Easy to deploy without a lot of complications but the operations side should be simplified One of the most valuable aspects of this solution is that it's easy to deploy without a lot of complications. Of course, one has to be very good at understanding the PKI as a whole. But in terms of implementation, we are utilizing Fail-to-Network, which means even if SSLV for some reason goes down, we don't get traffic interruption. In terms of SSLV's feature itself, it is very flexible in terms of whitelisting. For example, if I do not want to encrypt some things that are subject to compliance, it has easy categorization of the hostname that is out of the box. In one click I am able to dictate which hostname it should encrypt or not. It is easy to abide by the compliance policy. It is not just category-based, it is also very easy to whitelist or bypass the decryption based on IP addresses. For example, we have a finance minister who is in our network and we do not want to see all of his internet activity. It allows us to bypass it based on his IP address. There are many ways we can bypass SSL decryption. Be it destination IP, the source IP, the URL, the hostname, et cetera. This is the easiest solution and I did a little bit of research before and I could not find another solution that does this. There is also a return on investment. They have very good hardware and it is already prepaid for SSL 1.3. They have a way to do that. Not all types of versions can be decrypted. But to some extent, they can do that also, SSL 1.3. That is something amazing and most of the other vendors cannot do that.
