Jerry Petersen
Organizations will have to augment their approaches to network traffic monitoring when they implement Transport Layer Security 1.3, according to Scott Aken, the CEO of software company Axellio.
Aken explains in an opinion column published Tuesday on Security Magazine that TLS 1.3 “significantly enhances” data encryption but in so doing imposes limits on data stream decryption, making network security monitoring more difficult and potentially obscuring malware and traffic by threat actors.
To address the network visibility challenges posed by TLS 1.3, the National Institute of Standards and Technology has released NIST Special Publication 1800-37B, which offers two approaches.
The first involves giving monitoring applications access to encryption keys, enabling passive traffic monitoring. This approach would require the deployment of tools that can securely store the encryption keys and delete them once the monitoring process is completed.
The second involves deploying a “middle box” to enable active monitoring. In this approach, the middle box will perform the decryption for multiple monitoring applications. Because this approach can degrade data transfer performance, one middle box should ideally be used for as many monitoring applications as possible.
For Aken, the failure to adapt one’s traffic monitoring methods to the limitations of TLS 1.3 could result in increased security risks.
