Threat Detection in TLS: The Good, the Bad, and the Ugly

Logo
Presented by

Ian Farquhar, Distinguished Sales Engineer, Gigamon

About this talk

While TLS (formerly known as SSL) has become the de facto way of encrypting data in motion on networks, it can also hide threats from your InfoSec team. As the volume of encrypted traffic continues to grow, organizations become even more vulnerable to encrypted attacks, hidden command and control threats and data exfiltration exploits that go undetected. To make this situation even more complex, the TLS 1.3 draft 28 proposal, ratified at the IETF 101 conference in London and now moving toward official RFC status, has actually removed the visibility which was widely deployed for threat identification in TLS 1.2. Once again, InfoSec teams find themselves at the fulcrum of a delicate balancing act. On one hand, encryption is moving toward ubiquity but on the other, we need to detect when threat actors use it too. And in detecting that misuse, we need to acknowledge and address critical management, troubleshooting, legal, regulatory, ethical and technical concerns. For example, we can’t decrypt just at the edge of our networks if we believe “perimeter security is dead.” Proxies on the network edge are a step backwards. What can you do? “Threat Detection in TLS: The Good, the Bad and the Ugly” will discuss the necessity of deploying TLS decryption in the core of networks and will explore innovative architectures that deliver that capability while maintaining availability and reliability. Learn how organizations can manage growing SSL/TLS traffic volumes by creating a centralized “decryption zone” to decrypt traffic once and give security tools newfound visibility into formerly encrypted traffic and threats.

Related topics:

More from this channel

Upcoming talks (8)
On-demand talks (199)
Subscribers (14839)
Gigamon provides active visibility into physical and virtual network traffic, enabling stronger security and superior performance. Gigamon’s Visibility Fabric and GigaSECURE, the industry’s first Security Delivery Platform, deliver advanced intelligence so that security, network and application performance management solutions in enterprise, government and service provider networks operate more efficiently and effectively.