Seeing inside web traffic with Palo Alto SSL Decryption

Share this

Consilium UK is offering free Security Lifecycle Reviews (SLR) in collaboration with Palo Alto Networks.

Over the past few years we have been bombarded with new regulatory compliance such as Cyber Essentials and GDPR, however there is still an internal issue on outgoing traffic which could contain anything! User data, credit card information, sensitive company documents, and incoming malware!

As it’s in common use, it’s important to review the traffic. See SSL/HTTPS below. In an hour, there has been 450MB+ of encrypted data that we have absolutely no visibility on. It is a pipe directly out of the company with what could contain anything!

History

In the advent of the internet everything was delivered by HTTP. It was always in the clear and anyone could view the content. For security this presented an issue as anyone on the internet could see that traffic as part of a MITM (man in the middle) attack, which as you can imagine was not great! In order to combat this, data was hidden in SSL (HTTPS), which requires certificates for authentication and encryption.

Why is this an issue?

While an attacker was now blocked from the data as part of a man in the middle attack, as a business we have no visibility, which now presents a threat to us from hackers delivering exploits, and also for company data leaving via websites such as Facebook, Dropbox, WhatsApp, etc.

This is why we should decrypt and inspect it. This is where Palo Alto Networks NGFW capability comes in, as we can decrypt and inspect this data for confidential documents, PII (i.e. user data, credit card data etc for GDPR compliance) and for threats coming in.

In summary

We turn “man in the middle attack” on its head. Originally we were protecting by providing encrypted traffic to stop it, but by doing exactly the same thing on the firewall by decrypting, inspecting and re-encrypting we are using the same techniques for good!

I certainly want to know what’s leaving and coming into my company, and SSL decryption gives me exactly that.

Consilium UK is offering free Security Lifecycle Reviews (SLR) in collaboration with Palo Alto Networks. Arrange one today to find out what’s really happening with your network.

Compiled by our security experts, your confidential SLR report will show you:

  • Which applications are in use, and the potential risks to exposure
  • Specific details on ways adversaries are attempting to breach your network
  • Comparison data for your organisation, versus that of your industry peers
  • Actionable intelligence – key areas you can focus on immediately to reduce your risk exposure
Scroll to Top