Passive, Transparent, and Selective TLS Decryption for Network Security Monitoring

Abstract: Internet traffic is increasingly encrypted. While this protects the confidentiality and integrity of communication, it prevents network monitoring systems (NMS) and intrusion detection systems (IDSs) from effectively analyzing the now encrypted payloads. Therefore, many enterprise networks have deployed man-in-themiddle (MitM) proxies that intercept TLS connections at the network border to examine packet payloads and thus retain some visibility. However, recent studies have shown that TLS interception often re… Show more