In the nearly two years since the IETF ratified the new TLS 1.3 standard for encrypting data, adoption of the standard has ticked up steadily, but many enterprises are still holding off. They fear that this new, strong encryption standard will negatively impact their ability to monitor their own environments for security threats, especially via common passive modes of decryption for traffic analysis.
This fear is well founded. TLS 1.3 does away with static keys and RSA key exchange—and makes perfect forward secrecy and ephemeral session keys a default requirement, rather than an optional setting as they were in TLS 1.2 and earlier versions. Many passive security monitoring technologies will be made more cumbersome or even completely nonviable by this change. The same businesses feeling this pain are also experiencing mounting pressure to encrypt more data, in motion and at rest, to protect sensitive data in case of a breach. This presents enterprises with a difficult choice between using the best available encryption versus maintaining the visibility their security teams need to conduct investigations and resolve potential threats.
In its report, Demystifying the Impact of TLS 1.3 on TLS Inspection, Gartner delves deeper into the options and tradeoffs available to businesses as they consider the transition to TLS 1.3. The research discusses both security and performance-focused features of TLS 1.3, but for this blog post we'll focus on security features, and in particular, Gartner's discussion of the options available in cases where passive mode decryption is a requirement.
In the report, Gartner wrote: "The benefit of this increased security is both positive and negative for enterprise security teams: Although it's harder for others to intercept enterprise traffic, enterprise visibility into encrypted traffic is also reduced unless steps are taken to keep decryption possible. Third-party sources indicate 54% of network threats are found in encrypted traffic. Enterprise security teams require inspection of network traffic to detect such threats including malware, command and control traffic, and data exfiltration. Tools such as firewalls, intrusion protection systems (IPS) and data loss protection (DLP) provide such detection, but they only work if traffic can be decrypted. Gartner estimates that encrypted browsing routinely exceeds 80% of total internet traffic, many times originating on enterprise internal networks, creating an inspection challenge."
Here are a few of Gartner's findings and recommendations on the subject of passive mode decryption when TLS 1.3 is in place:
"Passive mode decryption relies on nonephemeral modes of key exchange. TLS 1.3 no longer supports nonephemeral modes of key exchange. A full migration to v1.3 will break passive mode decryption unless specific provisions are taken. Follow one of these recommended options if passive mode decryption is a requirement:
- First option: Use TLS 1.3 for internet facing network traffic and continue to utilize TLS 1.2 for internal traffic. This can be a fairly straightforward solution if the enterprise currently utilizes middleboxes such as an ADC for incoming traffic or a SWG for outgoing traffic.
- Second option: When the organization controls the server, deploy a decryption solution that leverages agents on the server. As clients establish sessions with the server, the agent will forward the session key to the analysis appliance. The analysis appliance will be able to decrypt the traffic for analysis.
- Third option: Configure an ADC to forward session keys to a passively deployed analysis appliance, which will then be able to decrypt traffic for analysis."
Gartner also provides the following recommendations:
"Technical professionals responsible for security of networks and endpoints should:
- Develop a TLS decryption policy and design a decryption architecture aiming to decrypt once, inspect many (DOIM) by realizing solutions may need to be separate for incoming versus outgoing traffic. Where possible, use TLS termination on proxies, such as web application firewalls (WAF) and proxies or firewalls.
- Develop standards for internal TLS use to avoid decryption challenges when passive decryption needs to be used. If TLS 1.3 is used, then additional technology, such as host agents, may be needed.
- Develop guidelines for adoption of DNS and HTTP security mechanisms that affect TLS intercept, especially for external connections that may traverse other organizations' security gateways.
- Block unknown undecryptable traffic from entering or leaving the enterprise, unless explicitly approved for specific connections that require defense against man-in-the-middle decryption."
Gartner subscribers can read the full report here: Demystifying The Impact of TLS 1.3 on TLS Inspection