Most enterprise traffic is TLS-encrypted. Most enterprises aren't inspecting it. Here's why that matters.
TLS. Transport Layer Security. is the evolution of SSL. TLS is designed to increase security by encrypting data end-to-end between two points, preventing bad actors from having visibility into web session traffic. However, threat actors have also come to see the value in utilizing TLS encryption for delivering malware and evading security controls.
This can be indirect, via leveraging common sanctioned SaaS applications (Office365, Box, Dropbox, Google Drive) as delivery vectors, or direct, by using free certificates from Let's Encrypt. Despite being designed for good, threat actors wasted no time in leveraging the advantages of free encryption in their activities. The point: most traffic, good and bad, is now TLS encrypted. and that creates challenges for IT and security teams.
TLS inspection is almost completely transparent to the end-user and sits between the user and their web applications. Like a man-in-the-middle approach, TLS inspection intercepts the traffic, enabling inspection by security engines. For this to work without disruption to the end-user, an appropriate certificate must be installed on the client device.
TLS inspection has been available for some time but isn't widely used, primarily due to cost and complexity. Historically, NGFW or other appliances have been the source of TLS inspection capabilities for organizations. With any appliance, there is a fixed amount of capability, and the more features you enable, the lower the throughput. TLS inspection is no different and often requires double (or more) hardware investment to accomplish at scale.
SASE removes most of the challenges around TLS decryption, allowing organizations to secure their users and locations more effectively. SASE offers TLS inspection capabilities as product functionality, with no need to size and deploy hardware. Simply create desired exceptions, deploy certificates to endpoints, and enable the feature. This easy alternative to NGFW TLS decryption makes it possible for organizations to gain visibility into the 95% of their traffic hiding in TLS.
If you have invested in security technologies such as IPS, CASB, SWG, Next-Generation Antimalware, or DLP, but are not inspecting TLS, those tools cannot work effectively. Security engines are a bit like the x-ray machine at airport security. they reveal the contents of luggage to identify anything bad. Now imagine if they are only inspecting 5 out of every 100 bags.
SASE has removed many of the obstacles to adopting TLS inspection and provides complete visibility to all security engines to maximize their value. If you already have SASE and don't know where to start, start small. Enable the capability for risky categories of URLs and applications, then increase the scope as your comfort level grows.
If you're working on something worth talking about, reach out.