Abstract: In one embodiment, a method includes establishing at a security device, a secure session for transmitting data between a client device and an end host, receiving decrypted data at the security device from the client device, inspecting the decrypted data at the security device, encrypting the decrypted data at the security device, and transmitting encrypted data to the end host. Decryption at the client device is offloaded from the security device to distribute decryption and encryption processes between the client device and the security device. An apparatus and logic are also disclosed herein.

Abstract: In one embodiment, a method includes establishing at a security device, a secure session for transmitting data between a client device and an end host, receiving decrypted data at the security device from the client device, inspecting the decrypted data at the security device, encrypting the decrypted data at the security device, and transmitting encrypted data to the end host. Decryption at the client device is offloaded from the security device to distribute decryption and encryption processes between the client device and the security device. An apparatus and logic are also disclosed herein.

Abstract: A proxy device intercepts a client transport layer security message including a server name indicator from a client device. The first client transport layer security message is addressed to a server. The proxy device generates a second client transport layer security message including the server name indicator from the first client transport layer security message and sends the second client transport layer security message to the server. The proxy device receives a certificate from the server, validates its identity, and performs policy functions based on that identity.

Abstract: Integrity checking a remote client includes generating integrity services configured to perform integrity checks on the client when executed thereon, and downloading a set of the generated services to the client. The integrity checking also includes receiving respective integrity check results from the downloaded services and performing respective integrity tests on each downloaded service based in part on the integrity check results received from that service. The integrity checking further includes replacing the set of downloaded services with a new set of services that perform same integrity tests as the replaced set of downloaded services if any downloaded service fails the respective integrity test performed thereon.

Abstract: Integrity checking a remote client includes generating integrity services configured to perform integrity checks on the client when executed thereon, and downloading a set of the generated services to the client. The integrity checking also includes receiving respective integrity check results from the downloaded services and performing respective integrity tests on each downloaded service based in part on the integrity check results received from that service. The integrity checking further includes replacing the set of downloaded services with a new set of services that perform same integrity tests as the replaced set of downloaded services if any downloaded service fails the respective integrity test performed thereon.