Expert Comments

Security Expert Comments On NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks

Expert(s): Security Experts
Expert(s): Security Experts

The National Security Agency (NSA) published an advisory that addresses the risks behind Transport Layer Security Inspection (TLSI) and provides mitigation measures for weakened security in organizations that use TLSI products. TLSI (aka TLS break and inspect) is the process through which enterprises can inspect encrypted traffic with the help of a dedicated product such as a proxy device, a firewall, intrusion detection or prevention systems (IDS/IPS) that can decrypt and re-encrypt traffic encrypted with TLS.

Experts Comments

November 22, 2019
Richard Bejtlich
Principal Security Strategist
Corelight
Many organizations use "break and inspect" technologies to gain better visibility into encrypted traffic. I prefer to preserve encryption wherever possible, for the reasons outlined by the NSA. This is why companies like Corelight invests into features like SSH Inference to inform defenders while protecting privacy. Our new sensor feature profiles Secure Shell traffic to identify account access, file transfers, keystroke typing, and other activities, all while preserving default encryption and.....Read More
Many organizations use "break and inspect" technologies to gain better visibility into encrypted traffic. I prefer to preserve encryption wherever possible, for the reasons outlined by the NSA. This is why companies like Corelight invests into features like SSH Inference to inform defenders while protecting privacy. Our new sensor feature profiles Secure Shell traffic to identify account access, file transfers, keystroke typing, and other activities, all while preserving default encryption and without modifying any endpoint software. I believe security teams will have to increasingly incorporate these sorts of solutions, rather than downgrading or breaking encrypted traffic.  Read Less
November 22, 2019
Justin Jett
Director of Audit and Compliance
Plixer
Organizations that plan to, or are currently, using TLSI to detect malicious activities on the network must be sure to maintain the certificate validation process that would normally happen between the client and the server. Additionally, organizations should monitor TLS certificate metadata with network traffic analytics. These details such as certificate common name, Certificate Authority (CA) information, and expiration date, will give security and network professionals information they need .....Read More
Organizations that plan to, or are currently, using TLSI to detect malicious activities on the network must be sure to maintain the certificate validation process that would normally happen between the client and the server. Additionally, organizations should monitor TLS certificate metadata with network traffic analytics. These details such as certificate common name, Certificate Authority (CA) information, and expiration date, will give security and network professionals information they need to detect when TLSI systems are not properly validating certificates. An example of this would be when there are connections to sites with expired certificates or untrusted CAs are allowed to connect instead of returning an error. By leveraging this information from the network, organizations can verify that they are validating TLS connections in the most secure manner which ensures that information security is maintained throughout the connection.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Data Hacked For 400,000 LA Patients

IKEA Suffering Ongoing “Reply-Chain” Email Attack

Cybersecurity Expert Reaction On UK’s Financial Regulator Scraps 90-day Authentication...

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Panasonic Becomes Latest Victim Of Data Breach – Security Expert...

Clearview’s £17 Million Fine For Processing 10+ Billion Images Is...

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts