Remember those Spy vs. Spy cartoons from Mad Magazine?
Well, you could say Transport Layer Security Inspection (TLSI) is a little like that.
TLSI is about encryption vs. encryption. The National Security Agency simplifies it like this:
"To protect enterprise data and intellectual property, network security administrators enforce encryption policies to secure traffic to and from their networks.
However, adversaries also use encryption, often using it to hide their activities.
Normally, these activities—like command and control, loading malware into a network, and exfiltration of sensitive data—would be detected by traffic inspection devices, but those devices typically cannot inspect encrypted traffic."
A way around this challenge is TLS break and inspect, where security teams decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the traffic before it enters or leaves the network.
And while this method helps with the original problem, it introduces new risks. Risks that the NSA wants to help organizations tackle.
Cybercriminals may target the decryption point specifically, for example.
The NSA issued a new Cyber Advisory on mitigating Transport Layer Security Inspection risk, and here are three key takeaways:
See the complete NSA Cyber Advisory on Transport Layer Security Inspection.