic. Do you agree with this?

 

Thanks,

CT

Go to solution
Marvin Rhoads
Hall of Fame Community Legend Hall of Fame Community Legend
Hall of Fame Community Legend
In response to Carlos Trujillo Jimenez

‎05-29-2023 06:16 AM

With respect to perimeter firewall settings, you are correct.

However, the perimeter firewall is only one of several means to protect against malware. Endpoint security, email security and other methods can be used to avoid and deny malware incursions as well.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents