HTTPS (Hypertext Transfer Protocol with Security) is a combination of HTTP with a network security protocol (such as SSL, Secured Sockets Layer). HTTPS connection is used for Web applications (such as online banking) that require secured connections to protect sensitive content. Because traditional security devices are unable to decrypt and inspect this content, virus/malware and other threats embedded in HTTPS traffic can pass unobstructed through your security defenses and on to your enterprise network.

IWSVA closes the HTTPS security loophole by decrypting and inspecting encrypted content. You can define policies to decrypt HTTPS traffic from selected Web categories. While decrypted, data is treated the same way as HTTP traffic to which URL filtering and scanning rules can be applied. In addition, decrypted data is completely secure since it is still in the IWSVA server's memory. Before leaving the IWSVA server, the data is encrypted for secure passage to the client's browser.

IWSVA supports HTTPS decryption and scanning in the following modes:

See also: