https://news.ycombinator.com/item?id=19475986
Read this and other threads/articles recently. TLS 1.3 and QUIC basically break Palo Alto/Fortinet, etc in terms of HTTPS decrypt. And with traffic trending toward 100% encrypted, this basically means you can't see much.
Now, there are a few short and mid term options:
1) Rely more DNS filtering and other "black list" type filters.
2) Block TLS 1.3 and QUIC from your corporate endpoints. For now this just causes a non disruptive fallback to TLS 1.2 and HTTP/TCP.
Long term... I think the answer will have to become that traffic decryption/inspection has to happen on EVERY NETWORK ENDPOINT. This means endpoints will need appropriate security software installed on them in high security corporate/government environments. So much for BYOD unless people are willing to install this software on personal devices.
One example if know is starting down this path is Sophos: https://community.sophos.com/kb/en-us/121607#What%20traffic%20is%20checked
Thoughts? Is this not really that big of a deal? Or is the modern NGFW dead in 5 years?
No comments:
Post a Comment