Thursday, February 18, 2021

Security Inspection on Firewalls. Most of it seems useless with TLS?

Hi all,

Wanted the community's feedback on this! I'm still relatively new to the field (4 years), and I have worked with a variety of different firewalls (primarily Fortinet). After going through the training for Palo Alto, Fortinet and Checkpoint, I have found it is hilarious that most of the security inspection features seem effectively useless unless you're doing TLS inspection simply because most traffic used these days uses TLS.

So that all said, is there a lot of value in some of these UTM inspection features if you're not able to inspect encrypted traffic (more specifically the payload)? If you're not able to inspect the payload, you're effectively only doing inspection up to layer 4, which doesn't really give you that much info.

I bring this up, because at this point, most stuff really seems like marketing and most people don't seem to understand that a lot of these features aren't as good as they think they are even though they're turned on because of TLS...

Anyways, interested to hear your thoughts! Feel free to be hard on me. Always willing to learn!



No comments:

Post a Comment