The False Sense of Security: SSL Visibility & Decryption on the Network Edge with Andrew Hay, Senior Analyst, The 451 Group
With the recent SSL Certificate Authority breaches, our inherent trust in SSL has been compromised. For the same reasons SSL is optimal for insuring privacy and confidentiality, it has become an avenue for hackers to exploit in order to penetrate networks that lack visibility into that encrypted traffic.
Headlines on the Comodo, KPN and DigiNotar breaches have called the ability for SSL to provide trustworthy authenticity into question. Authenticity is not optional for secure communication. Can we afford to put our confidence in a third party (Google, CAs, our end users) to protect endpoints from fraudulent certificates – by using only mandated browsers or by applying patches in timely manner, after a breach has been publicized?
Should we take a broader view of protection, at the network level, as the safety net for the weakness and lack of visibility into SSL encrypted traffic?
Talk with Andrew Hay, Senior Security Analyst with The 451 Group’s Enterprise Security Practice about the SSL challenge during this upcoming webinar on December 15th at 1:00 p.m EST.