SSL/TLS Interception Challenge from the Shadow to the Light

Secure Sockets Layer and Transport Layer Security (SSL/TLS) protocols are created to provide confidentiality for sensitive information exchange over the Internet. They can be used to protect privacy and confidentiality but can also be used to hide malicious activities. Organizations are currently facing traffic inspection challenges due to growing encrypted SSL/TLS traffic on the Internet. From criminal perspectives, attackers are moving more and more to encrypted traffic to hide their nefarious activities. Data exfiltration, malicious communication with Command and Control (C&C) and malicious downloads use SSL/TLS encrypted traffic. SSL/TLS interception is a double-edged sword that could be used to prevent and detect abnormal communications. This paper explains how organizations and security analysts can manage these challenges. It describes how to overcome them with advantages and drawbacks.