A system and technique for securing communications between endpoints in a local area network (LAN) includes receiving at a first endpoint in the LAN, a request from an application to connect to a second endpoint in the LAN. Approval from a controller to establish a Secure Socket Layer (SSL) tunnel to the second endpoint is requested. Upon receiving approval from the controller, the first endpoint receives from the controller a session identifier for the SSL tunnel. The controller also distributes a copy of the session identifier to the second endpoint. After receipt of the session identifier at the first endpoint, the session identifier is forwarded from the first endpoint to the second endpoint for security authorization, and the SSL tunnel is established. The SSL tunnel extends from the first endpoint in the LAN to the second endpoint in the LAN.