SSL Traffic Inspection: Needed Visibility But At What Cost?

  • Wednesday, 19 Sep 2018 10:30AM EDT (19 Sep 2018 14:30 UTC)
  • Speakers: Barbara Filkins, Parth Jagirdar

We all agree encryption on network traffic is necessary, both to improve the confidentiality and integrity of the information in motion as well as to comply with numerous regulations (like HIPAA). But while we think of it as being used for good, it can also be used for evil. Hackers can use it to hide malicious intent, whether stealing data sent via email or to cloud'storage to protecting malware C&C communications.

Given the growth in both the use of network-based encryption and network attacks targeting encrypted traffic to bypass controls, how can organizations keep up?

Simply turning on SSL inspection in a NG firewall can substantially degrade performance. Buying a new firewall is a costly endeavor. SANS will explore the concerns faced by an organization that realizes it must improve visibility into its encrypted traffic, laying out both the business and the technical issues and how to approach both.