The new TLS encrypted traffic actually can increase security risks by obscuring malware and traffic by threat actors as well, and therefore requires a fundamental rethinking of today’s monitoring approach.
These changes are considered enough of a cybersecurity challenge that the U.S. National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), has started a project to “provide system and application administrators with practical tools and approaches to help them gain visibility into the traffic flowing across their networks, and to fully adopt TLS 1.3.”
Collaborating with experts from various industries, NCCoE recently released draft publications describing the challenges of TLS 1.3 to cybersecurity and suggesting various solutions and their benefits to tackle this visibility challenge in the latest “NIST SPECIAL PUBLICATION 1800-37B: Addressing Visibility Challenges with TLS 1.3 within the Enterprise.”
As organizations plan to enable TLS 1.3, they need to augment their traffic monitoring approach for security and all the other applications benefiting from traffic analysis. Without this change, they will enhance data privacy while losing vital visibility into existing and emerging threats, increasing their security risks.