What are the challenges in decrypting SSL/TLS traffic?

In addition to threats that hide within encryption, you need to be aware of other challenges when designing or maintaining an architecture to inspect traffic. They include:

• Increased complexity: Many companies use multiple security inspection tools to find and stop different types of threats. Some of these tools do not decrypt traffic, and others are unable to decrypt at scale. This results in an unpredictable inspection architecture, and makes it more complex to route traffic efficiently from device-to-device. Also, inspection tool failures can potentially introduce latency or dead-ends to the traffic; and having multiple points of decrypt and encrypt causes simple changes on one device to be much more complex, as it can affect the entire inspection chain.
• Performance impacts: Decrypting and re-encrypting traffic is computationally intensive, which can cause performance impacts on inspection devices. This often results in only some traffic being inspected for threats, while traffic that surpasses a tool’s compute limit is passed through without inspection.
• Modern cryptography: Without a centralized way to decrypt and encrypt, the use of standard ciphers is tough to manage when changes are necessary. In addition, with organizations preferring to use perfect forward secrecy ciphers in most cases, an encryption key cannot simply be shared with out-of-band inspection devices to perform passive inspection.
• Privacy regulations: A lack of customizable policy-based traffic classification can lead to all traffic being decrypted, which may violate your users’ privacy. Although decrypting traffic is essential to finding malware and other threats, having that much visibility into your users’ banking or healthcare info could violate laws or regulations.

How can you protect your organization against encrypted threats?

• By applying policy-based decryption and traffic steering to both your inbound and outbound traffic, you gain visibility into encrypted traffic as well as greater efficiency and resiliency of your entire inspection tool stack.
• By choosing an SSL/TLS solution that provides for centralized management, you can simplify the process of choosing and updating the cipher suites that help secure network connections using SSL/TLS. This drives better performance of your traffic inspection security tools, while allowing greater flexibility in managing the ciphers you use in end-to-end encryption.