Post-Intrusion Report, 2016
The fastest, most efficient way to detect and mitigate cyber attackers in your network
Live 30-minute introduction to the Vectra product and its underlying technology.
Detections over 30 days
Don't let your cybersecurity vendor leave you vulnerable
by Chris Morales
The U.S. Computer Emergency Readiness Team (US-Cert) issued a warning last week stating HTTPS interception weakens TLS security. As the use of encryption for privacy has increased, the security industry has responded by intercepting and decrypting SSL sessions to perform deep-packet inspection (DPI).
Secure web gateways, firewalls, intrusion detection and prevention systems, and data loss prevention (DLP) products all perform some form of SSL intercept and decryption to perform DPI.
The primary reason why information security teams want to intercept and decrypt traffic protected by secure-socket layer (SSL) or transport layer security (TLS) encryption is to perform DPI to identify threats or malware.
However, when they do there is a security impact if SSL encryption is not performed at least as well as the browsers do. The quality of SSL encryption is inconsistent among vendors and runs the risk of creating a huge vulnerability in your secure architecture.
Even worse, users may not be aware of this interception, creating a false sense of security on their side. The client browser can only verify secure communications with the next computer with which it communicates.
Vectra in the news