LATEST INTELLIGENCE
WHAT DO YOU MEAN TLS 1.3
MIGHT DEGRADE MY SECURITY?
PRESENTED BY
Download whitepaper here
20
INTELLIGENTCIO
T
The Disruption-Defense Conundrum
Transport Layer Security (TLS), formerly known as
SSL, has become the de facto way of encrypting data
in motion on networks. Unfortunately, several serious
attacks have affected TLS over the past few years,
and malware increasingly uses SSL/TLS sessions to
hide, confident that security tools will neither inspect
nor block its traffic. The very technology that makes
the Internet secure can become a significant threat
vector. As the volume of encrypted traffic continues
to grow, organisations become even more vulnerable
to encrypted attacks, hidden command and control
channels, and unauthorised data exfiltration exploits
that go undetected. For this reason, the Internet
Engineering Task Force (IETF) has voted to approve
an updated version – TLS 1.3 – of the standard.
Some cryptographers believe the new standard
will be faster and more secure. Enterprises, on the
other hand, are right to be concerned about the
implementation and availability issues TLS 1.3
might cause. That is because TLS 1.3 has removed
certain visibility that was widely deployed for threat
identification in TLS 1.2.
Once again, InfoSec teams find themselves at the
fulcrum of a delicate balancing act. On the one
hand, encryption is moving towards ubiquity, but on
the other hand, InfoSec teams need to be able to
detect when threat actors use it too. What can you
do? This whitepaper will delve into TLS, look at the
security implications of TLS 1.3 and what you can
do to prepare.
What is TLS?
TLS is the modern name for SSL (Secure Sockets
Layer), although both terms are still used
interchangeably, although calling it SSL is technically
incorrect. TLS is a standard to secure communications
between a client and server, but more generally
between clients and applications that typically sit
over a reliable transport layer, such as TCP, although
there have been adaptations to UDP as well.
www.intelligentcio.com