Shake the Box: How to Get Encrypted Traffic Insights
This resource is published by Corelight
The most advanced security teams rely on network traffic as a fundamental data source, ground truth for security investigations, but encryption has made certain aspects of that truth increasingly difficult to obtain.
Decrypting the traffic would seem the obvious solution, but in many cases it’s not an optimal or even technically possible countermeasure. Decryption can be cost prohibitive at scale, violate privacy policies or laws, or unacceptably degrade network performance.
In cases where organisations can’t decrypt traffic due to cost, performance, privacy regulations or technical limitations, open-source Zeek is the best tool for deriving insight from encrypted traffic. While encryption obscures payloads it doesn’t obscure the endpoints or timing of a communication, or the fact that a conversation took place, or didn’t take place.
Server, Network, Network Security, IT Security, Authentication & Access Systems, IT Threats & Vulnerabilities, Data recovery, Data Loss Prevention (DLP), Disaster Recovery, Mobile Security, Email Security, Firewall, Log Management, Event Management, VPN, Malware, Endpoint Security, Network Security, Security Solutions, Security Management, Server, Sales, Performance, Environment, Digital