By Sebastien Synold, Product Manager, Qosmos Probe, Enea
“The next couple of years are going to hurt”… but… “there is one important tool that can minimize that pain [and] provide visibility into encrypted traffic – without decryption – under TLS 1.3 or any prior version.”
I recently joined Cybersecurity Insiders CEO Holger Schulze and Kurt Neumann, Security Architect for Cisco Threat Analytics & Co-Founder of Antsle, Inc., for a great discussion about The Importance of Network Traffic Analysis (NTA) for SOCs (a webinar based on a Cybersecurity Insider NTA survey).
Kurt raised some really interesting points about the new Transport Layer Security (TLS) Protocol Version 1.3, and what it means for cybersecurity, but our time was limited so we couldn’t dig too deep into TLS 1.3 and the topic of encryption in general.
Fortunately, Holger invited Kurt back to do just such a deep dive. Their interview is now available on the Cybersecurity Insiders website. I was glad to find that their discussion hits on key questions I’ve heard many cybersecurity professionals raise:
The takeaway from their discussion is that TLS 1.3 introduces significant challenges to conventional defensive decryption strategies, whether they are in-band, out-of-band or endpoint-based. There’s no doubt about that.
However, with deep packet inspection and network traffic analysis, you don’t have to perform decryption to achieve network visibility. DPI can profile encrypted and evasive traffic, and NTA can use DPI intelligence to model network behavior and detect anomalies – in real-time and at massive scale.
But don’t take my word for it. Read the interview. Holger and Kurt’s discussion is really invaluable for understanding exactly what challenges TLS 1.3 raises, and what your options are for successfully navigating this next phase of network encryption.
And if you haven’t done so yet, you can read the full TLS 1.3 standard on the Internet Engineering Task Force (IETF) website: https://datatracker.ietf.org/doc/rfc8446/?include_text=1