LATEST INTELLIGENCE
PRESENTED BY
WHAT DO YOU MEAN TLS 1.3 MIGHT
DEGRADE MY SECURITY?
HOW AND WHY THE NEW TLS 1.3 STANDARD MAY
AFFECT SECURITY FOR BETTER AND FOR WORSE
T
he Disruption-Defense Conundrum
Transport Layer Security (TLS),
formerly known as SSL, has become
the de facto way of encrypting data in
motion on networks. Unfortunately, several
serious attacks have affected TLS over the
past few years, and malware increasingly
uses SSL/TLS sessions to hide, confident that
security tools will neither inspect nor block
its traffic. The very technology that makes
the internet secure can become a significant
threat vector. As the volume of encrypted
traffic continues to grow, organizations
become even more vulnerable to encrypted
attacks, hidden command and control
channels, and unauthorized data exfiltration
exploits that go undetected.
For this reason, the Internet Engineering
Task Force (IETF) has voted to approve an
updated version – TLS 1.3 – of the standard.
Some cryptographers believe the new
standard will be faster and more secure.
Enterprises, on the other hand, are right to
be concerned about the implementation
and availability issues TLS 1.3 might cause.
That is because TLS 1.3 has removed certain
visibility that was widely deployed for threat
identification in TLS 1.2.
Once again, InfoSec teams find themselves
at the fulcrum of a delicate balancing act.
On the one hand, encryption is moving
toward ubiquity, but on the other hand,
InfoSec teams need to be able to detect
when threat actors use it too. What can you
do? This whitepaper will delve into TLS, look
at the security implications of TLS 1.3 and
what you can do to prepare. n
Download whitepapers free from www.intelligentcio.com/me/whitepapers/
www.intelligentcio.com
INTELLIGENTCIO
15