Security Operations, SOC, Network Security, Cloud Security

Five ways SASE helps with TLS inspection

(Adobe Stock)

COMMENTARY: Our team’s analysis of 1.46 trillion network flows across 2,500 global enterprises found that nearly half of these companies use Transport Layer Security (TLS) inspection. What’s more, only 3% of companies inspect all relevant TLS-encrypted sessions.
 
TLS inspection lets organizations decrypt, inspect, and re-encrypt traffic. Organizations that enable TLS inspection block 52% more malicious traffic in comparison to those without it.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

Despite this obvious benefit, many businesses shy away from TLS inspection, leaving their doors wide open to exploitation by CVEs such as with Log4J and SolarWinds

Why organizations avoid TLS inspection     

Many businesses either completely avoid TLS inspection or exempt a significant portion of their traffic from it, creating critical gaps in their security posture. There are a number of reasons why organizations omit TLS inspection: 

Implementation complexities: TLS inspection is not very straightforward process. IT teams have to constantly maintain and update a long list of bypassed applications and domains, often an error-prone and burdensome process. 

Susceptibility to disruptions: Many applications are incompatible with TLS inspection, and enabling them would break the user experience. 

Compliance concerns: TLS inspection requires decrypting sensitive communications such as emails, personal data, and financial transactions, which raises privacy and regulatory concerns, especially for regulated industries like healthcare, government, and finance. 

How convergence helps with traditional TLS inspection

Convergence of networking and security into a unified, cloud-native platform such as SASE lays the foundation for better TLS inspection. Processing traffic once in a single pass and applying multiple controls lets the platform apply AI/ML models trained on real-world telemetry to learn which applications and domains are safe to inspect and where inspection would break functionality.

This architecture helps to overcome a number of challenges security teams face with TLS inspection, including: 

Secure automation: SASE uses a single-pass architecture that ingests billions of network flows across thousands of customer networks and endpoints. AI algorithms run in the background, watching whether TLS inspection breaks access to a given application or domain. They can then share this information so other customers of the service benefit from this knowledge. Using this crowd-sourced approach, the SASE platform analyzes vast amounts of real-time traffic and identifies apps/domains that are safe to inspect. As a result, the SASE service can deliver an automated list of applications and domains that are safe to inspect without having to worry about maintaining a long list of exclusions. 

User experience: Security teams struggle with traditional TLS inspection because of the vast number of incompatible applications and domains, causing user disruptions. On the other hand, SASE TLS inspection, powered by insights from real-world traffic across the SASE provider’s customer base, identifies apps and domains that matter the most and determines which applications are safe to inspect. This ensures that users experience no interruptions. 

Reduced operational complexity: SASE’s automated TLS inspection removes the need for IT teams to maintain long lists of apps and domains that they must bypass. By centralizing and automating this complex process, SASE promises to reduce operational overhead, minimize manual errors, and free IT resources to focus on more strategic tasks. The automated process requires minimal manual intervention to maintain. TLS inspection can be deployed in a few clicks, eliminating manual configuration and constant monitoring of exclusion lists. 

Protection and performance: SASE TLS Inspection leverages a cloud-native architecture, which lets it scale across large, globally distributed enterprises. Inspection gets optimized in real-time, ensuring security without impacting performance. TLS inspection activates TCP acceleration, maximizing throughput for long-distance connections with high latency. SASE security teams research real-time insights from global traffic patterns and continuously refine inspection policies and categories, catching critical threats hidden in encrypted traffic and maintaining control over cloud applications. This targeted approach ensures that critical data flows are scrutinized for potential threats and data leaks without disrupting legitimate operations. 

Compliance-driven data protection: Regulated industries are required to maintain compliance with strict data protection standards. SASE TLS inspection ensures comprehensive visibility into encrypted traffic flows, meeting compliance requirements without disrupting business operations. By automating the inspection process and reducing manual intervention, SASE ensures that all data flows meet regulatory standards, thereby avoiding potential fines/penalties and maintaining the integrity of business operations. 

About 95% of malware gets delivered via encrypted channels. Therefore, if the company does not inspect encrypted traffic today, it’s leaving the organization vulnerable to malware attacks and CVE exploitation.

If security teams continue to avoid the use of TLS inspection because of its many challenges, then it's best to re-evaluate and re-imagine the organization’s entire network security approach and consider a unified and simplified cloud-native service like SASE. 

Etay Maor, vice president of threat intelligence, Cato Networks

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds