PRO+ Premium Content/Information Security

In March, the United States Computer Emergency Readiness Team issued an Alert (TA-17-075A) notifying security managers that "HTTPS Interception Weakens TLS Security." Secure internet communications that adhere to privacy and data protection standards may mean that enterprises continue to have a blind spot when it comes to encrypted traffic. To detect malicious software or illegal user activities, network security gateways with HTTPS inspection have provided companies with a way to monitor inbound and outbound internet traffic that Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption protects. But interception of TLS connections by firewalls, antivirus products and other security tools can introduce vulnerabilities that companies generally remain unaware of, according to researchers. "To put it bluntly, this is not good," said Johna Till Johnson, CEO and founder of Nemertes Research, in an April 2017 blog that looked at the issue. "There's really no point in deploying security products and protocols if you ...