SSL inspection is the right solution to unlock encrypted sessions, check the encrypted packets, identify and block the threats. The inspection secures you from HTTPS prone attacks and also the attacks that are caused through SSL-encrypted protocol like POP3S, SMTPS, IMAPS, and FTPS.
To put it in simple terms, SSL Inspection or HTTPS Interception is a man-in-the-middle attack executed to filter out malicious content. SSL Inspection or TLS Interception, as we saw, is done by means of an interception device. This interceptor sits in between the client and server, with all the traffic passing through it. When the connection is made over HTTPS, the inspector intercepts all traffic, decrypts it and scans it. First, the interceptor establishes an SSL connection with the web server. Here, it decrypts and examines the data. Once the scanning is done, it creates another SSL connection—this time with the client (browser). This way, the data gets to the client in an encrypted format—the way it was intended originally. Here’s an overview of the SSL Inspection process of inbound traffic: First, the solution intercepts the traffic coming and decrypts HTTPS sessions between clients and servers. Once the traffic has been decrypted, the solution inspects the content through antivirus scanning, web filtering, etc. Then the interceptor encrypts the traffic and forwards it to the destination, in this case the web server.