Deciphering the Challenges of Inspecting Encrypted Communication

Encryption is a necessary element to any enterprise security strategy. But the technology underlying encryption can often seem arcane and difficult to decipher. Complete with its own language and acronyms -- RFC 8446, SSL, TLS, ECDHE – encryption is an insider’s game.  And for that reason, it is important to demystify the complexity around encrypted traffic technology in order to understand its impact on the enterprise – including challenges that can significantly affect security and operations. 

Transport Layer Security (TLS) is the official Internet standard for high-security encrypted communications. Simply put, it is a protocol that allows client/server applications to securely communicate over the Internet. It is designed to prevent eavesdropping, tampering, and message forgery in those communications.

The latest version of the standard, TLS 1.3, offers a number of improvements over the previous version of the protocol, TLS 1.2. It provides higher levels of security and it speeds up Internet communications by offering faster session establishment. TLS 1.3 removes support for legacy algorithms and only uses a set of strong cryptographic algorithms, eliminating a number of known TLS 1.2 vulnerabilities that could be exploited by cyber criminals. 

Despite these advantages, there are challenges associated with the latest TLS protocol. While heightened encryption is vitally important to enterprise communications, the ability to inspect that network traffic is equally vital. The same heightened encryption can also be used to shield malware and other threats embedded in that traffic. With the encryption standard, can you solve for both? Can you have your cake and eat it too?

Developing the New Standard

At Symantec Enterprise, a division of Broadcom (NASDAQ: AVGO), we were intimately involved in the development of the specifications for the TLS 1.3 protocol. We contributed to the specification for the new standard. We co-authored a TLS proxy best practice document that is intended to guide the security industry when building TLS proxy implementations. And we are the co-authors of an analysis of the impact of TLS 1.3 on the network security industry. 

Our close involvement in the development of the new standard provides us with a unique vantage point to discuss the strategies we believe enterprise leaders should consider when implementing responsible encryption practices that also address the hidden threats in network traffic. Here are my personal Top 4 Strategies.

Top 4 Strategies for your TLS 1.3 Inspection Solution 

1. Prioritize Security

Enterprises should prioritize the strongest possible encryption for all communications. TLS 1.3 encryption supplies that heightened level. More than one-third of all enterprises, including many of the most popular and influential cloud-based application platforms including Netflix, and most major browsers and operating systems --including Android, Apple iOS, and Google Chrome-- have already implemented the new standard. Don’t be left behind. 

2. Demand Quality and Performance

Ensure that your TLS 1.3 implementation has the strongest session and fastest communication possible by choosing the right TLS proxy for your networking environment. A TLS proxy is a network appliance deployed between endpoints, such as TLS clients and servers, and manages the TLS “handshake” that governs communications sessions using TLS encryption. It enables the enterprise to decrypt and re-encrypt the network traffic from each side of the TLS session, allowing filtering or inspection of network traffic to look for malware or other cyber threats. 

TLS 1.3 offers stronger cipher suites than previous versions of the protocol. A TLS 1.3 implementation that builds upon the specification by supplying additional cipher suites allows your enterprise to look for malware or other hidden threats in a wider range of communications. Without support for those additional cipher suites, security can be degraded as suspect communication needs to be downgraded to a less secure security protocol – such as a previous TLS standard – to be inspected. This is particularly important for improving and speeding up the processes involved in encrypted communication inspection.

3. Consider Privacy Enhancements

A challenge inspecting network traffic is the potential to infringe upon the privacy rights of individuals. Growing privacy concerns among consumers worldwide is making selective inspection a new hot button issue in enterprise security. A TLS 1.3 implementation that solves for this challenge by allowing for selective inspection is a new best practice we strongly recommend.

4. Favor a Single Solution

Our final recommendation is to consider a single source vendor for your TLS 1.3 implementation. There is a volume of different products and vendors in the encryption security market. But a single vendor, such as Symantec Enterprise, whose products and solutions support the new encryption standard, enable faster session establishment, support all critical cipher suites, and add privacy enhancements that allow for stronger encrypted communication inspection - offers you the best value in terms of your security investment. 

Symantec Enterprise TLS 1.3 inspection solutions solve these various challenges and follow Best Practices to further alleviate risk. Strong encryption is vital. Inspection is vital too. You can have your cake and eat it too.